Covenant Health Data Breach Affects 478,000 Patients
▼ Summary
– Covenant Health has significantly revised the number of individuals affected by a May 2025 data breach from an initial 7,864 to nearly 500,000 people.
– The breach was a ransomware attack by the Qilin group, which claimed to have stolen 852 GB of data containing sensitive patient information.
– The exposed data includes names, Social Security numbers, health insurance details, and specific medical treatment information.
– The organization is providing affected individuals with 12 months of free identity protection services and has begun mailing notification letters.
– Covenant Health states it has strengthened its system security and its forensic investigation into the full impact of the breach is still ongoing.
A significant data breach at Covenant Health, a major Catholic healthcare provider, has impacted far more patients than initially reported. The organization now confirms that personal and medical information belonging to nearly 478,000 individuals was compromised, a staggering increase from the original estimate of fewer than 8,000 people affected. This incident underscores the persistent and growing threat of cyberattacks targeting sensitive health data.
The breach originated from a sophisticated ransomware attack. Covenant Health discovered on May 26, 2025, that an unauthorized party had infiltrated its systems eight days prior. The intrusion was later claimed by the notorious Qilin ransomware group, which boasted of stealing approximately 852 gigabytes of data, equivalent to nearly 1.35 million individual files. The group subsequently listed the healthcare provider on its public data leak site, a common tactic to pressure victims into paying a ransom.
The scope of exposed data is extensive and deeply sensitive. Information potentially accessed includes full names, home addresses, dates of birth, and Social Security numbers. Furthermore, the breach compromised critical medical details such as health insurance information, medical record numbers, diagnoses, treatment dates, and the specific types of care patients received. This combination of personal identifiers and private health data creates a high risk for identity theft and medical fraud.
Upon discovering the breach, Covenant Health engaged third-party forensic experts to conduct a thorough investigation. This analysis, described as ongoing, aims to pinpoint the exact nature of the data accessed and the total number of impacted individuals. While the investigation continues without a public completion timeline, the organization states it has already implemented enhanced security measures across its systems to fortify defenses against future attacks.
In response to the incident, Covenant Health has begun the process of directly notifying those affected. Notification letters started mailing to patients on December 31, detailing the breach and the protective steps being taken. As a remedial measure, the healthcare provider is offering all impacted individuals a complimentary 12-month subscription to identity protection services. These services are designed to help monitor for and alert patients to any suspicious activity or misuse of their personal information.
(Source: Bleeping Computer)
