Pierluigi Paganini June 02, 2025

A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident.

Three hospitals run by Covenant Health were hit by a cyberattack, prompting them to shut down all their systems to contain the security incident.

“St. Mary’s is currently experiencing a temporary system issue that is affecting some phones and documentation systems.” reads the message published by the St. Mary’s Health System. “Care is continuing, but this may lead to longer wait times in some areas.”

“Due to a temporary system issue, we are adjusting our outpatient lab services today, May 27th. For the time being, labs will only be available at our main hospital campus, and services can be provided only with a physical order in hand.” reads the post published by the St. Joseph Hospital.

Covenant Health Systems is a non-profit Catholic regional health care system sponsoring hospitals, nursing homes, assisted living residences and other health and elder services throughout New England.

Covenant Health experienced a cyberattack starting May 26, 2025, leading to a shutdown of systems across hospitals, clinics, and practices. At this time, it’s unclear whether data was stolen or ransomware was employed. The organization hired top cybersecurity experts to contain and investigate the incident. Services continue with minimal disruption, though some systems and outpatient labs are affected. St. Joseph’s in New Hampshire and two Maine hospitals are also impacted. Patients are advised to keep appointments.

“On Monday, May 26, Covenant Health became aware of irregularities impacting connectivity across the organization. Out of an abundance of caution, we immediately discontinued access to all data systems in our hospitals, clinics and provider practices,” the spokesperson said. 

“We are working to provide healthcare services as normal. Patients are encouraged to keep all appointments. If patients have questions, they should contact their provider’s office,”

At the time of this writing, no ransomware group has claimed responsibility for the attack.

In 2025, multiple cyberattacks targeted healthcare organizations in the U.S..

In March, the RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claimed to have stolen 1.5TB of sensitive data. In April, The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data.

Ransomware attacks on U.S. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. Hospitals often face system lockdowns, forcing a switch to manual processes. High-profile breaches include Change Healthcare (100M records), Summit Pathology (1.8M), OnePoint Patient Care (796K), and Boston Children’s Health Physicians (909K).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Covenant Health)