Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
American Hospital Association

American Hospital Association Vendor Cyber Rating & Cyber Score

aha.org

The American Hospital Association (AHA) is the national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. Close to 5,000 hospitals, health care systems, networks, other providers of care and 37,000 individual members come together to form the AHA. Through our representation and advocacy activities, AHA ensures that members'​ perspectives and needs are heard and addressed in national health policy development, legislative and regulatory debates, and judicial matters. Our advocacy efforts include the legislative and executive branches and include the legislative and regulatory arenas. For more information, visit us on the web at www.aha.org. Social Media Policy:


AHA A.I CyberSecurity Scoring

AHA
Company Information
Website:http://www.aha.org
Employees number:1,604
Number of followers:116,379
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:aha.org
AHA Risk Score (AI oriented)
Between 0 and 549
logo
AHAHospitals and Health Care
Updated:
12/06/2026
499/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
AHA Global Score (TPRM)
xxxx
logo
AHAHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

AHA
AHACritical
Current Score
499C (CRITICAL)
01000
4 incidents
-139.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
506Before Incident
JUNE 2026
499Before Incident
MAY 2026
490Before Incident
APRIL 2026
486Before Incident
MARCH 2026
480Before Incident
FEBRUARY 2026
472Before Incident
JANUARY 2026
465Before Incident
DECEMBER 2025
450Before Incident
NOVEMBER 2025
447Before Incident
OCTOBER 2025
595Before Incident
Ransomware
03 Oct 2025AHA
Healthcare Organizations (Hospitals and Health Systems)

LockBit 5.0 Ransomware Threat to Healthcare and Other Sectors

430After Incident
CRITICAL-165
AME5302253100425
The LockBit 5.0 ransomware variant poses a severe and immediate threat to healthcare providers, including hospitals and related organizations. This latest iteration of the ransomware-as-a-service (RaaS) group is engineered to exploit Windows, Linux, and VMware ESXi environments, making it highly adaptable to critical healthcare IT infrastructures. The bulletin from Health-ISAC highlights its enhanced evasion techniques, allowing it to bypass security measures more effectively, and its accelerated encryption capabilities, which can cripple operations faster than previous versions.Given LockBit’s history of targeting hospitals, this variant risks disrupting patient care, including delaying surgeries, treatments, or emergency services—potentially leading to life-threatening consequences. The ransomware’s ability to compromise virtual environments increases the likelihood of system-wide outages, data exfiltration of sensitive patient records, and financial extortion demands. Previous LockBit attacks on healthcare have resulted in prolonged downtime, compromised medical data, and operational paralysis, forcing some facilities to divert patients or halt critical services.The resurfacing of LockBit after prior law enforcement disruptions underscores its persistence, with affiliates now equipped with more sophisticated tools to evade detection. Hospitals are urged to reinforce defenses, patch vulnerabilities, and ensure backup systems are isolated to mitigate the risk of a catastrophic breach. Failure to contain such an attack could lead to regulatory penalties, loss of public trust, and irreversible harm to patient safety.
INCIDENT DETAILS -
TYPE
ransomwaremalware
MOTIVATION
financial gaindisruption of operations
IMPACT
Windows systemsLinux systemsVMware ESXi environmentspotential disruption of healthcare servicesincreased difficulty in detection and analysis for security teamspotential reputational damage to affected healthcare organizations
DATA BREACH
potential encryption of data in targeted systems
SEPTEMBER 2025
708Before Incident
Ransomware
22 Sep 2025AHA
American Hospital Association (AHA)

Healthcare Security Summit: New York – Data Trust and Cybersecurity Challenges in Healthcare

