The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May.

The healthcare entity initially reported in July that the data of 7,864 people had been exposed, but further analysis has revealed a larger impact.

After completing “the bulk of its data analysis,” Covenant Health now says that 478,188 individuals were affected.

Covenant Health is a Catholic healthcare provider based in Andover, Massachusetts, operating hospitals, nursing and rehabilitation centers, assisted living residences, and elder care organizations across New England and parts of Pennsylvania.

Qilin ransomware attack

Covenant Health learned on May 26, 2025, that an attacker had breached its systems eight days earlier, on May 18, and gained access to patient data.

In late June, the Qilin ransomware group claimed the attack, stating that it had stolen 852 GB of data comprising nearly 1.35 million files.

The organization says the exposed information may include names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance information, and treatment details (e.g., diagnoses, dates of treatment, type of treatment).

In a copy of the notice, Covenant Health says it engaged third-party forensic specialists to determine what data was affected and how many individuals were impacted.

"That review is ongoing," the organization said, without providing a timeline for finishing the investigation and its impact. Covenant Health said that it has strengthened the security of its systems, to prevent similar incidents in the future.

The healthcare entity Covenant Health is offering affected individuals 12 months of free identity protection services to help detect potential misuse of their information.

Beginning December 31, the organization started mailing data breach notification letters to patients whose information may have been compromised in the May intrusion.