What is the official website of CommonSpirit Health ?

The official website of CommonSpirit Health is http://www.commonspirit.careers.

What is CommonSpirit Health's cybersecurity risk score?

CommonSpirit Health has an AI-generated cybersecurity risk score of 721 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has CommonSpirit Health experienced?

According to Rankiteo, CommonSpirit Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has CommonSpirit Health been affected by any supply chain cyber incidents ?

According to Rankiteo, CommonSpirit Health has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Clinical Registry Solutions (Incident ID: DIGST-CLI1781224155) Pinnacle Healthcare Consulting (Incident ID: COMPIN1773247957)

Does CommonSpirit Health have SOC 2 Type 1 certification ?

According to Rankiteo, CommonSpirit Health is not certified under SOC 2 Type 1.

Does CommonSpirit Health have SOC 2 Type 2 certification ?

According to Rankiteo, CommonSpirit Health does not hold a SOC 2 Type 2 certification.

Does CommonSpirit Health comply with GDPR ?

According to Rankiteo, CommonSpirit Health is not listed as GDPR compliant.

Does CommonSpirit Health have PCI DSS certification ?

According to Rankiteo, CommonSpirit Health does not currently maintain PCI DSS compliance.

Does CommonSpirit Health comply with HIPAA ?

According to Rankiteo, CommonSpirit Health is not compliant with HIPAA regulations.

Does CommonSpirit Health have ISO 27001 certification ?

According to Rankiteo,CommonSpirit Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does CommonSpirit Health operate in ?

CommonSpirit Health operates primarily in the Hospitals and Health Care industry.

How many employees does CommonSpirit Health have ?

CommonSpirit Health employs approximately 45,793 people worldwide.

Does CommonSpirit Health own any subsidiaries ?

CommonSpirit Health presently has no subsidiaries across any sectors.

How many LinkedIn followers does CommonSpirit Health have ?

CommonSpirit Health's official LinkedIn profile has approximately 145,452 followers.

What is the NAICS classification code for CommonSpirit Health ?

CommonSpirit Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.

Does CommonSpirit Health have a Crunchbase profile ?

No, CommonSpirit Health does not have a profile on Crunchbase.

Does CommonSpirit Health have a LinkedIn profile ?

Yes, CommonSpirit Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/commonspirithealth.

How many cybersecurity incidents has CommonSpirit Health experienced ?

As of June 23, 2026, Rankiteo reports that CommonSpirit Health has experienced 18 cybersecurity incidents.

How many peer or competitor companies does CommonSpirit Health have ?

CommonSpirit Health has an estimated 33,107 peer or competitor companies worldwide.

What types of cybersecurity incidents has CommonSpirit Health faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach, Cyber Attack, Ransomware, Vulnerability and Data Leak.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

CommonSpirit Health

Boost Score +25 with badge (5 left)

721

/1000

Moderate

746

/1000

Moderate

CommonSpirit Health Vendor Cyber Rating & Cyber Score

commonspirit.careers

Add Your Compliance Badge

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 138 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 160,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $5 billion annually in charity care, community benefits, and unreimbursed government programs. Together with our patients,

CommonSpirit Health A.I CyberSecurity Scoring

Scoring History

CommonSpirit Health

CommonSpirit Health CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Dignity Health

Breach

4/2026

Clinical Regist...

DIGST-CLI178122...

CommonSpirit Health

Vulnerability

12/2025

ST-1765583985

CommonSpirit Health

Breach

11/2024

Pinnacle Health...

COMPIN177324795...

CommonSpirit Health

Breach

3/2024

DIG576215709112...

CommonSpirit Health

Cyber Attack

100

10/2022

CHI234511122

CommonSpirit Health

Cyber Attack

100

10/2022

COM01921122

CommonSpirit Health

Ransomware

100

10/2022

STL235161022

CommonSpirit Health

Breach

100

6/2022

COM205827123

CommonSpirit Health

Breach

12/2021

VIR207072625

CommonSpirit Health

Breach

2/2020

VIR1054072425

CommonSpirit Health

Data Leak

02/2019

CHI25116223

CommonSpirit Health

Breach

8/2018

ST-429072725

CommonSpirit Health

Breach

9/2017

DIG328072625

CommonSpirit Health

Breach

8/2016

DIG15131522

CommonSpirit Health

Breach

7/2016

DIG014091825

CommonSpirit Health

Breach

6/2015

DIG456080425

CommonSpirit Health

Breach

2/2014

ST-641072625

CommonSpirit Health

Breach

12/2013

ST-231071625

Loading…

A.I.

CommonSpirit Health Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for CommonSpirit Health

Incidents vs Hospitals and Health Care Industry Avg (This Year)

No incidents recorded for CommonSpirit Health in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for CommonSpirit Health in 2026.

Incident Types CommonSpirit Health vs Hospitals and Health Care Industry Avg (This Year)

No incidents recorded for CommonSpirit Health in 2026.

