AHS
Company Details
Linkedin ID:
alberta-health-services
Employees number:
46,064
Number of followers:
206,605
NAICS:
62
Industry Type:
Homepage:
albertahealthservices.ca
IP Addresses:
153
Company ID:
ALB_2187366
Scan Status:
Completed
Alberta Health Services Company CyberSecurity Posture
albertahealthservices.ca
Alberta Health Services (AHS) is proud to be part of Canada’s first and largest provincewide, integrated health system, responsible for delivering health services to more than 4.5 million people living in Alberta, as well as occasionally to some residents of other provinces and territories Our skilled and dedicated professionals, support staff and physicians come from numerous disciplines, from all walks of life, and from all corners of the world. Our mission is to provide a patient-focused, quality health system that is accessible and sustainable for all Albertans. Our five values – compassion, accountability, respect, excellence and safety – are at the heart of everything that we do.
Alberta Health Services A.I CyberSecurity Scoring
AHS Risk Score (AI oriented)Between 700 and 749
AHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AHS Global Score (TPRM)XXXX
AHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AHS Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Alberta Health Services
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Alberta Health suffered a data breach after at least 12 users downloaded the wrong information from the province's COVID-19 vaccination record website. The record those users downloaded contained the name, date of birth and vaccine information. Albertans experienced issues accessing the updated vaccine record for travel due to the breach.
Alberta Health Services
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Alberta Health Services (AHS) says a computer hard drive that contained the personal health information of about 650 patients has been missing since August. The exposed information includes patient names, gender, dates of birth, physician names and medical record numbers. The agency says the external drive vanished from a cardiac outpatient clinical lab at the Mazankowski Alberta Heart Institute in Edmonton. It was found that the external drive was not encrypted, as mandatory, and did not have password protection.
Alberta Health Services
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Almost 7,000 patients were informed by Alberta Health Services that a doctor's Gmail account had been stolen, exposing their personal health information. The doctor working at the Richmond Road Diagnostic Centre in Calgary improperly used a private account to transmit health information While this privacy breach was unintentional and was deeply regretted by the physician, that does not in any way diminish the seriousness of the matter. There was no evidence to suggest that affected patients' information has been accessed by the hacker, the agency says.
AHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Alberta Health Services in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Alberta Health Services in 2025.
Incident Types AHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Alberta Health Services in 2025.
Incident History — AHS (X = Date, Y = Severity)
AHS cyber incidents detection timeline including parent company and subsidiaries
AHS Company Subsidiaries
Alberta Health Services (AHS) is proud to be part of Canada’s first and largest provincewide, integrated health system, responsible for delivering health services to more than 4.5 million people living in Alberta, as well as occasionally to some residents of other provinces and territories Our skilled and dedicated professionals, support staff and physicians come from numerous disciplines, from all walks of life, and from all corners of the world. Our mission is to provide a patient-focused, quality health system that is accessible and sustainable for all Albertans. Our five values – compassion, accountability, respect, excellence and safety – are at the heart of everything that we do.
Loading...
