Hospitals in Maine, New Hampshire limit services after cyberattack on Catholic health org

Three hospitals run by Catholic healthcare organization Covenant Health are dealing with a cyberattack that forced the facilities to shut off all access to data systems. 

Covenant Health operates the three hospitals and multiple skilled nursing and rehabilitation centers, assisted living residences, and community-based health and elder care organizations across Maine, Massachusetts, New Hampshire, Pennsylvania, Rhode Island and Vermont. The organization has nearly 6,000 employees. 

A spokesperson for Covenant Health confirmed that a cyberattack impacted two hospitals in Maine — St. Joseph Hospital and St. Mary’s Health System — and one in New Hampshire, which is also called St. Joseph Hospital. 

“On Monday, May 26, Covenant Health became aware of irregularities impacting connectivity across the organization. Out of an abundance of caution, we immediately discontinued access to all data systems in our hospitals, clinics and provider practices,” the spokesperson said. 

Cybersecurity experts have been hired to determine what happened and to restore full system access. 

“We are working to provide healthcare services as normal. Patients are encouraged to keep all appointments. If patients have questions, they should contact their provider’s office,” they added.

She explained the attack has had “minimal impact” on the organization’s post-acute care facilities because they are on a different clinical platform.

All of the hospitals posted messages on social media and on their websites notifying patients of technology outages earlier this week. 

The messages said the hospitals are experiencing system issues affecting phones and internet access, making certain services unavailable. 

St. Mary’s said care is continuing but noted wait times will be longer than normal and labs are only able to process paper orders or orders that can be shown through the platform MyChart. St. Joseph Hospital in New Hampshire said lab services were only available at the main hospital campus and services could only be provided with a physical order in hand. 

No cybercriminal group has taken credit for the attack as of Friday. Last year, one of the largest Catholic health systems in the U.S. was attacked by the Black Basta ransomware gang. 

There have already been multiple cyberattacks in 2025 impacting the care at U.S.y hospitals, including an incident last week affecting facilities in Ohio. 

A hospital network in Maryland struggled for weeks with technological issues after a cyberattack in January and attacks on a New York blood center as well as dialysis giant DaVita caused dangerous impacts on patient care.