AHN
Company Details
Linkedin ID:
allegheny-health-network
Website:
Employees number:
11,282
Number of followers:
69,630
NAICS:
62
Industry Type:
Homepage:
ahn.org
IP Addresses:
0
Company ID:
ALL_8447177
Scan Status:
In-progress
Allegheny Health Network Company CyberSecurity Posture
ahn.org
Allegheny Health Network is an integrated health care delivery system serving the greater Western Pennsylvania region. More than 2,600 physicians and 21,000 employees serve the system's 14 hospitals as well as its ambulatory medical and surgery centers, Health + Wellness Pavilions, and hundreds of physician practice locations. AHN is a proud part of Highmark Health.
Allegheny Health Network A.I CyberSecurity Scoring
AHN Risk Score (AI oriented)Between 750 and 799
AHN
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AHN Global Score (TPRM)XXXX
AHN
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AHN Company CyberSecurity News & History
Past Incidents
4
Attack Types
3
Highmark
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported a data breach involving Highmark on February 3, 2023. The breach occurred between December 13, 2022, and December 15, 2022, due to an external hacking incident, potentially affecting 300,000 individuals, including 2,774 Maine residents. The compromised information included names and social security numbers.
Highmark Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Highmark Health, based in Pittsburgh confirmed a security incident in its computer network that resulted in a data security breach. The breach exposed the sensitive information of as many as 67,147 individuals. Highmark Health investigated the incident and notified the impacted customers to be alerted of any fraudulent activity.
Highmark Health
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving Highmark Health on February 6, 2023. The breach occurred between December 13 and December 15, 2022, due to a phishing cyberattack, potentially affecting the personal and protected health information of 1,980 residents.
Highmark Health
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A former employee of Highmark, according to the district attorney's office, allegedly broke into the accounts of multiple customers, including a school system, and took $1,000. Zakayah Scott, who performed remote work for Highmark Health from South Carolina, was charged by the Allegheny County District Attorney's office. The authorities claimed that Scott had access to the birthdays, residences, and phone numbers of his clients. They claimed she changed the victims' health savings account passwords over the phone, logged in, and then transferred and took money while posing as one of the victims.
AHN Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AHN
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Allegheny Health Network in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Allegheny Health Network in 2025.
Incident Types AHN vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Allegheny Health Network in 2025.
Incident History — AHN (X = Date, Y = Severity)
AHN cyber incidents detection timeline including parent company and subsidiaries
AHN Company Subsidiaries
Allegheny Health Network is an integrated health care delivery system serving the greater Western Pennsylvania region. More than 2,600 physicians and 21,000 employees serve the system's 14 hospitals as well as its ambulatory medical and surgery centers, Health + Wellness Pavilions, and hundreds of physician practice locations. AHN is a proud part of Highmark Health.
Loading...
AHN Similar Companies
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care,
Region Hovedstaden
Det handler om liv. Om at bringe liv til verden og skabe livskvalitet. Om at redde liv og forbedre liv. Som medarbejder i Region Hovedstaden træder du ind i en verden af muligheder og mangfoldighed med plads til dine ambitioner. Du er en del af et stærkt fagligt miljø, hvor vi har fingeren på pulsen
Aurora Health Care is proud to be a part of Advocate Health, the third-largest nonprofit integrated health system in the U.S. Advocate Health is the third-largest nonprofit, integrated health system in the United States, created from the combination of Advocate Aurora Health and Atrium Health. Prov
Stanford Health Care
Stanford Health Care, with multiple facilities throughout the Bay Area, is internationally renowned for leading edge and coordinated care in cancer care, neurosciences, cardiovascular medicine, surgery, organ transplant, medicine specialties, and primary care. Throughout its history, Stanford has be
Ramsay Health Care
Ramsay Health Care is a trusted provider of private hospital and healthcare services in Australia, Europe and the United Kingdom. Every year, millions of patients put their trust in Ramsay, confident in our ability to deliver safe, high-quality healthcare with outstanding clinical outcomes. We ope
American Medical Response
American Medical Response, America’s leading provider of medical transportation, has a single mission: making a difference by caring for people in need. AMR solutions include 911 emergency, interfacility transportation, event medical, advanced & basic life support transports and federal disaster res
Northwell Health
Northwell Health is New York State’s largest health care provider and private employer, with 28 hospitals, about 1,000+ outpatient facilities and more than 16,000 affiliated physicians. At Northwell, we focus on cultivating an environment that inspires growth, empowers leadership, and encourages br
Kindred
Kindred’s mission is to help our patients reach their highest potential for health and healing with intensive medical and rehabilitative care through a compassionate patient experience. Kindred’s 61 long-term acute care hospitals (LTACHs), along with 18 community-based, short-term acute care hospit
Helse Sør-Øst RHF
South Eastern Norway Regional health Authority is a merger between the former Eastern and South regional Health Authority. Responsible for secondary healthcare services for the south-eastern parts of Norway 2.5 million people (approx 52% of population) cost containment budget 58 billion Nkr. 100%
.png)
AHN CyberSecurity News
December 09, 2025 08:00 AM
Deals tracker: Montagu, Kohlberg to buy Teleflex Medical for $1.5B
Follow here for all the latest news about mergers, acquisitions and joint partnerships in the healthcare industry.
