Covenant Surgical Partners, Inc., a physician services company now owned by a subsidiary of Tenet Health, has reported a data breach impacting the protected health information (PHI) of 88,609 individuals. However, as of early June 2025, details regarding the cause, nature, and timeline of the incident have not been publicly disclosed by the company.
What happened
On May 28, 2025, Covenant Surgical Partners reported a data breach to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). At present, this federal filing is the primary source of public information. The company, which rebranded as Covenant Physician Partners before being acquired by United Surgical Partners International (USPI) in 2024, has not yet issued a detailed press release or website notice explaining how or when the breach occurred, or how it was discovered.
What's new
The HHS OCR filing confirms that 88,609 individuals were affected by a cybersecurity incident. While an official, detailed list of compromised data has not been released by the company, information cited by law firms investigating the incident suggests the exposed PHI may include:
- Names
- Addresses and contact information
- Dates of birth
- Medical records
- Insurance information
- Payment information
The lack of a public notice means there is currently no information about whether credit monitoring or identity theft protection services will be offered. In response to the HHS filing, several law firms, including Levi & Korsinsky, Siri & Glimstad, and Shamis & Gentile, P.A., have announced investigations into the breach to determine if affected individuals are entitled to compensation.
Why it matters
The breach is significant not only due to the large number of individuals affected but also because of the sensitive nature of surgical patient data. The exposed information could be used by malicious actors for identity theft, financial fraud, or sophisticated phishing schemes. The lack of information from the company adds to the concern, leaving nearly 90,000 people uncertain about the specific risks they face.
The intrigue
The most striking aspect of this developing story is the near-total absence of public details from Covenant Surgical Partners or its parent companies, USPI and Tenet Health. While the HHS report confirms the breach and the number of victims, the "how" and "when" remain a mystery. This lack of transparency makes it difficult for affected patients to understand the context of the breach and take specific, targeted protective measures. The incident's disclosure comes after the company's acquisition by USPI, adding a layer of corporate complexity.
Looking ahead
Affected individuals should be on high alert for an official notification letter from Covenant Surgical Partners, which should provide more specific details about the incident and what personal information was involved. In the meantime, all patients should vigilantly monitor their financial accounts, credit reports, and Explanation of Benefits statements. The significant legal interest suggests that class action lawsuits are highly likely, which will put pressure on the company to release more information about its security practices and the breach itself.
FAQs
Why are there so few details available about this data breach?
Currently, the primary source of information is the mandatory report Covenant Surgical Partners filed with the HHS Office for Civil Rights. Companies sometimes file this report before their investigation is complete or before they have issued a public press release or website notice. More details should become available when the company mails official notification letters to affected individuals.
Who is Covenant Surgical Partners now?
The company, founded as Covenant Surgical Partners, rebranded as Covenant Physician Partners in 2020. In July 2024, it was acquired by United Surgical Partners International (USPI), which is a subsidiary of Tenet Health. This means it is part of a very large national healthcare network.
What should I do if I believe I was a patient and might be affected?
Given the lack of details, the best course of action is to be proactive. Monitor your credit reports, review all medical bills and insurance statements carefully for services you did not receive, and be extremely cautious of any unsolicited emails or phone calls claiming to be from Covenant, USPI, or Tenet Health. Wait for an official letter with specific instructions.
