The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May.
The healthcare entity initially reported in July that the data of 7,864 people had been exposed, but further analysis has revealed a larger impact.
After completing “the bulk of its data analysis,” Covenant Health now says that 478,188 individuals were affected.
Covenant Health is a Catholic healthcare provider based in Andover, Massachusetts, operating hospitals, nursing and rehabilitation centers, assisted living residences, and elder care organizations across New England and parts of Pennsylvania.
Qilin ransomware attack
Covenant Health learned on May 26, 2025, that an attacker had breached its systems eight days earlier, on May 18, and gained access to patient data.
In late June, the Qilin ransomware group claimed the attack, stating that it had stolen 852 GB of data comprising nearly 1.35 million files.
Qilin ransomware lists Covenant Health on its data leak site
source: BleepingComputer
The organization says the exposed information may include names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance information, and treatment details (e.g., diagnoses, dates of treatment, type of treatment).
... continue reading