AHS Similar Companies
Mayo Clinic has expanded and changed in many ways, but our values remain true to the vision of our founders. Our primary value – The needs of the patient come first – guides our plans and decisions as we create the future of health care. Join us and you'll find a culture of teamwork, professionalism
Select Medical made a commitment more than 20 years ago to deliver an exceptional patient care experience that promotes healing and recovery in a compassionate environment. We have honored that promise by helping define the nation's standard of excellence in specialized hospital and rehabilitative c
Every day millions of people feel the impact of our intelligent devices, advanced analytics and artificial intelligence. As a leading global medical technology and digital solutions innovator, GE HealthCare enables clinicians to make faster, more informed decisions through intelligent devices, data
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
UCHealth
At UCHealth, we do things differently. We strive to promote individual and community health and leave no question unanswered along the way. We’re driven to improve and optimize health care. Our network of nationally-recognized hospitals, clinic locations and health care providers extends throughout
Cardinal Health is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities. With more than 50 years in business, operations in more than 30 countries and approximately 48,00
Advocate Health Care
Advocate Health Care is proud to be a part of Advocate Health, the third-largest nonprofit integrated health system in the U.S. Advocate Health is the third-largest nonprofit, integrated health system in the United States, created from the combination of Advocate Aurora Health and Atrium Health. Pr
Banner Health
Headquartered in Arizona, Banner Health is one of the largest nonprofit health care systems in the country. The system owns and operates 33 acute-care hospitals, Banner Health Network, Banner – University Medicine, academic and employed physician groups, long-term care centers, outpatient surgery ce
University of Maryland Medical System
The University of Maryland Medical System (UMMS) was created in 1984 when the state-owned University Hospital became a private, nonprofit organization. It has evolved into a multi-hospital system with academic, community and specialty service missions reaching every part of the state and beyond. UM
.png)
AHS CyberSecurity News
November 19, 2025 01:00 PM
Privacy commissioner calls for better cybersecurity in Alberta schools after big breach
Alberta's privacy commissioner wants to see improved security policies in schools after a cybersecurity breach last year exposed highly...
November 14, 2025 10:35 PM
Off the rails: Why cybersecurity must rethink its future
Veteran OT security leader says the industry's fear-driven sales model has derailed progress — and calls for a shift toward resilience and...
November 12, 2025 08:00 AM
Securonix DPM Flex optimizes SIEM data management
Securonix DPM Flex expands threat visibility, increases analytical coverage, and improves compliance assurance, all within the same...
October 23, 2025 07:00 AM
Blakes Data Governor: Fall 2025
The Fall 2025 issue of Blakes Data Governor is here. Explore insights into privacy, cybersecurity, access to information and artificial...
July 22, 2025 07:00 AM
What to know about a vulnerability being exploited on Microsoft SharePoint servers
Microsoft has issued an emergency fix to close off a vulnerability in SharePoint software that hackers have exploited to carry out attacks.
June 26, 2025 07:00 AM
Fasken’s Noteworthy News: Privacy & Cybersecurity in Canada, the US, and the EU (June 2025) | Knowledge
This is a monthly bulletin published by the Privacy and Cybersecurity Group at Fasken with noteworthy news and updates.
June 20, 2025 07:00 AM
Hospital cyber attacks cost $600K/hour. Here's how AI is changing the math
How Alberta Health Services is using advanced AI to bolster its defenses as attackers increasingly target healthcare facilities.
June 18, 2025 12:47 AM
2025 Alumni Award Recipients
University of Alberta alumni around the globe use their education to make the world a better place — through their professional achievements,...
June 12, 2025 07:00 AM
Mitigating AI security threats: Why the G7 should embrace ‘federated learning’
Federated learning offers a new foundation for AI — one where privacy, transparency and innovation can move together.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AHS CyberSecurity History Information
Official Website of Alberta Health Services
The official website of Alberta Health Services is http://www.albertahealthservices.ca.
Alberta Health Services’s AI-Generated Cybersecurity Score
According to Rankiteo, Alberta Health Services’s AI-generated cybersecurity score is 747, reflecting their Moderate security posture.
How many security badges does Alberta Health Services’ have ?
According to Rankiteo, Alberta Health Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Alberta Health Services have SOC 2 Type 1 certification ?
According to Rankiteo, Alberta Health Services is not certified under SOC 2 Type 1.
Does Alberta Health Services have SOC 2 Type 2 certification ?
According to Rankiteo, Alberta Health Services does not hold a SOC 2 Type 2 certification.
Does Alberta Health Services comply with GDPR ?
According to Rankiteo, Alberta Health Services is not listed as GDPR compliant.
Does Alberta Health Services have PCI DSS certification ?
According to Rankiteo, Alberta Health Services does not currently maintain PCI DSS compliance.
Does Alberta Health Services comply with HIPAA ?
According to Rankiteo, Alberta Health Services is not compliant with HIPAA regulations.
