- Covenant Health’s May 2025 cyberattack affected far more patients than first reported — nearly 500,000 instead of 8,000
- Data stolen included names, addresses, DOBs, SSNs, health insurance information and treatment information
- The Russian-speaking Qilin group claimed responsibility and leaked 852 GB of files; Covenant offers victims 12 months of identity theft protection
The May 2025 cyberattack affecting Covenant Health is now considered to be much more devastating than first thought, as the number of people affected appears to have grown significantly.
Covenant Health is a Catholic healthcare provider based in the United States. It operates hospitals, care and rehabilitation centers as well as nursing homes and elderly care organizations.
In late May 2025, the organization learned that a week earlier it had been attacked by cybercriminals who stole sensitive data about its patients. The first reports, which emerged in July, said about 8,000 people were affected.
Qilin takes responsibility
But in an update to the report filed with the Maine Attorney General’s Office released earlier this week, Covenant Health said the actual number is closer to 500,000:
“Since the July notification to your office, Covenant Health continued to analyze the involved data and has completed the majority of its data analysis. The involved data included patients’ names and one or more of the following: addresses, dates of birth, medical record numbers, social security numbers, health insurance information, and treatment information, such as diagnoses, dates of treatment and/or type of treatment,” the update read.
The vulnerable patients are at serious risk of identity theft and fraud due to the personal and sensitive nature of the information.
The organization fell victim to Qilin, a Russian-speaking cybercriminal organization known for its attacks on hospitals in London.
An example of the group’s strength came in June 2024, when a ransomware attack attributed to Qilin hit Synnovis, a pathology services provider that handles blood tests and diagnostics for several major NHS hospital trusts in London (including King’s College Hospital and Guy’s & St Thomas’).
The fraudsters added Covenant Health to their data leak page in late July 2025 and said they had obtained 852 GB of data, comprising about 1.35 million files.
Covenant Health is now offering affected individuals 12 months of free identity theft protection.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
