Qilin hackers infiltrate Covenant Health, claim theft of confidential data
The Qilin ransomware group, known for targeting critical infrastructure, said it had infiltrated Covenant Health’s internal network and stolen confidential data from the organisation.
Covenant Health, a Catholic healthcare organisation, operates three hospitals, St. Joseph Hospital and St. Mary’s Health System in Maine, and another St. Joseph Hospital in New Hampshire and caters to patients across Maine, Massachusetts, New Hampshire, Pennsylvania, Rhode Island and Vermont.
Earlier this month, in a notice on its website, St. Mary’s Health System said it is “experiencing a temporary system issue that may affect phones and internet access. Some services may be intermittently unavailable.”
A similar message was shared on the hospital’s social media account, noting that patients may experience delays in receiving services.
St. Joseph Hospital published a similar message on its website, confirming a data security incident and acknowledging delays in patient care.
Commenting on the news of a data security incident, in a statement shared with media, a Covenant Health spokesperson said, “On Monday, May 26, Covenant Health became aware of irregularities impacting connectivity across the organisation. Out of an abundance of caution, we immediately discontinued access to all data systems in our hospitals, clinics and provider practices.
“We are working to provide healthcare services as normal. Patients are encouraged to keep all appointments. If patients have questions, they should contact their provider’s office.”
🚨Cyber Attack Alert ‼️
— Hackmanac (@H4ckmanac) June 24, 2025
🇺🇸USA - Covenant Health
Qilin ransomware group claims to have breached Covenant Health.
On May 26, 2025, the health system experienced a cyberattack that disrupted connectivity across its entire network. In response, Covenant Health shut down its data… pic.twitter.com/1uYBX1Pg52
On June 24, the Qilin ransomware group claimed responsibility for the cyber attack on Covenant Health, listing the organisation as a victim on its data leak site. The group said it had stolen sensitive data from the healthcare provider and threatened to release it unless ransom demands were met. To support its claims, Qilin shared samples of the stolen data as proof of authenticity.
At the time of publication, both St. Mary’s Health System and St. Joseph Hospital reported that their systems have been fully restored and normal operations have resumed. All services are now accepting appointments.
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543