We are a health benefits provider that advocates for better health through every stage of life. We guide our customers through the health care system, empowering them with the information and insight they need to improve their health and vitality.
Mercy, one of the 15 largest U.S. health systems and named the top large system in the U.S. for excellent patient experience by NRC Health, serves millions annually with nationally recognized care and one of the nation’s largest and highest performing Accountable Care Organizations in quality and cost. Mercy is a highly integrated, multi-state health care system including 50 acute care and specialty (heart, children’s, orthopedic and rehab) hospitals, convenient and urgent care locations, imaging centers and pharmacies. Mercy has over 1,000 physician practice locations and outpatient facilities, more than 5,000 physicians and advanced practitioners and more than 50,000 co-workers serving patients and families across Arkansas, Illinois, Kansas, Missouri and Oklahoma. Mercy also has clinics, outpatient services and outreach ministries in Arkansas, Louisiana, Mississippi and Texas. In fiscal year 2024 alone, Mercy provided nearly half a billion dollars of free care and other community benefits, including traditional charity care and unreimbursed Medicaid.
Security & Compliance Standards Overview
No incidents recorded for Cigna Healthcare in 2025.
No incidents recorded for Mercy in 2025.
Cigna Healthcare cyber incidents detection timeline including parent company and subsidiaries
Mercy cyber incidents detection timeline including parent company and subsidiaries
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
