Covenant Health Revises May Ransomware Breach to 478,188 Patients as Notifications Begin

The health system offers identity protection during an ongoing investigation into the stolen patient data.

Overview

Mailing of breach notices began December 31, 2025, after a reassessment expanded the impacted group to 478,188 people, including 284,529 Maine residents.
Covenant Health says an intruder accessed its systems on May 18, 2025, and the breach was detected on May 26.
Exposed information may include names, addresses, dates of birth, medical record numbers, Social Security numbers, insurance details, and treatment information such as diagnoses and dates of care.
The Qilin ransomware group claimed responsibility and says it stole about 852 GB of data totaling roughly 1.35 million files.
The organization engaged third‑party forensics, strengthened system security, established a toll‑free call center, and is offering 12 months of identity protection services to affected individuals.