December 03, 2025 11:29 PM
Pa. Superior Court Throws Out Doctor's Whistleblower Claims Against Allegheny Health Network
The Pennsylvania Superior Court ruled on Tuesday that an Allegheny County emergency room doctor's Medical Care Availability and Reduction of...
November 30, 2025 08:00 AM
Allegheny Health Network leads state with 1,000 robotic-assisted lung ‘Ion’ biopsies done
Allegheny Health Network has now performed 1000 robotic-assisted lung “Ion” biopsies, with more procedures completed than any other health...
November 21, 2025 08:00 AM
How AI is helping reduce nursing burnout in hospitals
Health systems are looking at nursing, a profession grappling with burnout and other challenges, as the next frontier for AI.
October 18, 2025 07:00 AM
Allegheny Health Network moves to acquire 2 Pennsylvania hospitals
The system has signed an agreement with Heritage Valley Health System. Allegheny has pledged to make significant investments in the system.
October 16, 2025 07:00 AM
Allegheny Health Network and Heritage Valley Health System Sign Affiliation Agreement
Organizations Pledge Expanded Access to High-Quality Care in western Allegheny County and greater Beaver County as Heritage Valley's...
October 15, 2025 07:00 AM
STEMup™ and Allegheny Health Network Partner to Advance STEM Workforce Development at AHN Suburban
STEMup™, a Pittsburgh-based nonprofit that supports the region's innovation ecosystem though STEM workforce development initiatives,...
August 25, 2025 07:00 AM
Allegheny Health Network rebounds as Highmark Health faces insurance industry challenges
Allegheny Health Network continued its recovery, seeing its bottom line improve in the first half of the year while headwinds in the...
August 12, 2025 07:00 AM
Highmark, Abridge to launch AI-powered prior authorization tool
Highmark Health and clinical documentation vendor Abridge are developing a tool that uses generative artificial intelligence to approve...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AHN CyberSecurity History Information
Official Website of Allegheny Health Network
The official website of Allegheny Health Network is http://www.ahn.org.
Allegheny Health Network’s AI-Generated Cybersecurity Score
According to Rankiteo, Allegheny Health Network’s AI-generated cybersecurity score is 780, reflecting their Fair security posture.
How many security badges does Allegheny Health Network’ have ?
According to Rankiteo, Allegheny Health Network currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Allegheny Health Network have SOC 2 Type 1 certification ?
According to Rankiteo, Allegheny Health Network is not certified under SOC 2 Type 1.
Does Allegheny Health Network have SOC 2 Type 2 certification ?
According to Rankiteo, Allegheny Health Network does not hold a SOC 2 Type 2 certification.
Does Allegheny Health Network comply with GDPR ?
According to Rankiteo, Allegheny Health Network is not listed as GDPR compliant.
Does Allegheny Health Network have PCI DSS certification ?
According to Rankiteo, Allegheny Health Network does not currently maintain PCI DSS compliance.
Does Allegheny Health Network comply with HIPAA ?
According to Rankiteo, Allegheny Health Network is not compliant with HIPAA regulations.
Does Allegheny Health Network have ISO 27001 certification ?
According to Rankiteo,Allegheny Health Network is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Allegheny Health Network
Allegheny Health Network operates primarily in the Hospitals and Health Care industry.
Number of Employees at Allegheny Health Network
Allegheny Health Network employs approximately 11,282 people worldwide.
Subsidiaries Owned by Allegheny Health Network
Allegheny Health Network presently has no subsidiaries across any sectors.
Allegheny Health Network’s LinkedIn Followers
Allegheny Health Network’s official LinkedIn profile has approximately 69,630 followers.
NAICS Classification of Allegheny Health Network
Allegheny Health Network is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Allegheny Health Network’s Presence on Crunchbase
No, Allegheny Health Network does not have a profile on Crunchbase.
Allegheny Health Network’s Presence on LinkedIn
Yes, Allegheny Health Network maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/allegheny-health-network.
