AHF
Company Details
Linkedin ID:
aultman-health
Website:
Employees number:
3,212
Number of followers:
11,915
NAICS:
62
Industry Type:
Homepage:
aultman.org
IP Addresses:
0
Company ID:
AUL_7098821
Scan Status:
In-progress
Aultman Health Foundation Company CyberSecurity Posture
aultman.org
Serving Stark and surrounding counties since 1892, Aultman Health System is committed to our patients, employees, the community and medical education. Aultman offers high-quality health care services, and we continuously reinvest to improve our facilities and technology. We provide educational and career opportunities through area schools and improve the health of our community through The Aultman Foundation. We offer health and wellness education for our community. We have hundreds of dedicated volunteers who help us positively impact the community. With 1,032 beds, over 700 active physicians and a team of more than 7,000 employees, Aultman is Stark County's largest provider of health care services.
Aultman Health Foundation A.I CyberSecurity Scoring
AHF Risk Score (AI oriented)Between 700 and 749
AHF
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AHF Global Score (TPRM)XXXX
AHF
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AHF Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Cerner CorporationCerner Corporation and Aultman Health System: Aultman Health System notifies patients of medical data breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: **Aultman Health System Reports Third-Party Data Breach Impacting Patient Records** Aultman Health System, based in Canton, Ohio, has begun notifying patients of a data breach involving a third-party IT provider, Cerner Corporation, which may have exposed sensitive personal and medical information. The incident, detected in late February, stemmed from unauthorized access to a Cerner system used for electronic medical records, though Aultman confirmed its own systems remained unaffected. According to a patient notification letter, Cerner’s investigation—conducted with external cybersecurity experts and law enforcement—revealed that the breach occurred as early as January 22. The unauthorized party accessed and copied data, which may have included names, Social Security numbers, medical record details, diagnoses, treatment histories, test results, and physician information. At law enforcement’s request, Cerner and Aultman delayed public notification to avoid interfering with the investigation. As a remedial measure, Cerner is offering affected individuals two years of free credit monitoring and identity protection services through Experian, along with internet surveillance monitoring. Patients seeking further details can contact a dedicated hotline at 833-918-1127, using engagement number B156918.
AHF Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AHF
Incidents vs Hospitals and Health Care Industry Average (This Year)
Aultman Health Foundation has 17.65% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Aultman Health Foundation has 26.58% more incidents than the average of all companies with at least one recorded incident.
Incident Types AHF vs Hospitals and Health Care Industry Avg (This Year)
Aultman Health Foundation reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — AHF (X = Date, Y = Severity)
AHF cyber incidents detection timeline including parent company and subsidiaries
AHF Company Subsidiaries
Serving Stark and surrounding counties since 1892, Aultman Health System is committed to our patients, employees, the community and medical education. Aultman offers high-quality health care services, and we continuously reinvest to improve our facilities and technology. We provide educational and career opportunities through area schools and improve the health of our community through The Aultman Foundation. We offer health and wellness education for our community. We have hundreds of dedicated volunteers who help us positively impact the community. With 1,032 beds, over 700 active physicians and a team of more than 7,000 employees, Aultman is Stark County's largest provider of health care services.
Loading...
