CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Covenant Health data breach impacts nearly 480,000 patients

By Leave a Comment
LinkedInReddit
Covenant Health data breach impacts nearly 480,000 patients

Covenant Health, a Catholic healthcare system based in Andover, Massachusetts, has disclosed a significant data breach affecting 478,188 individuals, with over half of those impacted residing in Maine.

The breach, resulting from a network intrusion in May 2025, exposed sensitive personal and medical data and prompted regulatory notification and an offer of identity protection services.

Covenant Health operates as a not-for-profit Catholic health system serving New England and parts of New York, with affiliated hospitals, skilled nursing facilities, and outpatient services. The organization plays a major role in regional healthcare delivery and is subject to regulatory oversight under HIPAA and state privacy laws.

The breach was first detected on May 26, 2025, when Covenant Health observed unusual activity within its IT environment. Forensic specialists from an unnamed third-party cybersecurity firm were quickly brought in to investigate. The inquiry revealed that an unauthorized actor had infiltrated the network on May 18, 2025, gaining access to a trove of patient data before being discovered eight days later.

According to a notice filed with the Maine Attorney General’s Office, the compromised data includes:

  • Full names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Medical record numbers
  • Health insurance details
  • Treatment information, such as diagnoses and service dates

Covenant Health concluded its internal analysis in December 2025 and began notifying affected individuals in two rounds, first in July and again on December 31, 2025.

In response to the incident, Covenant Health claims to have taken several remediation steps, including securing and restoring IT systems, engaging cybersecurity experts for forensic review, and notifying law enforcement. The organization is offering a free one-year membership to Experian IdentityWorks for affected patients, which includes credit monitoring, fraud consultation, and identity theft restoration services.

While no evidence of misuse has been reported to date, patients are encouraged to monitor their insurance claims and credit activity for any suspicious behavior. The organization has also established a dedicated call center for inquiries related to the breach.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly