BHS
Company Details
Linkedin ID:
brightspringhealth
Website:
Employees number:
11,701
Number of followers:
32,602
NAICS:
62
Industry Type:
Homepage:
brightspringhealth.com
IP Addresses:
0
Company ID:
BRI_2081618
Scan Status:
In-progress
BrightSpring Health Services Company CyberSecurity Posture
brightspringhealth.com
BrightSpring is the parent company of a family of services and brands that provides clinical, nonclinical, pharmacy and ancillary care services for people of all ages, health and skill levels across home and community settings. The company is a leading provider of diversified home and community-based health and pharmacy services to medically complex and high-need populations. Its primary businesses include: behavioral health (including autism services), home health care (including personal care, home health, and hospice), neuro therapy, and job placement and vocational training, supported by pharmacy and telecare ancillary technologies and services. These businesses employ over 37,000 dedicated full-time equivalent team members in 50 states and provide services for over 350,000 people every day. BrightSpring is focused on providing quality outcomes and solutions through best-in-class services and investments in people, process and technology innovation, including the development of its Connected Home model of care. Founded and headquartered in Louisville, Kentucky, the company has been making a difference in communities since 1974 – helping people live their best life.
BrightSpring Health Services A.I CyberSecurity Scoring
BHS Risk Score (AI oriented)Between 700 and 749
BHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BHS Global Score (TPRM)XXXX
BHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BHS Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
BrightSpring Health Services, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving BrightSpring Health Services, Inc. on August 11, 2023. The breach occurred between March 12 and March 13, 2023, potentially exposing names and Social Security numbers of affected individuals, among other personal information. The exact number of individuals affected is unknown.
BrightSpring Healthcare Services, Inc.
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Maine Office of the Attorney General reported that BrightSpring Health Services experienced an external system breach (hacking) from March 12 to 13, 2023. The breach potentially affected 535,203 individuals, with specific confirmed information including Social Security numbers. Written notifications were issued on August 11, 2023, and identity theft protection services were offered for 12 months through Kroll.
BHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for BrightSpring Health Services in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for BrightSpring Health Services in 2025.
Incident Types BHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for BrightSpring Health Services in 2025.
Incident History — BHS (X = Date, Y = Severity)
BHS cyber incidents detection timeline including parent company and subsidiaries
BHS Company Subsidiaries
BrightSpring is the parent company of a family of services and brands that provides clinical, nonclinical, pharmacy and ancillary care services for people of all ages, health and skill levels across home and community settings. The company is a leading provider of diversified home and community-based health and pharmacy services to medically complex and high-need populations. Its primary businesses include: behavioral health (including autism services), home health care (including personal care, home health, and hospice), neuro therapy, and job placement and vocational training, supported by pharmacy and telecare ancillary technologies and services. These businesses employ over 37,000 dedicated full-time equivalent team members in 50 states and provide services for over 350,000 people every day. BrightSpring is focused on providing quality outcomes and solutions through best-in-class services and investments in people, process and technology innovation, including the development of its Connected Home model of care. Founded and headquartered in Louisville, Kentucky, the company has been making a difference in communities since 1974 – helping people live their best life.
Loading...