AHF Similar Companies
Health Service Executive
Our purpose is to provide safe, high quality health and personal social services to the population of Ireland. Our vision is a healthier Ireland with a high quality health service valued by all. Our Workforce The health service is the largest employer in the state with over 110,000 whole time equ
EsSalud
El Seguro Social de Salud, EsSalud, es un organismo público descentralizado, con personería jurídica de derecho público interno, adscrito al Sector Trabajo y Promoción Social. Tiene por finalidad dar cobertura a los asegurados y sus derechohabientes, a través del otorgamiento de prestaciones de pre
Sutter Health is a not-for-profit, people-centered healthcare system providing comprehensive care throughout California. Sutter Health is committed to innovative, high-quality patient care and community partnerships, and innovative, high-quality patient care. Today, Sutter Health is pursuing a bold
Sunrise Senior Living
Beginning with a single community in 1981, Sunrise Senior Living has grown to more than 270 communities throughout the U.S. and Canada. Each of our communities continues the mission laid out by founders Paul and Terry Klaassen more than 40 years ago: to champion quality of life for all seniors. Jo
Nationwide Children's Hospital
Nationwide Children’s is one of America's largest pediatric hospitals, an international leader in research and is ranked in all 10 specialties on U.S. News & World Report’s 2025-26 “America’s Best Children’s Hospitals” list. Our staff, comprised of 1,600 medical professionals and over 16,000 employe
About Aveanna It all started with a simple idea: How can we help people live better lives by providing better homecare? That idea became a company called Aveanna, dedicated to bringing new possibilities and new hope to those we serve. At Aveanna, we believe that the ultimate place for caring is rig
Rochester Regional Health
Rochester Regional Health, headquartered in Rochester, NY, is an integrated health services organization serving the people of Western New York, the Finger Lakes, St. Lawrence County, and beyond. We are dedicated to helping our community stay healthy and live fulfilling lives. Together, we find the
Lehigh Valley Health Network
Lehigh Valley Health Network (LVHN) is proudly part of Jefferson Health, forming a leading integrated academic health care delivery system. With 65,000 colleagues, 32 hospitals and over 700 sites of care across the Lehigh Valley, northeastern Pennsylvania, Delaware Valley and southern New Jersey. L
Corewell Health
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,0
.png)
AHF CyberSecurity News
November 11, 2025 08:00 AM
Aultman Health System recognized for digital health excellence
Hospital system achieves Level 8 status in CHIME's 2025 Digital Health Most Wired Survey, highlighting leadership in patient care,...
July 20, 2021 07:00 AM
More than decade long snooping of patient records finally brought to light
The Aultman Health Foundation (Aultman), an Ohio-based health system with more than 7000 employees, announced that the patient records of...
May 19, 2018 12:39 AM
The biggest healthcare data breaches of 2018 (so far)
Healthcare continued to be a lucrative target for hackers in 2017 with weaponized ransomware, misconfigured cloud storage buckets and phishing emails...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AHF CyberSecurity History Information
Official Website of Aultman Health Foundation
The official website of Aultman Health Foundation is http://aultman.org/careers.
Aultman Health Foundation’s AI-Generated Cybersecurity Score
According to Rankiteo, Aultman Health Foundation’s AI-generated cybersecurity score is 719, reflecting their Moderate security posture.
How many security badges does Aultman Health Foundation’ have ?
According to Rankiteo, Aultman Health Foundation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Aultman Health Foundation have SOC 2 Type 1 certification ?
According to Rankiteo, Aultman Health Foundation is not certified under SOC 2 Type 1.
Does Aultman Health Foundation have SOC 2 Type 2 certification ?
According to Rankiteo, Aultman Health Foundation does not hold a SOC 2 Type 2 certification.
Does Aultman Health Foundation comply with GDPR ?
According to Rankiteo, Aultman Health Foundation is not listed as GDPR compliant.
Does Aultman Health Foundation have PCI DSS certification ?
According to Rankiteo, Aultman Health Foundation does not currently maintain PCI DSS compliance.
Does Aultman Health Foundation comply with HIPAA ?
According to Rankiteo, Aultman Health Foundation is not compliant with HIPAA regulations.
Does Aultman Health Foundation have ISO 27001 certification ?
According to Rankiteo,Aultman Health Foundation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Aultman Health Foundation
Aultman Health Foundation operates primarily in the Hospitals and Health Care industry.
Number of Employees at Aultman Health Foundation
Aultman Health Foundation employs approximately 3,212 people worldwide.
Subsidiaries Owned by Aultman Health Foundation
Aultman Health Foundation presently has no subsidiaries across any sectors.
