BILH
Company Details
Linkedin ID:
beth-israel-lahey-health
Website:
Employees number:
28,316
Number of followers:
46,240
NAICS:
62
Industry Type:
Homepage:
https://www.bilh.org
IP Addresses:
0
Company ID:
BET_2540790
Scan Status:
In-progress
Beth Israel Lahey Health Company CyberSecurity Posture
https://www.bilh.org
Beth Israel Lahey Health is a new, integrated system providing patients with better care wherever they are. Care informed by world-class research and education. We are doctors and nurses, technicians and social workers, innovators and educators, and so many others. All with a shared vision for what health care can and should be.
Beth Israel Lahey Health A.I CyberSecurity Scoring
BILH Risk Score (AI oriented)Between 750 and 799
BILH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BILH Global Score (TPRM)XXXX
BILH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BILH Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Anna Jaques Hospital
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Anna Jaques Hospital, based in Vermont, experienced a cybersecurity incident on or around **December 25, 2023**, as reported by the Vermont Office of the Attorney General on **December 5, 2024**. The breach involved the potential compromise of **personal information**, specifically **names**, though the exact number of affected individuals remains undisclosed. While the full scope of the exposed data is unclear, the incident highlights vulnerabilities in the hospital’s digital infrastructure, raising concerns about patient privacy and the security of sensitive healthcare records.The attack underscores the growing threat to healthcare institutions, where cybercriminals often target patient data for financial gain or malicious exploitation. Given the nature of the compromised information—even if limited to names—there is a risk of further exploitation, such as phishing campaigns or identity fraud. The hospital has not yet confirmed whether additional details (e.g., medical records, financial data, or Social Security numbers) were exposed, but the incident warrants heightened scrutiny of cybersecurity protocols to prevent future breaches.As a healthcare provider, Anna Jaques Hospital’s breach could erode patient trust and trigger regulatory scrutiny, particularly under **HIPAA** (Health Insurance Portability and Accountability Act), which mandates strict protections for patient data. The financial and reputational repercussions may extend beyond immediate remediation costs, potentially affecting the hospital’s operations and community standing.
Anna Jaques Hospital
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The health record system at Anna Jaques Hospital was taken down by a cyberattack; hospital authorities are not providing many details regarding the reason for the severe breakdown or whether it has been fixed. During the height of the crisis, employees at Anna Jaques Hospital were sending ambulances to other hospitals in the vicinity instead of accepting patients who were being delivered to the hospital's emergency room. Sean Reardon, the mayor of Newburyport, stated that hospital employees were rerouting ambulances to other locations due to a malfunctioning electronic health record system on Christmas. The union also made the odd decision to voice its worries about the current cyberattack in a memo to the Department of Public Health.
Beverly Hospital
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Beverly Hospital suffered a data leak after it lost a courier lab request forms for 54 patients that included names, health insurance identification numbers and, in some cases, Social Security numbers. The courier misplaced the forms, which were in a zippered bag along with other records.
BILH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BILH
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Beth Israel Lahey Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Beth Israel Lahey Health in 2025.
Incident Types BILH vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Beth Israel Lahey Health in 2025.
Incident History — BILH (X = Date, Y = Severity)
BILH cyber incidents detection timeline including parent company and subsidiaries
BILH Company Subsidiaries
Beth Israel Lahey Health is a new, integrated system providing patients with better care wherever they are. Care informed by world-class research and education. We are doctors and nurses, technicians and social workers, innovators and educators, and so many others. All with a shared vision for what health care can and should be.
Loading...