Incident History - CommonSpirit Health (X = Date, Y = Severity)

Loading…

SUBSIDIARY

CommonSpirit Health Subsidiaries

CommonSpirit Health

Hospitals and Health Care

Website: http://www.commonspirit.careers

Company Size: 10,001+ employees

Dignity HealthHospitals and Health Care

St. Joseph's Hospital and Medical CenterHospitals and Health Care

Mercy Gilbert Medical CenterHospitals and Health Care

Sequoia Hospital FoundationPhilanthropic Fundraising Services

St. Rose Dominican HospitalsHospitals and Health Care

North State Quality Care NetworkHospitals and Health Care

Marian Medical CenterHospitals and Health Care

CommonSpirit Health Administrative FellowshipHospitals and Health Care

Virginia Mason Franciscan HealthHospitals and Health Care

CHIHospitals and Health Care

St. Luke's HealthHospitals and Health Care

CHI HealthHospitals and Health Care

CHI St. VincentHospitals and Health Care

St. Joseph HealthHospitals and Health Care

CHI St. Alexius HealthHospitals and Health Care

CHI MemorialHospitals and Health Care

Loading…

CommonSpirit Health Similar Companies

Centene Corporation

centene.com

Centene Corporation is a leading healthcare enterprise committed to helping people live healthier lives. Centene offers affordable and high-quality products to more than 1 in 15 individuals across the nation, including Medicaid and Medicare members (including Medicare Prescription Drug Plans) as well as individuals and families served by the Health Insurance Marketplace. Centene believes healthcare is best delivered locally. Our local health plans provide fully integrated, high-quality, and cost-effective services to government-sponsored and commercial healthcare programs, focusing on under-insured and uninsured individuals. Centene’s hiring practices reflect the composition of the members and communities we serve, allowing us to deliver quality, culturally sensitive healthcare to millions of members. Centene employees help change the world of healthcare and transform our communities. To learn more about career opportunities with Centene, visit: https://jobs.centene.com/

UHS

cb uhs.com

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance, growing since its inception into a Fortune 300 corporation. Headquartered in King of Prussia, PA, UHS has 99,000 employees. Through its subsidiaries, UHS operates 29 acute care hospitals, 331 behavioral health facilities, 60 outpatient and other facilities in 39 U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com UHS is a registered trademark of UHS of Delaware, Inc., a subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company that operates through its subsidiaries. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent there is any reference to “UHS” or “UHS facilities” on this website, including any statements, articles or other publications contained herein which relates to healthcare or management operations, they are referring to Universal Health Services, Inc.’s subsidiaries. Further, the terms “we,” “us,” “our” or “the company” in such context similarly refer to the operations of the subsidiaries of Universal Health Services, Inc. Any reference to employment at UHS or employees of UHS refers to employment with one of the subsidiaries of Universal Health Services, Inc.

Abbott

abbott.com

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritional and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries. Connect with us at www.abbott.com, on Facebook at www.facebook.com/Abbott and www.facebook.com/AbbottCareers, on Instagram @AbbottGlobal, and on X @AbbottNews. We invite you to explore opportunities at Abbott, to see if your talents and career aspirations may fit with our openings. An equal opportunity employer, Abbott welcomes and encourages diversity in our workforce. Terms of Use: https://www.abbott.com/social-media-terms-of-use.htm

Medical University of South Carolina

musc.edu

The Medical University of South Carolina (MUSC) is a public institution of higher learning the purpose of which is to preserve and optimize human life in South Carolina and beyond. The university provides an interprofessional environment for learning and discovery through education of health care professionals and biomedical scientists, research in the health sciences and provision of comprehensive health care.

Prisma Health

cb prismahealth.org

Prisma Health is the largest not-for-profit health organization in South Carolina, serving more than 1.2 million patients annually. Our facilities in the Greenville and Columbia surrounding markets are dedicated to improving the health of all South Carolinians through improved clinical quality, access to care and patient experience, while also addressing the rising cost of health care. Our Purpose: Inspire health. Serve with compassion. Be the difference.

Texas Children's Hospital

texaschildrenspeople.org

Texas Children’s Hospital is a world-class pediatric facility, nationally recognized as a top children’s hospital, and voted one of the best places to work in Houston for nine years running. We’re committed to creating a healthy community for children by providing the best pediatric care possible, through groundbreaking research and emphasis on education. We also offer a full continuum of family-centered care for women, from obstetrics to well-woman care. As a team member at Texas Children’s Hospital, you’ll work in an environment that values your voice. Texas Children's Hospital, headquartered in Houston, Texas, is recognized as one of America's best children's hospitals.

