Covenant Health, a healthcare organization operating in the United States, has disclosed a data breach that exposed the personal and medical information of close to 478,000 patients. The incident took place in May 2026 and the company has begun notifying affected individuals. Exposed data may include names, dates of birth, Social Security numbers, medical record numbers, health insurance details, and information about clinical care received at Covenant Health facilities.
Healthcare breaches are particularly serious because medical records are difficult to change — unlike a password or a credit card number, your health history stays with you. Stolen health data can be used for insurance fraud, identity theft, and even blackmail. If you or a family member have received care at a Covenant Health facility, watch your mailbox for a notification letter and monitor your credit and health insurance statements for signs of fraud.
How to check if you’re affected
Affected patients are anyone who received care at a Covenant Health facility and whose records were stored in the systems compromised during the May 2026 breach. If you received a notification letter from Covenant Health, your data was exposed. Affected versions of patient records span clinical visits processed through their management systems at the time of the breach. You can request a copy of your medical records from Covenant Health and review your Explanation of Benefits (EOB) statements from your insurer for unfamiliar charges. Placing a credit freeze with all three major bureaus (Equifax, Experian, TransUnion) is free and helps prevent new accounts being opened in your name.