594After Incident
CRITICAL-114
AME3303033092325
The American Hospital Association (AHA) faced severe cybersecurity threats highlighted at the Healthcare Security Summit: New York, where ransomware, AI-driven deepfakes, and third-party breaches were identified as critical risks to patient care and operational continuity. The summit revealed that healthcare systems under AHA’s purview are vulnerable to cascading failures, including supply chain disruptions, extended outages, and direct threats to patient safety due to compromised medical devices and cloud systems. Experts warned that ransomware attacks could paralyze hospital operations, leading to delayed treatments, financial losses, and erosion of public trust. Additionally, AI-powered identity fraud (e.g., deepfakes, synthetic profiles) threatens to expose protected health information (PHI), while regulatory pressures (e.g., HIPAA reforms, state mandates) demand immediate compliance upgrades. The FDA’s warnings on medical device vulnerabilities further underscore risks where late-discovered flaws could endanger lives. With budget cuts straining IT defenses, AHA-affiliated hospitals face an uphill battle in mitigating enterprise-wide cyber risks that now extend beyond IT to core healthcare delivery.
INCIDENT DETAILS -
TYPE
Cybersecurity SummitRegulatory DiscussionThreat Landscape AnalysisOperational Resilience Planning
IMPACT
Increased focus on continuity planning due to cascading failures and supply chain disruptionsHeightened awareness of vulnerabilities in medical devices, cloud services, and third-party vendorsEmphasis on integrating cybersecurity with patient care to build trustPotential erosion of patient trust if providers fail to safeguard Protected Health Information (PHI)Reputation risks tied to compliance failures under evolving HIPAA and state mandatesLooming reforms to HIPAA's security rule and enforcement actionsState-level mandates reshaping compliance requirementsAI-driven deepfakes and synthetic profiles increasing identity fraud risksCredential compromise threats in healthcare ecosystems
DATA BREACH
Protected Health Information (PHI)Patient identities (biometric/credential data)PHIBiometric data (proposed for verification)
AUGUST 2025
707Before Incident
OCTOBER 2020
681Before Incident
Ransomware
29 Oct 2020AHA
U.S. Hospital, U.S. Hospital, U.S. Hospital and U.S. Hospital: Hospitals being hit in coordinated, targeted ransomware attack from Russian-speaking criminals

Coordinated Ryuk Ransomware Attack Disrupts U.S. Hospitals Amid Pandemic

549After Incident
CRITICAL-132
AME1781270254
Coordinated Ryuk Ransomware Attack Disrupts U.S. Hospitals Amid Pandemic Over a 24-hour period starting Monday, six U.S. hospitals spanning from California to New York were struck by a targeted Ryuk ransomware attack. The malware, which encrypts critical data, forced affected facilities to halt noncritical surgeries and reroute patient care in some cases. Cybersecurity analysts warn the disruption could have life-threatening consequences, particularly as hospitals remain strained by the ongoing COVID-19 pandemic. The attack has been attributed to Russian-speaking cybercriminals, who launched the campaign in a coordinated effort. Ryuk ransomware, known for its high-impact extortion tactics, has increasingly been deployed against healthcare institutions, exploiting vulnerabilities in systems already under pressure. The timing and precision of the assault suggest a deliberate strategy to maximize disruption and financial gain. Authorities and security experts continue to assess the full scope of the incident.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain, disruption
IMPACT
Data Compromised: Critical data encryptedSystems Affected: Hospital systemsOperational Impact: Halted noncritical surgeries, rerouted patient care
DATA BREACH
Sensitivity Of Data: Critical patient dataData Encryption: Yes
JUNE 2020
771Before Incident
Ransomware
16 Jun 2020AHA
American Hospital Association

Ransomware Attacks on US Hospitals

673After Incident
CRITICAL-98
AME13231022
Hacking of US hospitals highlights deadly risk of ransomware. The number of ransomware attacks on US healthcare organizations increased 94% from 2021 to 2022, according to one report. The US government warned that hospitals across the US have been targeted by an aggressive ransomware campaign originating from North Korea since 2021. The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022. More than two-thirds of healthcare organizations in the US had experienced a ransomware attack in 2021 up from 34% in 2020. Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021. The current outlook is terrible ,the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks. Ransomware hacks have caused major healthcare disruptions, including delayed chemotherapy treatments and ambulances being diverted from a San Diego emergency room after computer systems were frozen. In 2021, 61% of healthcare organizations that suffered a ransomware attack paid the ransom. Attacks are typically carried out by private groups of criminals.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain, disruption of healthcare services
IMPACT
Hospital computer systemsDelayed chemotherapy treatmentsAmbulances being diverted

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for AHA ?
?
What was AHA's A.I Rankiteo Cyber Score in June 2026 ?
?
What was AHA's A.I Rankiteo Cyber Score in May 2026 ?
?
What was AHA's A.I Rankiteo Cyber Score in April 2026 ?
?
What was AHA's A.I Rankiteo Cyber Score in March 2026 ?
?
What was AHA's A.I Rankiteo Cyber Score in February 2026 ?
?
What was AHA's A.I Rankiteo Cyber Score in January 2026 ?
?
What was AHA's A.I Rankiteo Cyber Score in December 2025 ?
?
What was AHA's A.I Rankiteo Cyber Score in November 2025 ?
?
What was AHA's A.I Rankiteo Cyber Score in October 2025 ?
?
What was AHA's A.I Rankiteo Cyber Score in September 2025 ?
?
What was AHA's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on AHA's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with AHA ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view AHA's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
American Hospital Association Cyber Scoring History | Rankiteo