Covenant Health data breach affects over 284K Maine residents, far beyond initial reports
Covenant Health, a Massachusetts-based organization that oversees St. Mary’s Health System in Lewiston and St. Joseph Healthcare in Bangor, has recently disclosed a significant data breach that occurred in May 2025. This incident has impacted a total of 478,188 patients, with more than 284,529 of them residing in Maine.
This number represents a substantial increase from the initial reports, which had indicated that only 7,864 individuals were affected, with just 4,659 of them being residents of Maine. The company now states that the type of sensitive personal information potentially involved in the breach varied by patient but included names, Social Security numbers, and home addresses.
“Healthcare data is very valuable,” said Dr. Matt Graham, associate professor of Information Systems and Security Management at the University of Maine School of Business. “It’s often targeted because it can be used for identity theft and other fraudulent activities.”
According to Covenant Health, an “unauthorized party” accessed patient records during a cyberattack on May 18, 2025. The company shared the updated impact last Wednesday, following a thorough investigation.
Dr. Graham explained that hospitals typically prioritize securing their systems immediately after a breach, with detailed data analysis taking place afterward.
“In the very, very short term of identifying a cybersecurity breach, the immediate goal… is just to secure their systems,” Graham told NEWS CENTER Maine.
On December 10, 2025, through its ongoing extensive data analysis, Covenant Health said it and third-party forensic specialists determined that additional patient information may have been involved in May’s data security breach.
Covenant Health said it has issued notifications to impacted patients. In a statement, the company added:
“Individuals whose information may have been involved in the incident should review the statements they receive from their healthcare providers and health insurance plans. If they see any services that were not received, they should contact the provider or health plan immediately.”
Despite the severity of the breach, Dr. Graham says patients should feel confident that hospitals take cybersecurity seriously and that protecting patient data is a top priority.
Covenant Health also said it has enhanced the security of its IT environment to help prevent an event such as this one from happening again.
In a statement to NEWS CENTER Maine, Suzanne Spruce, senior vice president and chief communication officer of Northern Light Health, reassured patients cyber security is something they take very seriously.
“We continuously monitor for threats, enhance our systems when appropriate, and provide important cyber security training for employees,” said Spruce.
For more local stories continue with us on our NEWS CENTER Maine+ streaming app.
For the latest breaking news, weather, and traffic alerts, download the NEWS CENTER Maine mobile app.
- Cara Update Data GTK 2026 agar Tunjangan Sertifikasi Cepat Cair - January 19, 2026
- Bentuk Molekul – Teori VSEPR, Hibridisasi, dan Polaritas Molekul - January 19, 2026
- TKA SD-SMP 2026 Bukan Wajib, Tapi Jadi Pertimbangan Utama SPMB 2026 Jalur Prestasi - January 19, 2026
Leave a Reply