BILH Similar Companies
Amsterdam UMC
At Amsterdam UMC, more than 15,000 professionals strive to provide good and accessible care. For the generations of today and tomorrow. The two medical university centers in Amsterdam, AMC and VUmc, are working together towards a future in which we prevent illnesses and make the best treatment avail
NewYork-Presbyterian Hospital
At NewYork-Presbyterian, we put patients first. It’s the kind of work that requires an unwavering commitment to excellence and a steady spirit of professionalism. And it’s a unique opportunity for you to collaborate with some of the brightest minds in health care, while building on our success as on
Sevita
Homes and communities are where people thrive. We’ve held this belief since our founding in 1967 and have worked to make it reality for the thousands of individuals we serve. We continue that work today and are using innovation, technology, and collaboration across our organization to do more for mo
EsSalud
El Seguro Social de Salud, EsSalud, es un organismo público descentralizado, con personería jurídica de derecho público interno, adscrito al Sector Trabajo y Promoción Social. Tiene por finalidad dar cobertura a los asegurados y sus derechohabientes, a través del otorgamiento de prestaciones de pre
UCHealth
At UCHealth, we do things differently. We strive to promote individual and community health and leave no question unanswered along the way. We’re driven to improve and optimize health care. Our network of nationally-recognized hospitals, clinic locations and health care providers extends throughout
Indiana University Health
Indiana University Health is Indiana’s largest and most comprehensive system. A unique partnership with the Indiana University School of Medicine—one of the nation’s largest medical schools—gives patients access to groundbreaking research and innovative treatments, and it offers team members acces
Baptist Health
Baptist Health South Florida is the largest healthcare organization in the region, with 12 hospitals, more than 28,000 employees, 4,500 physicians and 200 outpatient centers, urgent care facilities and physician practices spanning Miami-Dade, Monroe, Broward and Palm Beach counties. Baptist Health S
VCU Health
We are a strong, passionate team of more than 12,500 who take pride in caring for every person who comes through our doors. We lift each other up so we can provide the very best and safest care to those who need us most. Together. Every day. With the support of our university, we make up an acade
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
.png)
BILH CyberSecurity News
August 04, 2025 07:00 AM
Beth Israel Lahey Health borrows for a new cancer center
The health network hopes its new partnership with the Dana-Farber Cancer Institute will generate enough revenue to make $1 billion of...
March 24, 2025 07:00 AM
Beth Israel performs its first robot-assisted live liver transplant
Doctors at Beth Israel Deaconess Medical Center said its surgeons have begun conducting robot-assisted liver transplants, a capability that...
January 03, 2025 08:00 AM
New Data Breach Suit Hits Health System in Wave of Class Actions
A Massachusetts-based health-care system's failure to protect patients' sensitive information led to a December 2023 data breach that...
December 09, 2024 08:00 AM
Anna Jacques Hospital Notifies 316K Patients About December 2023 Ransomware Attack
Beth Israel Lahey Health's Anna Jaques Hospital in Newburyport, Massachusetts, has recently notified regulators and patients about a...
December 09, 2024 08:00 AM
Security breach at Mass. hospital may have exposed data of hundreds of thousands of patients
A security breach at a Massachusetts hospital may have exposed the data of hundreds of thousands of patients, officials warned.
December 06, 2024 08:00 AM
Stronger Cybersecurity in Healthcare Starts with Smart Policy
Leaders across healthcare, technology, and policy circles agree that cybersecurity isn't just a technical necessity — it's foundational to...
August 10, 2024 07:00 AM
HIPAA Violation Cases - Updated 2024
Five Cadia Healthcare rehabilitation, skilled nursing, and long-term care facilities in Delaware were found to have used the photographs,...
July 19, 2024 07:00 AM
Worldwide tech issue hit Boston's hospitals and transportation
Boston area hospitals, the MBTA and operations at Logan Airport were affected Friday by a worldwide tech outage caused by software distributed by cybersecurity...
January 22, 2024 08:00 AM
Massachusetts hospital claimed to be targeted by Money Message ransomware
Massachusetts-based Anna Jaques Hospital was admitted to be compromised by the Money Message ransomware gang in a Christmas Day attack,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BILH CyberSecurity History Information
Official Website of Beth Israel Lahey Health
The official website of Beth Israel Lahey Health is https://www.bilh.org.
Beth Israel Lahey Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Beth Israel Lahey Health’s AI-generated cybersecurity score is 784, reflecting their Fair security posture.
How many security badges does Beth Israel Lahey Health’ have ?
According to Rankiteo, Beth Israel Lahey Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Beth Israel Lahey Health have SOC 2 Type 1 certification ?
According to Rankiteo, Beth Israel Lahey Health is not certified under SOC 2 Type 1.
Does Beth Israel Lahey Health have SOC 2 Type 2 certification ?
According to Rankiteo, Beth Israel Lahey Health does not hold a SOC 2 Type 2 certification.
Does Beth Israel Lahey Health comply with GDPR ?
According to Rankiteo, Beth Israel Lahey Health is not listed as GDPR compliant.
Does Beth Israel Lahey Health have PCI DSS certification ?
According to Rankiteo, Beth Israel Lahey Health does not currently maintain PCI DSS compliance.
Does Beth Israel Lahey Health comply with HIPAA ?
