Cascadia Health Company CyberSecurity Posture
cascadiahealth.org
Cascadia looks at the whole person and believes that an integrated healthcare approach is the best way to serve our clients. Cascadia’s whole health care model empowers individuals as they work toward their goals to achieve recovery. From prevention to healthy lifestyle education to intensive treatment when needed, our services encompass a more systemic approach to health management for the adults, children, seniors, and families we serve. Clients can get primary care and behavioral health care needs through one team, at one location. By integrating services — mental health and addiction treatment, primary care, and housing — we can improve healthcare delivery to those who have chronic mental health challenges and help people live longer and healthier lives. Our Vision: We envision a community where everyone benefits from whole health care, experiences well-being, and has a self-directed, connected life. For more than 35 years, Cascadia has been the community health and housing safety net provider for Oregonians of all ages experiencing mental health and addiction challenges, trauma, poverty, and homelessness. Mission: Cascadia delivers whole health care – integrated mental health and addiction services, primary care, and housing – to promote hope and support the well-being of the communities we serve.
Company Details
cascadia-behavioral-healthcare
816
4,780
62133
cascadiahealth.org
0
CAS_2313311
In-progress
Cascadia Health Risk Score (AI oriented)Between 750 and 799
Cascadia Health Global Score (TPRM)XXXX
No incidents recorded for Cascadia Health in 2026.
No incidents recorded for Cascadia Health in 2026.
No incidents recorded for Cascadia Health in 2026.
Cascadia Health cyber incidents detection timeline including parent company and subsidiaries
Cascadia looks at the whole person and believes that an integrated healthcare approach is the best way to serve our clients. Cascadia’s whole health care model empowers individuals as they work toward their goals to achieve recovery. From prevention to healthy lifestyle education to intensive treatment when needed, our services encompass a more systemic approach to health management for the adults, children, seniors, and families we serve. Clients can get primary care and behavioral health care needs through one team, at one location. By integrating services — mental health and addiction treatment, primary care, and housing — we can improve healthcare delivery to those who have chronic mental health challenges and help people live longer and healthier lives. Our Vision: We envision a community where everyone benefits from whole health care, experiences well-being, and has a self-directed, connected life. For more than 35 years, Cascadia has been the community health and housing safety net provider for Oregonians of all ages experiencing mental health and addiction challenges, trauma, poverty, and homelessness. Mission: Cascadia delivers whole health care – integrated mental health and addiction services, primary care, and housing – to promote hope and support the well-being of the communities we serve.
The Cleveland Center for Eating Disorders is an outpatient treatment center that provides clinically proven treatment for children, teens and adults suffering from an eating disorder. Our treatment focuses on both the illness and the individual using behavioral therapies, such as Dialectical and Cog
We are a private mental health practice offering individual, family, couples, and group therapy for children (birth -12,) adolescents (13 –17), adults (18 - 65) and seniors (66+). Our therapy staff consists of over 30 experienced, licensed Clinical Social Workers, Professional Counselors, Psycholog
Since opening in 2002, Psychology Specialists has grown to offer a multitude of evaluations and therapies to patients of all ages. With offices located throughout Arizona, Illinois and Nevada, the practice includes more than 40 clinicians with extensive educational training and diverse areas of e
First Alliance Healthcare of Ohio is a hospital & health care company located in Cleveland, Lorain, and Toledo, Ohio. First Alliance Healthcare provides therapeutic services to clients in a variety of settings, including in-home/community based programs and outpatient mental health clinics. Our dail
Join our growing team to find meaning in your next career - the opportunity to make an impact in the lives of children and adults living with a mental illness, addiction or developmental disability. A chance to experience what it feels to be empowered and do the work you’re most passionate about.
Women In New Recovery (WINR) is the premier single-gender, holistic, drug and alcohol addiction treatment center in Arizona. For over 20 years, WINR has provided a safe and supportive environment specifically for women to attain long term sobriety. We treat adult women over the age of 18 who su
Kids In The Middle® (KITM) is a non-profit organization that empowers children, parents and families during and after divorce through counseling, education and support. KITM has been operating in the Greater St. Louis Metropolitan Area since its inception in 1977. Working in the field of counseling
Clarity Child Guidance Center exists to transform the lives of children and families. We are the only nonprofit treatment center in San Antonio and South Texas that specializes in children ages 3-17 who suffer from serious mental health problems. Our inpatient and outpatient programs include a range
Life Skills Village is the social rehabilitation and living skills development center for people with mental health needs. We focus on individualized care strategies to provide our clients with a path toward independence and a way back into the community. LSV approaches rehabilitation and mental he
.png)
National dialysis company targeted in April; Mt. Baker Imaging remains silent on leaked patient data.
Attorneys are targeting Northwest Radiologists and the related Mount Baker Imaging, who allegedly failed to protect patient info before a...
Class action lawsuit targets medical company's 'negligence and inadequate' security measures.
The Swinomish Indian Tribal Community is among more than 30 nations to receive a cybersecurity grant from the Department of Homeland Security.
As regulatory, operational and legal risks abound for nursing home operators, strong relationships with commercial insurance carriers and...
Whatcom County is a national hotbed for cybersecurity — even if many in the region who are outside of the specialized profession don't know...
The skilled nursing sector has faced an escalating threat from cybercriminals, posing significant risks to the operations of nursing homes.
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Cascadia Health is http://www.cascadiahealth.org.
According to Rankiteo, Cascadia Health’s AI-generated cybersecurity score is 759, reflecting their Fair security posture.
According to Rankiteo, Cascadia Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Cascadia Health has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, Cascadia Health is not certified under SOC 2 Type 1.
According to Rankiteo, Cascadia Health does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Cascadia Health is not listed as GDPR compliant.
According to Rankiteo, Cascadia Health does not currently maintain PCI DSS compliance.
According to Rankiteo, Cascadia Health is not compliant with HIPAA regulations.
According to Rankiteo,Cascadia Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Cascadia Health operates primarily in the Mental Health Care industry.
Cascadia Health employs approximately 816 people worldwide.
Cascadia Health presently has no subsidiaries across any sectors.
Cascadia Health’s official LinkedIn profile has approximately 4,780 followers.
Cascadia Health is classified under the NAICS code 62133, which corresponds to Offices of Mental Health Practitioners (except Physicians).
No, Cascadia Health does not have a profile on Crunchbase.
Yes, Cascadia Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cascadia-behavioral-healthcare.
As of January 22, 2026, Rankiteo reports that Cascadia Health has not experienced any cybersecurity incidents.
Cascadia Health has an estimated 5,276 peer or competitor companies worldwide.
Total Incidents: According to Rankiteo, Cascadia Health has faced 0 incidents in the past.
Incident Types: The types of cybersecurity incidents that have occurred include .
.png)
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.
Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid