Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
CarePay International

CarePay International Vendor Cyber Rating & Cyber Score

carepay.com

With a mission to provide healthcare access to more people worldwide, CarePay addresses the fundamental data access and data quality challenges faced by health insurers and their insured members. In an era where AI is disrupting industries, access to high-quality data is essential. CarePay addresses these challenges by offering a health insurance platform that connects members, payers, and healthcare providers in real-time, managing claim payments and personalized information flows efficiently. The technology prepares the healthcare sector for an AI-driven future by ensuring transparent, high-quality data insights, intrinsically designed to protect the privacy of its clients and to meet stringent standards such as GDPR. Want to learn


CarePay International A.I CyberSecurity Scoring

CarePay International
Company Information
Website:https://www.carepay.com/
Employees number:134
Number of followers:5,205
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:carepay.com
CarePay International Risk Score (AI oriented)
Between 650 and 699
logo
CarePay InternationalTechnology, Information and Internet
Updated:
01/04/2026
685/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CarePay International Global Score (TPRM)
xxxx
logo
CarePay InternationalTechnology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CarePay International
CarePay InternationalWeak
Current Score
685B (WEAK)
01000
2 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
689Before Incident
JUNE 2026
689Before Incident
MAY 2026
687Before Incident
APRIL 2026
686Before Incident
MARCH 2026
684Before Incident
FEBRUARY 2026
683Before Incident
JANUARY 2026
682Before Incident
DECEMBER 2025
681Before Incident
NOVEMBER 2025
679Before Incident
OCTOBER 2025
678Before Incident
SEPTEMBER 2025
676Before Incident
AUGUST 2025
675Before Incident
MAY 2025
739Before Incident
Breach
01 May 2025CarePay International
M-Tiba, Mediclinic Southern Africa and Lancet Laboratories: Healthcare Under Attack? Why is Cybersecurity Now Critical?

Cyberattacks on Africa’s Healthcare Sector Escalate, Disrupting Critical Services and Endangering Patients

668After Incident
CRITICAL-71
MEDLANCAR1773312928
Cyberattacks on Africa’s Healthcare Sector Escalate, Disrupting Critical Services and Endangering Patients Africa’s healthcare systems are under siege as cybercriminals exploit rapid digitization to target hospitals, laboratories, and clinics, crippling operations and exposing sensitive patient data. With attacks surging by 38% in 2025 averaging 3,575 weekly incidents healthcare providers face ransomware, data breaches, and regulatory penalties, often with life-threatening consequences. Recent Attacks Highlight Vulnerabilities In May 2025, Mediclinic Southern Africa suffered a cyber extortion attack, compromising HR data. Later that year, Lancet Laboratories was penalized under South Africa’s POPIA law for failing to notify patients of a breach, while a ransomware strike on the National Health Laboratory Service disrupted blood test processing nationwide, delaying care for millions. Other incidents included a data breach at Kenya’s M-Tiba platform (managed by CarePay and backed by Safaricom) and an alleged leak of customer data from Morocco’s Pharmacie.ma. Nigeria’s private healthcare sector has emerged as a top target, with attacks accelerating at an alarming rate. Why Healthcare Is a Prime Target Legacy systems, underfunded IT teams, and fragmented infrastructure make African healthcare an easy mark. Many institutions rely on open-source AI tools for diagnostics, which often lack enterprise-grade security, while unencrypted patient records stored across disparate systems amplify breach risks. Cybercriminals exploit hospitals’ zero-tolerance for downtime, knowing they are more likely to pay ransoms. Even then, recovery is uncertain: insurers report that in 40% of ransom payments, data or operations remain inaccessible. Medical records are particularly lucrative, fetching up to $310 per record on the dark web 10 times the value of financial data due to their permanence and utility for identity theft, insurance fraud, and scams. Mitigation Efforts and Challenges Experts emphasize integrating cybersecurity into resilience planning, alongside physical safeguards like power backups. Key measures include: - AI-driven threat detection to counter increasingly sophisticated attacks, including AI-powered phishing (4.5x more effective than traditional methods). - Phishing-resistant multifactor authentication (MFA) and conditional access to combat credential abuse, a common attack vector. - Regular audits of third-party integrations, particularly AI and cloud services, to close security gaps. - Staff training to recognize phishing and enforce role-based access controls. Despite these steps, underreporting remains rampant, obscuring the full scale of the crisis. As WHO Director-General Tedros Adhanom Ghebreyesus warned, cyberattacks on healthcare “undermine trust in health systems” and, at worst, “cause patient harm and death.” With digital transformation accelerating, securing Africa’s healthcare infrastructure is no longer an IT concern it’s a matter of patient safety.
INCIDENT DETAILS -
TYPE
ransomwaredata breachcyber extortion
MOTIVATION
financial gaindata theft for dark web salesextortion
IMPACT
Data Compromised: sensitive patient data, HR data, medical records, customer datahospitalslaboratoriesclinicsdiagnostic platformshealthcare payment platformsDowntime: disrupted blood test processing, delayed care for millionsOperational Impact: crippled operations, delayed patient care, disrupted critical servicesBrand Reputation Impact: undermined trust in health systemsregulatory penalties under POPIA lawIdentity Theft Risk: high (medical records sold on dark web for identity theft and insurance fraud)
DATA BREACH
patient recordsHR datacustomer datamedical recordsSensitivity Of Data: high (medical records, personally identifiable information)Data Exfiltration: data sold on dark webData Encryption: lack of encryption in many casesPersonally Identifiable Information: yes
JUNE 2019
767Before Incident
Breach
16 Jun 2019CarePay International
M-Tiba (CarePay)