According to Rankiteo, Beth Israel Lahey Health is not compliant with HIPAA regulations.
Does Beth Israel Lahey Health have ISO 27001 certification ?
According to Rankiteo,Beth Israel Lahey Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Beth Israel Lahey Health
Beth Israel Lahey Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Beth Israel Lahey Health
Beth Israel Lahey Health employs approximately 28,316 people worldwide.
Subsidiaries Owned by Beth Israel Lahey Health
Beth Israel Lahey Health presently has no subsidiaries across any sectors.
Beth Israel Lahey Health’s LinkedIn Followers
Beth Israel Lahey Health’s official LinkedIn profile has approximately 46,240 followers.
NAICS Classification of Beth Israel Lahey Health
Beth Israel Lahey Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Beth Israel Lahey Health’s Presence on Crunchbase
No, Beth Israel Lahey Health does not have a profile on Crunchbase.
Beth Israel Lahey Health’s Presence on LinkedIn
Yes, Beth Israel Lahey Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/beth-israel-lahey-health.
Cybersecurity Incidents Involving Beth Israel Lahey Health
As of November 27, 2025, Rankiteo reports that Beth Israel Lahey Health has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Beth Israel Lahey Health has an estimated 29,962 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Beth Israel Lahey Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Beverly Hospital Data Leak
Description: Beverly Hospital suffered a data leak after it lost a courier lab request forms for 54 patients that included names, health insurance identification numbers and, in some cases, Social Security numbers. The courier misplaced the forms, which were in a zippered bag along with other records.
Type: Data Leak
Attack Vector: Physical Theft
Threat Actor: Courier
Title: Cyberattack on Anna Jaques Hospital
Description: The health record system at Anna Jaques Hospital was taken down by a cyberattack; hospital authorities are not providing many details regarding the reason for the severe breakdown or whether it has been fixed. During the height of the crisis, employees at Anna Jaques Hospital were sending ambulances to other hospitals in the vicinity instead of accepting patients who were being delivered to the hospital's emergency room. Sean Reardon, the mayor of Newburyport, stated that hospital employees were rerouting ambulances to other locations due to a malfunctioning electronic health record system on Christmas. The union also made the odd decision to voice its worries about the current cyberattack in a memo to the Department of Public Health.
Date Detected: 2023-12-25
Type: Cyberattack
Title: Anna Jaques Hospital Cybersecurity Incident
Description: The Vermont Office of the Attorney General reported that Anna Jaques Hospital experienced a cybersecurity incident on or about December 25, 2023. The incident potentially affected personal information including names, although specifics about the number of individuals affected remain unknown.
Date Detected: 2023-12-25
Date Publicly Disclosed: 2024-12-05
Type: Cyber Attack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak BEV013221222
Data Compromised: Names, Health insurance identification numbers, Social security numbers
Incident : Cyberattack ANN05022124
Systems Affected: Electronic health record system
Operational Impact: Ambulances rerouted to other hospitalsPatients not accepted in the emergency room
Incident : Cyber Attack ANN551091725
Data Compromised: Names
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Health Insurance Identification Numbers, Social Security Numbers, , Personal Information (Names) and .
Which entities were affected by each incident ?
Incident : Data Leak BEV013221222
Entity Name: Beverly Hospital
Entity Type: Hospital
Industry: Healthcare
Customers Affected: 54 patients
Incident : Cyberattack ANN05022124
Entity Name: Anna Jaques Hospital
Entity Type: Healthcare
Industry: Healthcare
Location: Newburyport
Incident : Cyber Attack ANN551091725
Entity Name: Anna Jaques Hospital
Entity Type: Hospital
Industry: Healthcare
Location: Vermont, USA
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak BEV013221222
Type of Data Compromised: Names, Health insurance identification numbers, Social security numbers
Number of Records Exposed: 54
Sensitivity of Data: High
Personally Identifiable Information: NamesHealth insurance identification numbersSocial Security numbers
Incident : Cyber Attack ANN551091725
Type of Data Compromised: Personal information (names)
Personally Identifiable Information: names
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Cyber Attack ANN551091725
Regulatory Notifications: Vermont Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Cyber Attack ANN551091725
Source: Vermont Office of the Attorney General
Date Accessed: 2024-12-05
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-12-05.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Courier.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-12-25.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-12-05.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Health insurance identification numbers, Social Security numbers, , names and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Electronic health record system.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Social Security numbers, names and Health insurance identification numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 54.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=beth-israel-lahey-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
