Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Covenant Health (MA)

Covenant Health (MA) Vendor Cyber Rating & Cyber Score

covenanthealth.net

Covenant Health is a Catholic health care system sponsoring hospitals, nursing homes, assisted living residences and other health and elder services throughout New England. We are committed to the health of the individuals and communities we serve, and strive to offer a continuum of high quality care. Partnering Opportunities for Health and Elder Care Organizations: Covenant Health offers partnering organizations access to a wide array of successful programs and services provided by experienced professionals who understand the complexities of delivering values-driven care in an increasingly demanding environment. Among the range of services that Covenant Health provides are: -Strategic Planning and Positioning -Governance


CH A.I CyberSecurity Scoring

CH
Company Information
Website:http://www.covenanthealth.net
Employees number:193
Number of followers:2,051
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:covenanthealth.net
CH Risk Score (AI oriented)
Between 0 and 549
logo
CHHospitals and Health Care
Updated:
10/03/2026
528/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CH Global Score (TPRM)
xxxx
logo
CHHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CH
CHCritical
Current Score
528C (CRITICAL)
01000
3 incidents
-97 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
545Before Incident
JUNE 2026
543Before Incident
MAY 2026
536Before Incident
APRIL 2026
535Before Incident
MARCH 2026
528Before Incident
FEBRUARY 2026
526Before Incident
JANUARY 2026
518Before Incident
DECEMBER 2025
518Before Incident
NOVEMBER 2025
609Before Incident
Ransomware
26 Nov 2025CH
Covenant Health: Alerted to a breach in November, Advanced Family Surgery Center remains publicly silent – DataBreaches.Net

Cyberattack on Advanced Family Surgery Center Exposes Sensitive Patient Data

512After Incident
CRITICAL-97
COV1769001816
Cyberattack on Advanced Family Surgery Center Exposes Sensitive Patient Data On November 26, 2025, the ransomware group Genesis notified Advanced Family Surgery Center (AFSC), a Tennessee-based facility under Covenant Health, that they had breached its systems. Despite initial contact and attempted negotiations, no resolution was reached. By January 11, Genesis listed AFSC on its dark web leak site, claiming to have exfiltrated 100 GB of data, including: - Protected health information (surgical records with patient names, dates of birth, Social Security numbers, insurance details, and procedure notes) - Personal and financial data - Operational and file-server records A file tree posted by the threat actors confirmed the breach, with DataBreaches verifying the authenticity of exposed records. On January 19, when contacted for comment, Covenant Health initially questioned whether the inquiry was intended for them, suggesting a possible lack of awareness about the incident. As of publication, no data has been leaked, though Genesis indicated an upload was in progress. Under HIPAA regulations, affected entities must notify patients and the U.S. Department of Health and Human Services (HHS) within 60 days of discovery a deadline AFSC appears to have missed. No public breach notification from Covenant Health or AFSC has been identified, nor does the incident appear on HHS’s breach reporting tool. Further updates may follow if additional responses or disclosures emerge.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Data Compromised: 100 GBBrand Reputation Impact: Potential damage due to delayed disclosureLegal Liabilities: Potential HIPAA violationsIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Protected health informationPersonal and financial dataOperational and file-server recordsSensitivity Of Data: HighData Exfiltration: YesPatient namesDates of birthSocial Security numbersInsurance detailsProcedure notes
OCTOBER 2025
606Before Incident
SEPTEMBER 2025
603Before Incident
AUGUST 2025
600Before Incident
JULY 2025
676Before Incident
Breach
01 Jul 2025CH
Covenant Health: Data breach impacting owner of Maine hospital larger than previously thought

Covenant Health Data Breach

594After Incident
CRITICAL-82
COV1767368230
Cybersecurity Breach at Covenant Health Impacts Over 280,000 Mainers Covenant Health, the owner of St. Mary’s Hospital in Lewiston, Maine, has disclosed a significant expansion of a previously reported data breach. Initially believed to have affected approximately 4,600 Mainers when first reported in July, the incident has now been confirmed to impact over 280,000 individuals—a more than sixtyfold increase in the estimated scope. The amended breach notification, filed with the Maine Attorney General’s Office, follows further investigation into the incident. Covenant Health is offering credit monitoring and identity theft protection to those affected. The breach’s full extent and the nature of the exposed data remain under review, though the scale suggests a substantial compromise of sensitive information. The disclosure comes amid unrelated regional incidents, including a New Year’s morning fire in Manchester that left one dead and eight hospitalized, as well as a privacy lawsuit filed by a former Naked and Afraid contestant against Kennebec County, alleging misconduct by officials. Meanwhile, Ashley Furniture announced plans to open a 44,900-square-foot store in South Portland by early 2026, creating 45 new jobs.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personal and sensitive informationBrand Reputation Impact: Likely negativeLegal Liabilities: PotentialIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personally identifiable information, sensitive dataNumber Of Records Exposed: 280,000+Sensitivity Of Data: HighPersonally Identifiable Information: Yes
MAY 2025
762Before Incident
Breach
18 May 2025CH
Covenant Health: Covenant Health data breach impacts nearly 480,000 patients

Covenant Health Data Breach

673After Incident
CRITICAL-89
COV1767368358
Covenant Health Discloses Massive Data Breach Affecting Nearly 500,000 Patients Covenant Health, a Massachusetts-based Catholic healthcare system serving New England and parts of New York, has reported a major data breach impacting 478,188 individuals, with over half residing in Maine. The incident, stemming from a network intrusion in May 2025, exposed sensitive personal and medical information, triggering regulatory notifications and identity protection measures. The breach was detected on May 26, 2025, after unusual activity was observed in Covenant Health’s IT systems. A forensic investigation by an unnamed third-party cybersecurity firm revealed that an unauthorized actor had gained access to the network eight days earlier, on May 18. The intruder accessed a range of patient data, including: - Full names - Addresses - Dates of birth - Social Security numbers - Medical record numbers - Health insurance details - Treatment information (diagnoses, service dates) Covenant Health completed its internal review in December 2025 and began notifying affected individuals in two phases—first in July 2025 and again on December 31, 2025. The organization has since implemented remediation efforts, including system restoration, forensic analysis, and law enforcement engagement. As a precaution, affected patients are being offered a free one-year membership to Experian IdentityWorks, covering credit monitoring, fraud consultation, and identity theft restoration. While no evidence of data misuse has been reported, the breach underscores the ongoing risks to healthcare data security, particularly for organizations subject to HIPAA and state privacy regulations. Covenant Health has set up a dedicated call center to address patient inquiries related to the incident.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Sensitive personal and medical dataSystems Affected: IT environmentIdentity Theft Risk: High
DATA BREACH
Full namesAddressesDates of birthSocial Security numbersMedical record numbersHealth insurance detailsTreatment information (diagnoses and service dates)Number Of Records Exposed: 478,188Sensitivity Of Data: HighPersonally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CH ?
?
What was CH's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CH's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CH's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CH's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CH's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CH's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CH's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CH's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CH's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CH's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CH's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CH's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CH ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CH's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?