Mercy

cb mercy.net

Mercy, one of the 15 largest U.S. health systems and named the top large system in the U.S. for excellent patient experience by NRC Health, serves millions annually with nationally recognized care and one of the nation’s largest and highest performing Accountable Care Organizations in quality and cost. Mercy is a highly integrated, multi-state health care system including 55 acute care and specialty (heart, children’s, orthopedic and rehab) hospitals, convenient and urgent care locations, imaging centers and pharmacies. Mercy has over 1,000 physician practice locations and outpatient facilities, more than 5,000 physicians and advanced practitioners and more than 50,000 caregivers serving patients and families across Arkansas, Illinois, Kansas, Missouri and Oklahoma. Mercy also has clinics, outpatient services and outreach ministries in Arkansas, Louisiana, Mississippi and Texas. In fiscal year 2025 alone, Mercy provided more than half a billion dollars of free care and other community benefits, including traditional charity care and unreimbursed Medicaid.

Mayo Clinic

mayoclinic.org

Mayo Clinic has expanded and changed in many ways, but our values remain true to the vision of our founders. Our primary value – The needs of the patient come first – guides our plans and decisions as we create the future of health care. Join us and you'll find a culture of teamwork, professionalism and mutual respect, and most importantly, a life-changing career. Mayo Clinic was founded in Rochester, Minnesota by brothers Dr. William James Mayo and Dr. Charles Horace Mayo. More than 100 years later, their vision continues to evolve around a single guiding value: "The needs of the patient come first." Today we are the largest integrated, not for-profit medical group practice in the world. We are recognized for high-quality patient care more than any other academic medical center in the nation. These endorsements are very gratifying, but also humbling. They remind us of the tradition that has been entrusted to each one of us, and the legacy of excellence that we uphold every day.

CHRISTUS Health

christushealth.org

CHRISTUS Health is a Catholic not-for-profit health care system comprising more than 600 centers, including long-term care facilities, community hospitals, walk-in clinics and health ministries. We are a community of 50,000 Associates, with over 15,000 physicians providing personalized care. Our ministries extend to Texas, Louisiana, New Mexico and Arkansas, and throughout the Americas to Chile, Colombia and Mexico. We continue to expand into new communities each year, adding more physicians and more services and bringing care closer to more people. Sponsored by the Sisters of Charity of the Incarnate Word in Houston and San Antonio and the Sisters of the Holy Family of Nazareth, our mission is to extend the healing ministry of Jesus Christ to every individual we serve.

Loading…

NEWS

CommonSpirit Health CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 17, 2026 03:18 PM

CommonSpirit Health Patients Affected by Vendor Data Breach

The Chicago, IL-based Catholic health system CommonSpirit Health has announced that it has been affected by a security incident at a vendor...

Read Article

April 17, 2025 10:19 PM

Ransomware can cost hospitals millions—and then some

The rising tide of ransomware attacks in healthcare is exacting a hefty price from hospitals and other medical providers who've had their data locked up by...

Read Article

November 22, 2024 08:00 AM

CommonSpirit partners up with U of U for clinical collaboration

Patients from five of the health system's hospitals will now have access to University of Utah Health providers and resources through the...

Read Article

September 19, 2024 07:00 AM

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

Rising cyberattacks threaten healthcare systems. Learn how improving cybersecurity hygiene can protect patients and prevent ransomware.

Read Article

September 13, 2024 07:00 AM

Chutes & Ladders—Mount Sinai taps new digital and IT leader; CommonSpirit hires chief physician executive officer

Mount Sinai Health System has appointed Lisa S. Stump as chief digital information officer of the Mount Sinai Health System and dean for Information Technology.

Read Article

July 19, 2024 07:00 AM

CrowdStrike outage hits US hospitals

The cybersecurity firm released what was meant to be a routine software update, but now health systems, including CommonSpirit Health and...

Read Article

June 25, 2024 07:00 AM

Novant hires cyber exec from CommonSpirit

Sanjeev Sah will take on the chief information security officer role at the North Carolina-based health system after about four years at CommonSpirit Health.

Read Article

June 24, 2024 07:00 AM

Cybersecurity expert Sanjeev Sah named chief information security officer at Novant Health

WINSTON-SALEM, N.C. (June 24, 2024) – Novant Health welcomes Sanjeev Sah as its chief information security officer (CISO).

Read Article

May 01, 2024 07:00 AM

Federal Judge Tosses CommonSpirit Health Data Breach Lawsuit Due to Lack of Standing

A federal court judge has recommended a class action lawsuit against CommonSpririt Health over its 2022 data breach should be dismissed.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-54236

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitize_message. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/api_router.py (the POST /v1/messages and POST /v1/messages/count_tokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speech_to_text/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 5.3)

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score

1.4

Exploitability

3.9

REFERENCES

CVE-2026-54235

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 6.9

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-54233

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 6.5)

cvss3

Base Score: 6.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score

3.6

Exploitability

2.8

REFERENCES

CVE-2026-54232

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 8.8)

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

2.8

REFERENCES

https://github.com/vllm-project/vllm/security/advisories/GHSA-jrf6-vqxq-pjv2

CVE-2026-53923

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 5.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…