Comparison Overview

Change Healthcare

VS

iSoftStone

Change Healthcare

Nashville, Tennessee, US, 37217
Last Update: 2025-11-29
View Profile
Between 0 and 549
http://www.changehealthcare.com

Change Healthcare is now a part of Optum. To stay up-to-date with news please connect with us at Optum.com. At both Optum and Change Healthcare, our teams strive to help people live healthier lives and help the health system work better for everyone.

NAICS: 5415
NAICS Definition: Computer Systems Design and Related Services
Employees: 4,876
Subsidiaries: 0
12-month incidents
5
Known data breaches
4
Attack type number
3
View Profile

iSoftStone

188 106th Ave NE Suite 610 Bellevue, Washington 98004, US
Last Update: 2025-11-28
Between 750 and 799
http://www.isoftstoneinc.com

iSoftStone is a global IT service and consulting company that creates value and drives success through technology solutions, service excellence, and digital innovation. We specialize in web and application development, software testing and support, data and content management, digital experience, accessibility, and data for machine learning and AI. With 20 delivery centers and more than 90,000 employees worldwide, iSoftStone is proud to serve some of the world’s most well-known businesses, including 90+ Fortune Global 500 companies.

NAICS: 5415
NAICS Definition: Computer Systems Design and Related Services
Employees: 10,001
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/change-healthcare.jpeg
Change Healthcare
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/isoftstone.jpeg
iSoftStone
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Change Healthcare
100%
Compliance Rate
0/4 Standards Verified
iSoftStone
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs IT Services and IT Consulting Industry Average (This Year)

Change Healthcare has 825.93% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs IT Services and IT Consulting Industry Average (This Year)

No incidents recorded for iSoftStone in 2025.

Incident History — Change Healthcare (X = Date, Y = Severity)

Change Healthcare cyber incidents detection timeline including parent company and subsidiaries

Incident History — iSoftStone (X = Date, Y = Severity)

iSoftStone cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/change-healthcare.jpeg
Change Healthcare
Incidents

Date Detected: 6/2025
Type:Ransomware
Attack Vector: Compromised Legitimate Websites (e.g., WordPress via wp-admin exploits), Domain Shadowing (malicious subdomains on trusted sites), Malicious Software Updates (e.g., browser/Flash Player impersonation), Traffic Distribution Systems (TDS) like Keitaro and Parrot TDS, Malvertising (e.g., Google Ads impersonating Kaiser Permanente HR portal)
Motivation: Financial Gain (MaaS subscriptions, ransomware profits), Cybercrime Enablement (selling access to affiliates), State-Sponsored Activities (via GRU Unit 29155)
Blog: Blog

Date Detected: 6/2025
Type:Ransomware
Attack Vector: Phishing (AI-enhanced), Impersonation (voice synthesis, browser-based), Vendor Supply Chain Compromise, Double Extortion (ransomware + data theft)
Motivation: Financial gain (ransomware, extortion), Data theft for resale/exploitation, Disruption of operations (supply chain impact)
Blog: Blog

Date Detected: 3/2025
Type:Ransomware
Blog: Blog
https://images.rankiteo.com/companyimages/isoftstone.jpeg
iSoftStone
Incidents

No Incident

FAQ

iSoftStone company demonstrates a stronger AI Cybersecurity Score compared to Change Healthcare company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Change Healthcare company has historically faced a number of disclosed cyber incidents, whereas iSoftStone company has not reported any.

In the current year, Change Healthcare company has reported more cyber incidents than iSoftStone company.

Change Healthcare company has confirmed experiencing a ransomware attack, while iSoftStone company has not reported such incidents publicly.

Change Healthcare company has disclosed at least one data breach, while the other iSoftStone company has not reported such incidents publicly.

Change Healthcare company has reported targeted cyberattacks, while iSoftStone company has not reported such incidents publicly.

Neither Change Healthcare company nor iSoftStone company has reported experiencing or disclosing vulnerabilities publicly.

Neither Change Healthcare nor iSoftStone holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Change Healthcare company nor iSoftStone company has publicly disclosed detailed information about the number of their subsidiaries.

iSoftStone company employs more people globally than Change Healthcare company, reflecting its scale as a IT Services and IT Consulting.

Neither Change Healthcare nor iSoftStone holds SOC 2 Type 1 certification.

Neither Change Healthcare nor iSoftStone holds SOC 2 Type 2 certification.

Neither Change Healthcare nor iSoftStone holds ISO 27001 certification.

Neither Change Healthcare nor iSoftStone holds PCI DSS certification.

Neither Change Healthcare nor iSoftStone holds HIPAA certification.

Neither Change Healthcare nor iSoftStone holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Description

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
Description

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References
Description

File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.

Published
Date
2025-11-28
Updated
Date
2025-11-28
Risk Information
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References