M-Tiba Data Breach: Alleged Theft of 17 Million Medical and Personal Records

645After Incident
CRITICAL-122
CAR4532345102825
Hackers under the group Kazu claim to have breached M-Tiba, a Safaricom-backed digital health wallet operated by CarePay, stealing 17 million files (2.15TB) of sensitive data. The leaked sample (2GB) includes patients’ names, national ID numbers, dates of birth, phone contacts, medical diagnoses, billing records, and treatment details from 114,000 users (potentially affecting 4.8 million people). The breach also exposed data from 700+ health facilities, including doctor notes, insurance details, and handwritten medical records.The incident, if confirmed, would be one of Kenya’s largest medical data breaches, violating the Data Protection Act (2019), which mandates strict safeguards for health records. M-Tiba neither confirmed nor denied the breach but requested leaked files for investigation. The Office of the Data Protection Commissioner (ODPC) acknowledged the case but declined further comment.Given M-Tiba’s role in health payments, insurance claims, and government subsidies, the breach risks identity theft, financial fraud, and reputational damage to patients, clinics, and insurers. Kenya’s rising cyber threats—including phishing, ransomware, and public-sector attacks—highlight systemic vulnerabilities in digital health infrastructure.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized Access
IMPACT
Patient namesNational ID numbersDates of birthPhone contactsMedical diagnosesBilling informationDoctor namesInsurance company detailsTreatment costsHandwritten medical notesHealth facility recordsM-Tiba serversHealth facility databasesBrand Reputation Impact: High (potential loss of trust in digital health services)Legal Liabilities: Potential violations of Kenya’s Data Protection Act (2019)Identity Theft Risk: High (exposure of national IDs, personal, and medical data)Payment Information Risk: Moderate (billing information exposed)
DATA BREACH
Personal Identifiable Information (PII)Protected Health Information (PHI)Financial/Billing DataOperational Health Facility DataNumber Of Records Exposed: 17 million files (claimed); 114,000 users (confirmed in sample)Sensitivity Of Data: High (health records classified as sensitive under Kenya’s Data Protection Act)Data Exfiltration: Confirmed (2GB sample shared on Telegram; 2.15 TB claimed stolen)Patient claim formsBilling invoicesDiagnostic summariesHandwritten medical notesInsurance recordsNamesNational ID numbersDates of birthPhone numbersMedical diagnoses

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CarePay International ?
?
What was CarePay International's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CarePay International's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CarePay International's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CarePay International ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CarePay International's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
CarePay International Cyber Scoring History | Rankiteo