When a health data breach is initially reported, the number of individuals affected is typically lower than the final count. As investigations unfold, this number often climbs. That’s precisely what transpired at Covenant Health in Andover, Massachusetts. The Catholic healthcare provider recently revealed that a cyberattack, first detected in May, may have impacted nearly half a million patients, a dramatic rise from the fewer than 8,000 originally disclosed earlier this year.
A ransomware group has since taken responsibility for the attack, although Covenant Health has not explicitly confirmed the use of ransomware. The hackers accessed sensitive information, including names, addresses, social security numbers, and health details that could pose serious risks to patients.
What Happened in the Covenant Health Breach?
Covenant Health detected unusual activity in its IT systems on May 26, 2025. However, investigations found that the attackers had infiltrated the system eight days earlier, on May 18, and had access to patient data during that time.
By July, the organization reported to regulators that the breach involved 7,864 individuals. After conducting a thorough data analysis, the figure has alarmingly jumped to about 478,188 individuals.
Covenant Health manages various facilities, including hospitals and nursing centers, in parts of New England and Pennsylvania, suggesting that the breach could affect patients across multiple states.
In late June, the Qilin ransomware group claimed responsibility for the breach, stating they had stolen 852GB of data, totaling around 1.35 million files. While Covenant Health hasn’t confirmed these numbers, they acknowledged that patient information was compromised.
The leaked data could encompass names, addresses, dates of birth, medical record numbers, social security numbers, health insurance information, and treatment-related details like diagnoses and treatment dates.
What Covenant Health is Communicating to Patients
In notifications to regulators and affected individuals, Covenant Health detailed that they engaged third-party forensic experts to investigate and assess the extent of the breach. They also indicated that the data analysis is ongoing to identify everyone impacted.
Furthermore, in typical corporate fashion after a breach, they asserted that they have strengthened IT security measures to avoid future incidents. A toll-free call center has also been established specifically for inquiries related to the breach.
Beginning December 31, 2025, letters will be mailed to patients whose information may have been compromised. For those whose Social Security numbers were potentially involved, Covenant Health is providing free credit monitoring and identity theft protection services.
In a recent communication, Covenant Health confirmed the incident’s scope and outlined steps taken to notify affected patients and bolster safety protocols.
Steps to Take After a Breach at Covenant Health
If you receive a notification from Covenant Health regarding data compromise, consider these actions to mitigate the risk of misuse:
1) Utilize Free Identity Protection Services
If your organization provides credit monitoring or identity protection, make use of it. These services help alert you to any suspicious activity regarding your Social Security number or credit file before serious harm occurs. If such services aren’t offered, you might want to explore getting your own.
2) Review Medical and Insurance Statements Closely
Medical identity theft can be subtle. Regularly examine your Explanation of Benefits (EOB), insurance claims, and billing statements. Any irregularities should be reported to your insurance provider without delay.
3) Set Up a Fraud Alert or Credit Freeze
A fraud alert flags lenders to verify your identity before approving loans, whereas a credit freeze blocks new accounts unless lifted. If your Social Security number is compromised, a freeze is generally the safer route.
4) Employ a Password Manager
Healthcare breaches can lead to credential theft for other accounts. A password manager ensures unique passwords across all accounts. In the event of a breach, it simplifies updating passwords quickly.
5) Be Wary of Phishing Scams
Breaches often lead to a surge in phishing attempts through emails, texts, or calls. Attackers might impersonate healthcare providers or insurers, so verify sources independently before sharing information.
6) Consider Personal Data Deletion Services
Leaked data often proliferates across data broker sites. Personal data deletion services can help reduce your digital footprint by requesting removal from various databases, which can diminish your exposure to potential fraud.
7) Monitor Your Credit Report Regularly
You are entitled to free credit reports from major bureaus. Look for unfamiliar accounts, inquiries, or changes to addresses. Catching fraud early simplifies prevention efforts.
Key Takeaways
Healthcare entities continue to be prime targets for cybercriminals due to the sensitive nature of the data they manage. Medical records contain personal and financial information that cannot be changed once it is exposed. This incident illustrates that initial disclosures often underestimate the impact of breaches. As investigations proceed, the number of those affected can often escalate.
Do you think your healthcare provider is doing enough to safeguard your data? Feel free to share your thoughts.
