Covenant Health data breach affects nearly 500,000 patients

When a healthcare information breach is archetypal disclosed, the fig of radical affected is often acold little than the last tally. That fig often climbs arsenic investigations continue. 

That's precisely what happened with Andover, Mass.-based Covenant Health. The Catholic healthcare supplier has present confirmed that a cyberattack discovered past May whitethorn person affected astir 500,000 patients, a crisp summation from the less than 8,000 radical it initially reported earlier this year. 

A ransomware radical aboriginal claimed work for the incident, though Covenant Health has not publically confirmed the usage of ransomware. The attackers accessed names, addresses, Social Security numbers and wellness information, among different delicate information that could enactment patients astatine superior risk.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

UNIVERSITY OF PHOENIX DATA BREACH HITS 3.5M PEOPLE

Covenant Health detected suspicious enactment successful precocious May 2025, but investigators aboriginal confirmed attackers had already accessed systems days earlier. (Kurt "CyberGuy" Knutsson)

What happened successful the Covenant Health breach

Covenant Health says it detected antithetic enactment successful its IT situation connected May 26, 2025. A aboriginal probe revealed that an attacker had really gained entree 8 days earlier, connected May 18, and was capable to entree diligent information during that window.

In July, Covenant Health told regulators that the breach impacted 7,864 individuals. After completing what it describes arsenic extended information analysis, the enactment present says that up to 478,188 individuals whitethorn person been affected.

Covenant Health operates hospitals, nursing and rehabilitation centers, assisted surviving residences and elder attraction organizations crossed New England and parts of Pennsylvania. That wide footprint means the breach perchance touched patients crossed aggregate states and attraction settings.

In precocious June, the Qilin ransomware radical claimed work for the attack, arsenic reported by Bleeping Computer. The radical alleged it stole 852 GB of data, totaling astir 1.35 cardinal files. Covenant Health has not confirmed those figures, but it did admit that diligent accusation was accessed.

According to the organization, the exposed information whitethorn person included names, addresses, dates of birth, aesculapian grounds numbers, Social Security numbers, wellness security details and attraction accusation specified arsenic diagnoses, dates of attraction and types of attraction received.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

Qilin ransomware lists Covenant Health connected its information leak site. (Bleeping Computer)

What Covenant Health is telling patients

In a announcement sent to regulators and patients, Covenant Health says it engaged third-party forensic specialists to analyse the incidental and find what information was involved. The enactment says its information investigation is ongoing arsenic it continues identifying individuals whose accusation whitethorn person been involved.

Then determination are the acquainted statements each institution makes aft a breach, claiming they've strengthened the information of their IT systems to assistance forestall akin incidents successful the future. Covenant Health says it has besides acceptable up a dedicated toll-free telephone halfway to grip questions related to the breach.

Beginning Dec. 31, 2025, the enactment started mailing notification letters to patients whose accusation whitethorn person been compromised. For individuals whose Social Security numbers whitethorn person been involved, Covenant Health is offering complimentary recognition monitoring and individuality theft extortion services.

We reached retired to Covenant Health, and the institution confirmed the expanded scope of the incidental and outlined steps being taken to notify patients and heighten information safeguards.

DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

The breach exposed highly delicate information, including names, Social Security numbers, aesculapian records and attraction details tied to astir fractional a cardinal patients. (Kurt "CyberGuy" Knutsson)

7 steps you tin instrumentality to support yourself aft the Covenant Health breach

If you received a announcement from Covenant Health oregon if your information has been exposed successful immoderate healthcare breach, these steps tin assistance trim the hazard of misuse.

1) Enroll successful the escaped individuality extortion offered

If the enactment offers you recognition monitoring oregon individuality protection, instrumentality it. These services tin alert you to suspicious enactment tied to your Social Security number, recognition record oregon individuality details earlier existent harm is done. If you're not offered 1 and privation to beryllium connected the safer side, you mightiness see getting 1 yourself.

Identity Theft companies tin show idiosyncratic accusation similar your Social Security Number (SSN), telephone fig and email address, and alert you if it is being sold connected the acheronian web oregon being utilized to unfastened an account. They tin besides assistance you successful freezing your slope and recognition paper accounts to forestall further unauthorized usage by criminals.

See my tips and champion picks connected however to support yourself from individuality theft astatine Cyberguy.com

2) Monitor aesculapian and security statements closely

Medical individuality theft often shows up quietly. Review an mentation of benefits (EOBs), security claims and billing statements for services you don't recognize. If thing looks off, study it to your insurer immediately.

3) Place a fraud alert oregon recognition freeze

A fraud alert tells lenders to instrumentality other steps to verify your individuality earlier approving credit. A recognition frost goes further by blocking caller accounts wholly unless you assistance it. If Social Security numbers were exposed, a frost is usually the safer option.

To larn much astir however to bash this, spell to Cyberguy.com and hunt "How to frost your credit." 

4) Use a password manager

Healthcare breaches often pb to credential-stuffing attacks elsewhere. A password manager ensures each relationship uses a unsocial password, truthful 1 exposed dataset can't unlock everything else. It besides makes it easier to update passwords rapidly aft a breach.

Next, spot if your email has been exposed successful past breaches. Our No. 1 password manager prime includes a built-in breach scanner that checks whether your email code oregon passwords person appeared successful known leaks. If you observe a match, instantly alteration immoderate reused passwords and unafraid those accounts with new, unsocial credentials.

Check retired the champion expert-reviewed password managers of 2025 astatine Cyberguy.com.

5) Be cautious of phishing scams and usage beardown antivirus software

Breaches are often followed by phishing emails, texts oregon calls that notation the incidental to dependable legitimate. Attackers whitethorn airs arsenic the healthcare provider, an insurer oregon a recognition bureau. Don't click links oregon stock accusation unless you verify the root independently.

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe.

Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com.

6) Consider a idiosyncratic information removal service

Once your information leaks, it often spreads crossed information broker sites. Personal information removal services assistance trim your integer footprint by requesting takedowns from these databases. While they can't erase everything, they little your vulnerability and marque targeted fraud harder.

While nary work tin warrant the implicit removal of your information from the internet, a information removal work is truly a astute choice. They aren't cheap, and neither is your privacy. These services bash each the enactment for you by actively monitoring and systematically erasing your idiosyncratic accusation from hundreds of websites. It's what gives maine bid of caput and has proven to beryllium the astir effectual mode to erase your idiosyncratic information from the internet. By limiting the accusation available, you trim the hazard of scammers cross-referencing information from breaches with accusation they mightiness find connected the acheronian web, making it harder for them to people you.

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

7) Review your recognition reports regularly

You're entitled to escaped recognition reports from each large bureaus. Check them for unfamiliar accounts, hard inquiries oregon code changes. Catching fraud aboriginal makes it acold easier to contain.

Kurt's cardinal takeaway

Healthcare organizations stay premier targets for cybercriminal groups due to the fact that of the measurement and sensitivity of the information they store. Medical records incorporate a premix of personal, financial, and wellness accusation that is hard to alteration erstwhile exposed. Unlike a password, you cannot reset a diagnosis oregon attraction history. This breach besides shows however aboriginal disclosures often underestimate impact. Large healthcare networks trust connected analyzable systems and third-party vendors, which tin dilatory forensic investigation successful the aboriginal stages. As investigations continue, the fig of affected individuals often climbs.

Do you deliberation healthcare organizations bash capable to support idiosyncratic data? Let america cognize by penning to america astatine Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.