Covenant Health, a healthcare organization based in Andover, Massachusetts, reported a significant data breach affecting over 478,000 individuals. The breach, linked to the Qilin ransomware group, occurred on May 18, 2025, but was only discovered a week later. Covenant Health initially informed authorities in July that about 7,800 individuals were impacted. However, a December update revealed the breach's true extent, affecting 478,188 people. The hackers accessed sensitive personal and health information, including names, dates of birth, Social Security numbers, medical record numbers, health insurance details, and treatment information. The Qilin group claimed to have stolen more than 1.3 million files totaling around 850 GB. Despite the breach, it appears that Covenant Health did not pay the ransom, as the stolen data has since been made public by the cybercriminals. This incident highlights the vulnerability of healthcare organizations to cyberattacks and the severe consequences for patient privacy.