BHS Similar Companies
Inova Health
Inova is Northern Virginia’s leading nonprofit healthcare provider, offering world-class clinical excellence to everyone in our communities with a warm, human touch. Our 22,000+ team members collaborate to achieve individual and group health goals in partnership with every one of the 2M+ individuals
Sunrise Senior Living
Beginning with a single community in 1981, Sunrise Senior Living has grown to more than 270 communities throughout the U.S. and Canada. Each of our communities continues the mission laid out by founders Paul and Terry Klaassen more than 40 years ago: to champion quality of life for all seniors. Jo
Guy's and St Thomas' NHS Foundation Trust
One of the largest Trusts in the UK, Guy’s and St Thomas’ NHS Foundation Trust comprises five of the UK’s best known hospitals – Guy’s, St Thomas’, Evelina London Children’s Hospital, Royal Brompton and Harefield – as well as community services in Lambeth and Southwark, all with a long history of hi
Relationships are the heart of our culture. They help us create a sense of family among our residents, associates and patients. Integrity is our soul. It guides us to be open in our communication with each other, and it enables us to make the right decisions for the people who have entrusted us with
Health Service Executive
Our purpose is to provide safe, high quality health and personal social services to the population of Ireland. Our vision is a healthier Ireland with a high quality health service valued by all. Our Workforce The health service is the largest employer in the state with over 110,000 whole time equ
Baylor Scott & White Health
With us by your side, there's no stopping you. It's why we're creating a new kind of healthcare at Baylor Scott & White. And we're just getting started. As the largest not-for-profit health system in the state of Texas, Baylor Scott & White promotes the health and well-being of every individual, fa
Henry Ford Health
*Job seekers: please be aware of fraudulent job postings and phishing scams via LinkedIn. Henry Ford Health only contacts applicants through our human resources department and via a corporate email address. Here are some tips to be aware of: http://ow.ly/Kc0o50EKory Serving communities across Mic
Allina Health
People at Allina Health have a career of making a difference in the lives of the millions of patients we see each year at our 90+ clinics, 12 hospitals and through a wide variety of specialty care services in Minnesota and western Wisconsin. We’re a not-for-profit organization committed to enrichin
Owens & Minor
Owens & Minor, Inc. (NYSE: OMI) is a Fortune 500 global healthcare solutions company providing essential products and services that support care from the hospital to the home. For over 100 years, Owens & Minor and its affiliated brands, Apria® , Byram®, and HALYARD*, have helped to make each day be
.png)
BHS CyberSecurity News
November 25, 2025 12:00 AM
BrightSpring Health Services, 10x Genomics, QuidelOrtho, Medpace, and Fortrea Shares Are Soaring, What You Need To Know
A number of stocks jumped in the afternoon session after reports revealed the Trump administration considered extending the Affordable Care...
November 15, 2025 08:00 AM
BrightSpring Health Services (BTSG): Gauging Valuation After Impressive Share Price Gains
BrightSpring Health Services (BTSG) stock has made waves lately as investors weigh the company's recent gains. With shares up 8% over the...
November 03, 2025 08:00 AM
What BrightSpring Health Services (BTSG)'s Strong Q3 Rebound and Raised Guidance Means For Shareholders
BrightSpring Health Services recently reported third quarter results showing revenues of US$3.33 billion and net income of US$55.84 million,...
November 03, 2025 08:00 AM
The 5 Most Interesting Analyst Questions From BrightSpring Health Services’s Q3 Earnings Call
BrightSpring Health Services' third quarter results were shaped by strength in its specialty pharmacy and infusion businesses, even as the...
October 28, 2025 07:00 AM
BrightSpring Health Services (NASDAQ:BTSG) Delivers Strong Q3 Numbers
Healthcare services provider BrightSpring Health Services (NASDAQ:BTSG) reported Q3 CY2025 results topping the market's revenue expectations...
October 28, 2025 07:00 AM
BrightSpring Health Services, Inc. Reports Third Quarter 2025 Financial Results and Increases Full Year 2025 Guidance
LOUISVILLE, Ky., Oct. 28, 2025 (GLOBE NEWSWIRE) -- BrightSpring Health Services, Inc. (“BrightSpring” or the “Company”) (NASDAQ: BTSG),...
October 26, 2025 07:00 AM
BrightSpring Health Services (BTSG) To Report Earnings Tomorrow: Here Is What To Expect
Healthcare services provider BrightSpring Health Services (NASDAQ:BTSG) will be reporting earnings this Tuesday afternoon.
October 20, 2025 07:00 AM
BrightSpring Health Services, Inc. (BTSG) Tops Q3 Earnings and Revenue Estimates
BrightSpring Health Services, Inc. (BTSG) delivered earnings and revenue surprises of +11.11% and +5.46%, respectively, for the quarter...
October 20, 2025 07:00 AM
BrightSpring Health Services, Inc. Reports Preliminary Third Quarter 2025 Financial Results and Increases Full Year 2025 Guidance
LOUISVILLE, Ky., Oct. 20, 2025 (GLOBE NEWSWIRE) -- BrightSpring Health Services, Inc. (“BrightSpring” or the “Company”) (NASDAQ: BTSG),...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BHS CyberSecurity History Information
Official Website of BrightSpring Health Services
The official website of BrightSpring Health Services is http://brightspringhealth.com.
BrightSpring Health Services’s AI-Generated Cybersecurity Score
According to Rankiteo, BrightSpring Health Services’s AI-generated cybersecurity score is 708, reflecting their Moderate security posture.
