Major Cyberattack Shuts Down Systems at Covenant Health Hospitals
TL;DR
Summary:
- Three hospitals operated by Covenant Health were hit by a cyberattack, prompting a system-wide shutdown.
- The incident has caused temporary disruptions in services, including longer wait times and adjustments to outpatient lab services.
- The organization is working with cybersecurity experts to investigate and resolve the issue.
Major Cyberattack Shuts Down Systems at Covenant Health Hospitals
Overview of the Incident
On May 26, 2025, a significant cyberattack targeted three hospitals operated by Covenant Health, leading to a complete shutdown of their systems to contain the security breach. The affected hospitals include St. Mary’s Health System and St. Joseph Hospital, along with two other facilities in Maine.
Immediate Impact on Hospital Operations
The cyberattack has resulted in temporary system issues, affecting phone lines and documentation systems. St. Mary’s Health System issued a statement acknowledging the disruption:
“St. Mary’s is currently experiencing a temporary system issue that is affecting some phones and documentation systems. Care is continuing, but this may lead to longer wait times in some areas.”
Similarly, St. Joseph Hospital announced adjustments to their outpatient lab services:
“Due to a temporary system issue, we are adjusting our outpatient lab services today, May 27th. For the time being, labs will only be available at our main hospital campus, and services can be provided only with a physical order in hand.”
About Covenant Health
Covenant Health is a non-profit Catholic regional health care system that operates hospitals, nursing homes, assisted living residences, and other health and elder services throughout New England. The organization experienced a cyberattack starting May 26, 2025, which led to a shutdown of systems across its hospitals, clinics, and practices.
Ongoing Investigation and Response
Covenant Health has hired top cybersecurity experts to contain and investigate the incident. Although it is unclear whether data was stolen or if ransomware was involved, the organization is working diligently to ensure minimal disruption to services. Patients are advised to keep their appointments as scheduled.
A spokesperson for Covenant Health stated:
“On Monday, May 26, Covenant Health became aware of irregularities impacting connectivity across the organization. Out of an abundance of caution, we immediately discontinued access to all data systems in our hospitals, clinics, and provider practices.”
Wider Context of Healthcare Cyberattacks
The cyberattack on Covenant Health is part of a broader trend of healthcare organizations being targeted by cybercriminals. In March 2025, the RansomHouse gang claimed responsibility for hacking Loretto Hospital in Chicago, allegedly stealing 1.5TB of sensitive data. In April, the Interlock ransomware gang targeted DaVita, a leading kidney dialysis company, and leaked alleged stolen data.
Ransomware attacks on U.S. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. High-profile breaches include Change Healthcare (100M records), Summit Pathology (1.8M), OnePoint Patient Care (796K), and Boston Children’s Health Physicians (909K).
Conclusion
The cyberattack on Covenant Health highlights the increasing vulnerability of healthcare organizations to cyber threats. As the investigation continues, it is crucial for healthcare providers to prioritize cybersecurity measures to protect patient data and ensure continuous care.