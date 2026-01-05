Covenant Health’s May 2025 cyberattack affected far more patients than first reported - nearly 500,000 instead of 8,000

Data stolen included names, addresses, DOBs, SSNs, health insurance details, and treatment information

Russian-speaking Qilin group claimed responsibility, leaking 852GB of files; Covenant offers victims 12 months of identity theft protection

The May 2025 cyberattack affecting Covenant Health is now understood to be a lot more destructive than initially thought, as the number of affected people seems to have grown significantly.

Covenant Health is a Catholic healthcare provider based in the United States. It runs hospitals, nursing and rehabilitation centers, as well as assisted living residences, and elder care organizations.

In late May 2025, the organization learned that a week earlier, it had been attacked by cybercriminals who stole sensitive data on its patients. Initial reports, which came out in July, said around 8,000 people were affected.

Qilin takes responsibility

However, in an update to the report filed with the Maine Attorney’s General Office, which was released earlier this week, Covenant Health said the actual number is closer to 500,000:

“Since the July notice to your office, Covenant Health continued to analyze the involved data and has completed the bulk of its data analysis. The involved data included patients’ names and one or more of the following: addresses, dates of birth, medical record numbers, Social Security numbers, health insurance information, and treatment information, such as diagnoses, dates of treatment, and/or type of treatment,” the update reads.

The patients exposed are at a serious risk of identity theft and fraud due to the personal and sensitive nature of the information.

The organization fell prey to Qilin, a Russian-speaking cybercriminal organization known for its attacks on hospitals in London.

An example of the group's potency came in June 2024 when a ransomware attack attributed to Qilin hit Synnovis, a pathology services provider that handles blood tests and diagnostics for multiple major NHS hospital trusts in London (including King’s College Hospital and Guy’s & St Thomas’).

The crooks added Covenant Health to their data leak site in late July 2025, saying they had grabbed 852GB of data, comprising roughly 1.35 million files.

Covenant Health is now offering affected individuals 12 months of free identity theft protection services.

