Ransomware gang Qilin today took credit for a May 2025 cyber attack against Covenant Health in Massachusetts.
The health network says it shut down its network after a cyber attack caused connectivity issues starting on May 26, 2025. At least one hospital in the network says it diverted ambulances to other hospitals and moved services like medical imaging to other facilities. St Joseph Hospital in Nashua, NH reported the attack might affect phone and internet service and online access to hospital services.
Qilin today claims to have stolen confidential files from Covenant Health. To prove its claim, the group posted images of what it says are documents stolen from Covenant Health. They include employee-related documents, spreadsheets, and service agreements.
Covenant Health has not verified Qilin’s claim. We do not know if Covenant Health did or will pay a ransom, how much Qilin demanded, how many people’s data might be affected, what data was compromised, or how attackers breached Covenant’s network. Comparitech contacted Covenant Health for comment and will update this article if it replies.
Who is Qilin?
Qilin is a ransomware gang that began claiming responsibility for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin has claimed responsibility for 38 confirmed ransomware attacks in 2025 to date, plus 261 unconfirmed claims that haven’t been acknowledged by the targeted organizations.
Eight of Qilin’s attacks this year hit healthcare companies, including:
- Dermatologists of Birminghham notified 86,000 people about a March 2025 data breach
- Sasszemklinika in Hungary reported an April 2025 data breach
- Palawan MMG Cooperative Hospital in the Philippines reported a data breach earlier this month
In June 2024, Next Step Healthcare issued data breach notices to 12,000 people following a Qilin attack.
Ransomware attacks on US healthcare
Comparitech researchers have logged 32 confirmed ransomware attacks on US healthcare companies so far in 2025, compromising more than 1.9 million records.
Those attacks include:
- Rural Health Services notified 33,000 people of a January 2025 data breach claimed by Medusa, who demanded $200,000 in ransom
- Mount Rogers Community Services reported a breach in April 2025 claimed by Inc
- The Vascular Experts suffered an attack claimed by Inc in May 2025
- Upper Dublin Family Dentistry notified 5,000 people of a May 2025 data breach by unknown attackers
Ransomware attacks on US hospitals, clinics, and other care providers can cripple critical systems and endanger the health, privacy, and security of patients. Hospitals must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Covenant Health
Covenant Health is a network of hospitals, nursing homes, and assisted living residences in New England. It operates 18 facilities across six states and employs 6,000 people. Covenant’s largest hospitals include St. Mary’s Health System in Lewiston, Maine and St. Joseph Hospital in Nashua, New Hampshire.
It should not be confused with another health network of the same name in Tennessee.
