Comparison Overview

Change Healthcare

VS

NTT DATA, Inc.

Change Healthcare

Nashville, Tennessee, US, 37217
Last Update: 2025-11-29
View Profile
Between 0 and 549
http://www.changehealthcare.com

Change Healthcare is now a part of Optum. To stay up-to-date with news please connect with us at Optum.com. At both Optum and Change Healthcare, our teams strive to help people live healthier lives and help the health system work better for everyone.

NAICS: 5415
NAICS Definition: Computer Systems Design and Related Services
Employees: 4,876
Subsidiaries: 0
12-month incidents
5
Known data breaches
4
Attack type number
3
View Profile

NTT DATA, Inc.

undefined, Tokyo, undefined, undefined, JP
Last Update: 2025-11-27
Between 800 and 849
https://services.global.ntt/

NTT DATA, Inc. is a trusted global innovator of business and technology services. We're committed to helping clients innovate, optimize and transform for long-term success. Our R&D investments help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity.

NAICS: 5415
NAICS Definition: Computer Systems Design and Related Services
Employees: 58,499
Subsidiaries: 16
12-month incidents
0
Known data breaches
2
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/change-healthcare.jpeg
Change Healthcare
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/global-ntt.jpeg
NTT DATA, Inc.
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Change Healthcare
100%
Compliance Rate
0/4 Standards Verified
NTT DATA, Inc.
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs IT Services and IT Consulting Industry Average (This Year)

Change Healthcare has 825.93% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs IT Services and IT Consulting Industry Average (This Year)

No incidents recorded for NTT DATA, Inc. in 2025.

Incident History — Change Healthcare (X = Date, Y = Severity)

Change Healthcare cyber incidents detection timeline including parent company and subsidiaries

Incident History — NTT DATA, Inc. (X = Date, Y = Severity)

NTT DATA, Inc. cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/change-healthcare.jpeg
Change Healthcare
Incidents

Date Detected: 6/2025
Type:Ransomware
Attack Vector: Compromised Legitimate Websites (e.g., WordPress via wp-admin exploits), Domain Shadowing (malicious subdomains on trusted sites), Malicious Software Updates (e.g., browser/Flash Player impersonation), Traffic Distribution Systems (TDS) like Keitaro and Parrot TDS, Malvertising (e.g., Google Ads impersonating Kaiser Permanente HR portal)
Motivation: Financial Gain (MaaS subscriptions, ransomware profits), Cybercrime Enablement (selling access to affiliates), State-Sponsored Activities (via GRU Unit 29155)
Blog: Blog

Date Detected: 6/2025
Type:Ransomware
Attack Vector: Phishing (AI-enhanced), Impersonation (voice synthesis, browser-based), Vendor Supply Chain Compromise, Double Extortion (ransomware + data theft)
Motivation: Financial gain (ransomware, extortion), Data theft for resale/exploitation, Disruption of operations (supply chain impact)
Blog: Blog

Date Detected: 3/2025
Type:Ransomware
Blog: Blog
https://images.rankiteo.com/companyimages/global-ntt.jpeg
NTT DATA, Inc.
Incidents

Date Detected: 3/2025
Type:Breach
Blog: Blog

Date Detected: 2/2025
Type:Breach
Attack Vector: Compromise of Order Information Distribution System
Motivation: Data Theft
Blog: Blog

Date Detected: 6/2022
Type:Cyber Attack
Attack Vector: Exploiting exposed/hard-coded credentials in cloud/source code repositories (AWS, Bitbucket, GitHub), Insider-assisted access, Weak network segmentation, Third-party vendor compromises (e.g., TMS, WMS, EDI systems), Staged data leaks for extortion pressure
Motivation: Financial Gain (Extortion), Reputational Damage, Operational Disruption (via data leaks)
Blog: Blog

FAQ

NTT DATA, Inc. company demonstrates a stronger AI Cybersecurity Score compared to Change Healthcare company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Change Healthcare company has faced a higher number of disclosed cyber incidents historically compared to NTT DATA, Inc. company.

In the current year, Change Healthcare company has reported more cyber incidents than NTT DATA, Inc. company.

Change Healthcare company has confirmed experiencing a ransomware attack, while NTT DATA, Inc. company has not reported such incidents publicly.

Both NTT DATA, Inc. company and Change Healthcare company have disclosed experiencing at least one data breach.

Both NTT DATA, Inc. company and Change Healthcare company have reported experiencing targeted cyberattacks.

Neither Change Healthcare company nor NTT DATA, Inc. company has reported experiencing or disclosing vulnerabilities publicly.

Neither Change Healthcare nor NTT DATA, Inc. holds any compliance certifications.

Neither company holds any compliance certifications.

NTT DATA, Inc. company has more subsidiaries worldwide compared to Change Healthcare company.

NTT DATA, Inc. company employs more people globally than Change Healthcare company, reflecting its scale as a IT Services and IT Consulting.

Neither Change Healthcare nor NTT DATA, Inc. holds SOC 2 Type 1 certification.

Neither Change Healthcare nor NTT DATA, Inc. holds SOC 2 Type 2 certification.

Neither Change Healthcare nor NTT DATA, Inc. holds ISO 27001 certification.

Neither Change Healthcare nor NTT DATA, Inc. holds PCI DSS certification.

Neither Change Healthcare nor NTT DATA, Inc. holds HIPAA certification.

Neither Change Healthcare nor NTT DATA, Inc. holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Description

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
Description

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References
Description

File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References