Ransomware Group: QILIN

VICTIM NAME: www[.]covenanthealth[.]net

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Covenant Health, a healthcare organization based in Tewksbury, Massachusetts, operating within the United States. The organization is recognized for its regional health services, including hospitals and nursing centers, emphasizing values-based, not-for-profit healthcare. The breach was discovered on June 24, 2025. The leak occurred approximately at the same time, indicating a recent and active compromise. The page contains a screenshot that appears to show internal documents or interfaces, suggesting sensitive internal information may have been accessed or leaked. Additionally, the site provides a link to the ransom claim, which is hosted on a dark web domain. The leak is associated with the group known as Qilin, known for targeting healthcare institutions.

The leak may include stolen data related to patient records or internal communications, although specific contents are not detailed here. No PII or personally identifiable information is explicitly mentioned in the summary. The breach highlights ongoing risks to healthcare services from cybercriminal groups aiming to disrupt operations or extort sensitive information. The presence of a screenshot indicates potential exposure of internal data or system interfaces, which could compromise organizational security further. The leak aligns with a pattern of attacks on critical infrastructure, emphasizing the importance of cybersecurity measures for healthcare providers. The organization’s activity and geographic focus suggest a targeted attack on a vital regional health network.