Covenant Health Data Breach

By
Jon Mann
January 6, 2026
Covenant Health Data Breach

Covenant Health Data Breach Expanded to Nearly Half a Million Individuals

Pittman, Dutton, Hellums, Bradley & Mann, P.C. is reviewing new disclosures related to a large-scale data breach incident involving Covenant Health, a regional healthcare system based in Andover, Massachusetts. Updated regulatory filings indicate that the scope of the breach is far larger than originally reported and may affect hundreds of thousands of patients across New England.

Updated Scope of the Incident

According to a data breach notification recently filed with the Maine Attorney General’s Office, Covenant Health has expanded the number of individuals impacted by a hacking incident that occurred in May 2025. The health system now reports that approximately 478,188 individuals may have had their information exposed, including more than 284,000 residents of Maine.

This revised figure represents a dramatic increase from Covenant Health’s initial disclosure earlier in the year, which identified fewer than 8,000 affected individuals. As of now, Covenant Health has not posted an updated public notice on its website explaining the expanded scope of the incident.

Background on Covenant Health

Covenant Health operates hospitals, medical centers, and assisted living facilities throughout Maine and New Hampshire. Its facilities in Maine include St. Mary’s Hospital in Lewiston, St. Joseph Hospital in Bangor, and St. André Health Care in Biddeford. The organization is part of a Catholic healthcare system serving patients across multiple states.

What Information May Have Been Exposed

In earlier statements, Covenant Health acknowledged that the breach involved highly sensitive patient information. The data potentially accessed includes names, mailing addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details, and treatment-related information such as diagnoses, dates of service, and types of care received.

Prior to Covenant’s public disclosure, a ransomware group known as Qilin claimed responsibility for the attack and alleged that it obtained hundreds of gigabytes of patient data. While Covenant Health has not publicly confirmed an extortion demand, the group is known for targeting healthcare organizations and has been linked to other significant cyberattacks in the sector.

Covenant Health’s Response

Covenant Health has stated that it first detected unusual activity within its IT systems on May 26, 2025. The organization reports that it acted quickly to secure its network, restore operations, and engage third-party cybersecurity and forensic specialists to investigate the incident and assess what information may have been affected.

Affected individuals are being offered twelve months of identity protection services, including credit monitoring, fraud assistance, and identity theft restoration.

Why This Matters

Data breaches involving medical and Social Security information can have lasting consequences. Exposed health data can be used for identity theft, insurance fraud, or medical identity misuse, often leaving victims to spend months or years repairing the damage. The dramatic increase in the number of individuals affected raises serious questions about data security practices and breach detection within healthcare systems.

How Our Firm Can Help

Pittman, Dutton, Hellums, Bradley & Mann, P.C. represents individuals whose personal and medical information has been compromised due to inadequate cybersecurity safeguards. Our firm is actively investigating the Covenant Health breach to determine whether affected patients may be entitled to compensation for financial losses, time spent addressing identity risks, and violations of privacy.

Free Case Evaluation

If you received a notification from Covenant Health or believe your information may have been involved in this incident, we encourage you to contact our firm to discuss your legal rights and options.

Call (205) 322-8880 or submit a confidential inquiry through our secure online form. Your medical information is deeply personal. If it was exposed, our attorneys are prepared to help you seek accountability and protect your rights.

Links

[1] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/2637476a-ce93-46b9-a8c9-e2705955dc98.html

RECENT POSTS

Covenant Health Data Breach
Sax, LLP Data Breach
MedHelp Data Breach
700Credit Data Breach
CNHI Data Breach Under Investigation

CATEGORIES

  • Car Accidents
  • Firm News
  • Personal injury
  • Product Liability
  • Wrongful Death

GET A FREE CASE EVALUATION

Fill out the form below to contact our firm. One of our experienced attorneys is prepared to speak with you. Consultations are free and confidential.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Have you been injured in an accident?

Pittman, Dutton, Hellums, Bradley & Mann

Pittman, Dutton, Hellums, Bradley & Mann is a team of personal injury lawyers in Birmingham, Alabama. We serve clients throughout the United States for all types of personal injury cases.

Navigation
Get Social

© 2021 Pittman, Dutton, Hellums, Bradley & Mann, P.C. - All Rights Reserved

The recoveries and testimonials on this website are not an indication of future results. Every case is different, and regardless of what friends, family, or other individuals may say about what a case is worth, each case must be evaluated on its own facts and circumstances as they apply to the law. The valuation of a case depends on the facts, the injuries, the jurisdiction, the venue, the witnesses, the parties, and the testimony, among other factors. Furthermore, no representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers.

Managed By WiseGuys Digital Marketing