How many security badges does BrightSpring Health Services’ have ?
According to Rankiteo, BrightSpring Health Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does BrightSpring Health Services have SOC 2 Type 1 certification ?
According to Rankiteo, BrightSpring Health Services is not certified under SOC 2 Type 1.
Does BrightSpring Health Services have SOC 2 Type 2 certification ?
According to Rankiteo, BrightSpring Health Services does not hold a SOC 2 Type 2 certification.
Does BrightSpring Health Services comply with GDPR ?
According to Rankiteo, BrightSpring Health Services is not listed as GDPR compliant.
Does BrightSpring Health Services have PCI DSS certification ?
According to Rankiteo, BrightSpring Health Services does not currently maintain PCI DSS compliance.
Does BrightSpring Health Services comply with HIPAA ?
According to Rankiteo, BrightSpring Health Services is not compliant with HIPAA regulations.
Does BrightSpring Health Services have ISO 27001 certification ?
According to Rankiteo,BrightSpring Health Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of BrightSpring Health Services
BrightSpring Health Services operates primarily in the Hospitals and Health Care industry.
Number of Employees at BrightSpring Health Services
BrightSpring Health Services employs approximately 11,701 people worldwide.
Subsidiaries Owned by BrightSpring Health Services
BrightSpring Health Services presently has no subsidiaries across any sectors.
BrightSpring Health Services’s LinkedIn Followers
BrightSpring Health Services’s official LinkedIn profile has approximately 32,602 followers.
NAICS Classification of BrightSpring Health Services
BrightSpring Health Services is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
BrightSpring Health Services’s Presence on Crunchbase
No, BrightSpring Health Services does not have a profile on Crunchbase.
BrightSpring Health Services’s Presence on LinkedIn
Yes, BrightSpring Health Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/brightspringhealth.
Cybersecurity Incidents Involving BrightSpring Health Services
As of November 27, 2025, Rankiteo reports that BrightSpring Health Services has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
BrightSpring Health Services has an estimated 29,983 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at BrightSpring Health Services ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does BrightSpring Health Services detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with kroll, and communication strategy with written notifications issued on august 11, 2023..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at BrightSpring Health Services, Inc.
Description: The California Office of the Attorney General reported a data breach involving BrightSpring Health Services, Inc. on August 11, 2023. The breach occurred between March 12 and March 13, 2023, potentially exposing names and Social Security numbers of affected individuals, among other personal information. The exact number of individuals affected is unknown.
Date Detected: 2023-08-11
Date Publicly Disclosed: 2023-08-11
Type: Data Breach
Title: BrightSpring Health Services Data Breach
Description: The Maine Office of the Attorney General reported that BrightSpring Health Services experienced an external system breach (hacking) from March 12 to 13, 2023. The breach potentially affected 535,203 individuals, with specific confirmed information including Social Security numbers. Written notifications were issued on August 11, 2023, and identity theft protection services were offered for 12 months through Kroll.
Date Detected: 2023-03-12
Date Publicly Disclosed: 2023-08-11
Type: Data Breach
Attack Vector: Hacking
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI549072625
Data Compromised: Names, Social security numbers, Other personal information
Incident : Data Breach BRI1025072825
Data Compromised: Social security numbers
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Other Personal Information, and Social Security numbers.
Which entities were affected by each incident ?
Incident : Data Breach BRI549072625
Entity Name: BrightSpring Health Services, Inc.
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach BRI1025072825
Entity Name: BrightSpring Health Services
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 535203
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BRI1025072825
Third Party Assistance: Kroll.
Communication Strategy: Written notifications issued on August 11, 2023
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI549072625
Type of Data Compromised: Names, Social security numbers, Other personal information
Sensitivity of Data: High
Incident : Data Breach BRI1025072825
Type of Data Compromised: Social Security numbers
Number of Records Exposed: 535203
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
References
Where can I find more information about each incident ?
Incident : Data Breach BRI549072625
Source: California Office of the Attorney General
Date Accessed: 2023-08-11
Incident : Data Breach BRI1025072825
Source: Maine Office of the Attorney General
Date Accessed: 2023-08-11
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2023-08-11, and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-08-11.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Written notifications issued on August 11 and 2023.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-08-11.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-08-11.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, Other personal information, , Social Security numbers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was kroll, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Other personal information, Social Security numbers and Names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 738.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=brightspringhealth' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