Aultman Health Foundation’s LinkedIn Followers
Aultman Health Foundation’s official LinkedIn profile has approximately 11,915 followers.
NAICS Classification of Aultman Health Foundation
Aultman Health Foundation is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Aultman Health Foundation’s Presence on Crunchbase
No, Aultman Health Foundation does not have a profile on Crunchbase.
Aultman Health Foundation’s Presence on LinkedIn
Yes, Aultman Health Foundation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/aultman-health.
Cybersecurity Incidents Involving Aultman Health Foundation
As of December 30, 2025, Rankiteo reports that Aultman Health Foundation has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Aultman Health Foundation has an estimated 31,378 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Aultman Health Foundation ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Aultman Health Foundation detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with external cybersecurity specialists, and law enforcement notified with yes, and communication strategy with delayed notification to patients as directed by law enforcement; individual notification letters with engagement numbers..
Incident Details
Can you provide details on each incident ?
Title: Aultman Health System Medical Data Breach
Description: Aultman Health System notifies patients of a third-party data breach that may have compromised personal information such as names, Social Security numbers, and certain medical records. The breach occurred at Cerner Corporation, an IT provider for electronic medical record services.
Date Detected: 2024-02-29
Type: Data Breach
Attack Vector: Unauthorized third-party access
Threat Actor: Unauthorized third party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CERAUL1766771763
Data Compromised: Names, Social Security numbers, medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment
Systems Affected: Cerner Corporation system (third-party IT provider)
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Identifiable Information (Pii), Protected Health Information (Phi) and .
Which entities were affected by each incident ?
Incident : Data Breach CERAUL1766771763
Entity Name: Aultman Health System
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Canton, Ohio, USA
Customers Affected: Patients of Aultman Health System
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CERAUL1766771763
Incident Response Plan Activated: Yes
Third Party Assistance: External cybersecurity specialists
Law Enforcement Notified: Yes
Communication Strategy: Delayed notification to patients as directed by law enforcement; individual notification letters with engagement numbers
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through External cybersecurity specialists.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CERAUL1766771763
Type of Data Compromised: Personal identifiable information (pii), Protected health information (phi)
Sensitivity of Data: High
Data Exfiltration: Yes (copied to an external location)
Personally Identifiable Information: Names, Social Security numbers, medical record numbers
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach CERAUL1766771763
Regulations Violated: HIPAA,
References
Where can I find more information about each incident ?
Incident : Data Breach CERAUL1766771763
Source: Aultman Health System Notification Letter
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Aultman Health System Notification Letter.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach CERAUL1766771763
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Delayed notification to patients as directed by law enforcement; individual notification letters with engagement numbers.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach CERAUL1766771763
Stakeholder Advisories: Law enforcement directed delayed notification to avoid impeding the probe
Customer Advisories: Free identity protection services and credit monitoring through Experian for two years; Internet Surveillance monitoring services
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Law enforcement directed delayed notification to avoid impeding the probe and Free identity protection services and credit monitoring through Experian for two years; Internet Surveillance monitoring services.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External cybersecurity specialists.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-02-29.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, medical record numbers, doctors, diagnoses, medicines, test results, images and care and treatment.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was External cybersecurity specialists.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Social Security numbers, medical record numbers, doctors, diagnoses, medicines, test results, images and care and treatment.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Aultman Health System Notification Letter.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Law enforcement directed delayed notification to avoid impeding the probe, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Free identity protection services and credit monitoring through Experian for two years; Internet Surveillance monitoring services.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0
- https://github.com/floooh/sokol/issues/1405
- https://github.com/floooh/sokol/issues/1406#issuecomment-3649548096
- https://github.com/oneafter/1212/blob/main/hbf1
- https://vuldb.com/?ctiid.338533
- https://vuldb.com/?id.338533
- https://vuldb.com/?submit.719823
Description
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=aultman-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
