A cyberattack recently affected three hospitals managed by Covenant Health, prompting the organization to shut down all of its systems in order to contain the security incident.
According to an announcement from St. Mary’s Health System, the facility is currently dealing with a temporary system issue that is impacting some phone lines and documentation systems. The statement reassured patients that care is ongoing, although the disruptions may result in longer wait times in certain areas.
Similarly, St. Joseph Hospital released a notice stating that due to the ongoing system issues on May 27, outpatient lab services would be limited. For the time being, lab services are only available at the main hospital campus, and patients must present a physical order to receive those services.
Covenant Health is a non-profit Catholic regional healthcare system that sponsors a network of hospitals, nursing homes, assisted living facilities, and other eldercare services across New England. The organization confirmed that the cyberattack began on May 26, 2025, leading to a complete system shutdown across hospitals, clinics, and provider practices.
At this stage, it is not yet known whether any data was stolen or if ransomware was used in the attack. Covenant Health has brought in top cybersecurity professionals to investigate and contain the breach. While some outpatient services and systems remain affected, the organization emphasized that healthcare services are continuing with minimal disruption. The impacted facilities include St. Joseph’s Hospital in New Hampshire and two hospitals in Maine. Patients have been encouraged to attend their scheduled appointments as normal.
A spokesperson for Covenant Health stated that the organization first detected irregular activity affecting connectivity on May 26. As a precautionary measure, access to all data systems across its hospitals and care facilities was immediately suspended. The spokesperson added that the organization is working diligently to maintain normal operations and asked patients to reach out to their healthcare providers with any questions or concerns.
As of now, no ransomware group has come forward to claim responsibility for the incident.
The healthcare sector in the United States has experienced a growing number of cyberattacks in 2025. In March, the RansomHouse group claimed to have hacked Loretto Hospital in Chicago, stealing 1.5 terabytes of sensitive data. In April, the Interlock ransomware group announced it had targeted DaVita, a major provider of kidney dialysis services, and allegedly leaked stolen information.
The year 2024 also saw a sharp increase in ransomware attacks against healthcare providers in the U.S., with 98 incidents affecting 117 million records. These attacks often lead to system outages and force hospitals to revert to manual record-keeping and care processes. Notable data breaches have included Change Healthcare, which saw 100 million records compromised, Summit Pathology with 1.8 million records, OnePoint Patient Care with 796,000 records, and Boston Children’s Health Physicians with 909,000 records exposed.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