Does Alberta Health Services have ISO 27001 certification ?
According to Rankiteo,Alberta Health Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Alberta Health Services
Alberta Health Services operates primarily in the Hospitals and Health Care industry.
Number of Employees at Alberta Health Services
Alberta Health Services employs approximately 46,064 people worldwide.
Subsidiaries Owned by Alberta Health Services
Alberta Health Services presently has no subsidiaries across any sectors.
Alberta Health Services’s LinkedIn Followers
Alberta Health Services’s official LinkedIn profile has approximately 206,605 followers.
NAICS Classification of Alberta Health Services
Alberta Health Services is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Alberta Health Services’s Presence on Crunchbase
No, Alberta Health Services does not have a profile on Crunchbase.
Alberta Health Services’s Presence on LinkedIn
Yes, Alberta Health Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/alberta-health-services.
Cybersecurity Incidents Involving Alberta Health Services
As of November 27, 2025, Rankiteo reports that Alberta Health Services has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Alberta Health Services has an estimated 29,991 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Alberta Health Services ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
Incident Details
Can you provide details on each incident ?
Title: Alberta Health Data Breach
Description: Alberta Health suffered a data breach after at least 12 users downloaded the wrong information from the province's COVID-19 vaccination record website. The record those users downloaded contained the name, date of birth and vaccine information. Albertans experienced issues accessing the updated vaccine record for travel due to the breach.
Type: Data Breach
Title: Alberta Health Services Data Breach
Description: Almost 7,000 patients were informed by Alberta Health Services that a doctor's Gmail account had been stolen, exposing their personal health information. The doctor working at the Richmond Road Diagnostic Centre in Calgary improperly used a private account to transmit health information. While this privacy breach was unintentional and was deeply regretted by the physician, that does not in any way diminish the seriousness of the matter. There was no evidence to suggest that affected patients' information has been accessed by the hacker, the agency says.
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Improper use of private email account
Title: Data Breach at Alberta Health Services
Description: A computer hard drive containing the personal health information of about 650 patients has been missing since August. The exposed information includes patient names, gender, dates of birth, physician names, and medical record numbers. The external drive vanished from a cardiac outpatient clinical lab at the Mazankowski Alberta Heart Institute in Edmonton. It was found that the external drive was not encrypted, as mandatory, and did not have password protection.
Date Detected: 2023-08
Type: Data Breach
Attack Vector: Physical Theft
Vulnerability Exploited: Lack of encryption and password protection
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALB1558121222
Data Compromised: Name, Date of birth, Vaccine information
Systems Affected: COVID-19 vaccination record website
Operational Impact: Issues accessing the updated vaccine record for travel
Incident : Data Breach ALB11183423
Data Compromised: Personal health information
Incident : Data Breach ALB31917423
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Health Information, , Personal health information, Patient Names, Gender, Dates Of Birth, Physician Names, Medical Record Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach ALB1558121222
Entity Name: Alberta Health
Entity Type: Government Health Organization
Industry: Healthcare
Location: Alberta, Canada
Incident : Data Breach ALB11183423
Entity Name: Alberta Health Services
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Calgary, Alberta
Customers Affected: 7,000 patients
Incident : Data Breach ALB31917423
Entity Name: Alberta Health Services
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Edmonton, Alberta
Customers Affected: 650
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALB1558121222
Type of Data Compromised: Personally identifiable information, Health information
Personally Identifiable Information: namedate of birth
Incident : Data Breach ALB11183423
Type of Data Compromised: Personal health information
Number of Records Exposed: 7,000
Sensitivity of Data: High
Incident : Data Breach ALB31917423
Type of Data Compromised: Patient names, Gender, Dates of birth, Physician names, Medical record numbers
Number of Records Exposed: 650
Sensitivity of Data: High
Data Encryption: No
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-08.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were name, date of birth, vaccine information, , Personal health information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was COVID-19 vaccination record website.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were vaccine information, Personal health information, date of birth and name.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 7.7K.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=alberta-health-services' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