Cybersecurity Incidents Involving Allegheny Health Network
As of December 15, 2025, Rankiteo reports that Allegheny Health Network has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Allegheny Health Network has an estimated 31,157 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Allegheny Health Network ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Data Leak and Breach.
What was the total financial impact of these incidents on Allegheny Health Network ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $1 thousand.
How does Allegheny Health Network detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified impacted customers to be alerted of any fraudulent activity., and law enforcement notified with yes..
Incident Details
Can you provide details on each incident ?
Title: Highmark Health Data Breach
Description: Highmark Health, based in Pittsburgh confirmed a security incident in its computer network that resulted in a data security breach.
Type: Data Breach
Title: Former Highmark Employee Allegedly Breaches Customer Accounts
Description: A former employee of Highmark allegedly broke into the accounts of multiple customers, including a school system, and stole $1,000.
Type: Data Breach
Attack Vector: Account Takeover
Vulnerability Exploited: Unauthorized Access
Threat Actor: Zakayah Scott
Motivation: Financial Gain
Title: Highmark Health Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving Highmark Health on February 6, 2023. The breach occurred between December 13 and December 15, 2022, due to a phishing cyberattack, potentially affecting the personal and protected health information of 1,980 residents.
Date Detected: 2023-02-06
Date Publicly Disclosed: 2023-02-06
Type: Data Breach
Attack Vector: Phishing
Title: Highmark Data Breach
Description: The Maine Office of the Attorney General reported a data breach involving Highmark on February 3, 2023. The breach occurred between December 13, 2022, and December 15, 2022, due to an external hacking incident, potentially affecting 300,000 individuals, including 2,774 Maine residents. The compromised information included names and social security numbers.
Date Detected: 2023-02-03
Date Publicly Disclosed: 2023-02-03
Type: Data Breach
Attack Vector: External Hacking
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Remote Access.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach HIG13581522
Data Compromised: Sensitive information
Incident : Data Breach HIG53025623
Financial Loss: $1,000
Data Compromised: Birthdays, Residences, Phone numbers
Incident : Data Breach HIG305072725
Data Compromised: Personal information, Protected health information
Incident : Data Breach HIG753080425
Data Compromised: Names, Social security numbers
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $250.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive Information, Birthdays, Residences, Phone Numbers, , Personal Information, Protected Health Information, , Names, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach HIG13581522
Entity Name: Highmark Health
Entity Type: Healthcare Organization
Industry: Healthcare
Location: Pittsburgh
Customers Affected: 67147
Incident : Data Breach HIG53025623
Entity Name: Highmark Health
Entity Type: Health Insurance Company
Industry: Healthcare
Location: Allegheny County
Customers Affected: Multiple, including a school system
Incident : Data Breach HIG305072725
Entity Name: Highmark Health
Entity Type: Healthcare
Industry: Healthcare
Location: Washington State
Customers Affected: 1980
Incident : Data Breach HIG753080425
Entity Name: Highmark
Entity Type: Health Insurance Company
Industry: Healthcare
Customers Affected: 300000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach HIG13581522
Communication Strategy: Notified impacted customers to be alerted of any fraudulent activity.
Incident : Data Breach HIG53025623
Law Enforcement Notified: Yes
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach HIG13581522
Type of Data Compromised: Sensitive Information
Number of Records Exposed: 67147
Incident : Data Breach HIG53025623
Type of Data Compromised: Birthdays, Residences, Phone numbers
Sensitivity of Data: Medium
Personally Identifiable Information: Yes
Incident : Data Breach HIG305072725
Type of Data Compromised: Personal information, Protected health information
Number of Records Exposed: 1980
Incident : Data Breach HIG753080425
Type of Data Compromised: Names, Social security numbers
Number of Records Exposed: 300000
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach HIG305072725
Source: Washington State Office of the Attorney General
Date Accessed: 2023-02-06
Incident : Data Breach HIG753080425
Source: Maine Office of the Attorney General
Date Accessed: 2023-02-03
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2023-02-06, and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-02-03.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified impacted customers to be alerted of any fraudulent activity..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach HIG13581522
Customer Advisories: Notified impacted customers to be alerted of any fraudulent activity.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notified impacted customers to be alerted of any fraudulent activity..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach HIG53025623
Entry Point: Remote Access
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Zakayah Scott.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-02-06.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-02-03.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $1,000.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive Information, , birthdays, residences, phone numbers, , Personal Information, Protected Health Information, , Names, Social Security Numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were birthdays, residences, Sensitive Information, Protected Health Information, Names, Social Security Numbers, Personal Information and phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.2K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and Washington State Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notified impacted customers to be alerted of any fraudulent activity.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Remote Access.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=allegheny-health-network' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
