Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
CommonSpirit Health

CommonSpirit Health Vendor Cyber Rating & Cyber Score

commonspirit.careers

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 138 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 160,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $5 billion annually in charity care, community benefits, and unreimbursed government programs. Together with our patients,


CommonSpirit Health A.I CyberSecurity Scoring

CommonSpirit Health
Company Information
Website:http://www.commonspirit.careers
Employees number:45,793
Number of followers:145,452
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:commonspirit.careers
CommonSpirit Health Risk Score (AI oriented)
Between 700 and 749
logo
CommonSpirit HealthHospitals and Health Care
Updated:
04/04/2026
721/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CommonSpirit Health Global Score (TPRM)
xxxx
logo
CommonSpirit HealthHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CommonSpirit Health
CommonSpirit HealthModerate
Current Score
721Ba (MODERATE)
01000
3 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
725Before Incident
JUNE 2026
724Before Incident
MAY 2026
722Before Incident
APRIL 2026
722Before Incident
MARCH 2026
720Before Incident
FEBRUARY 2026
719Before Incident
JANUARY 2026
718Before Incident
DECEMBER 2025
715Before Incident
NOVEMBER 2025
715Before Incident
OCTOBER 2025
713Before Incident
SEPTEMBER 2025
712Before Incident
AUGUST 2025
710Before Incident
NOVEMBER 2024
752Before Incident
Breach
11 Nov 2024CommonSpirit Health
CommonSpirit Health and Northgauge Healthcare Advisors: CommonSpirit Health Data Breach Lawsuit Investigation

CommonSpirit Health Vendor Breach Exposes Data of Nearly 20,000 Washington Residents

694After Incident
CRITICAL-58
COMPIN1773247957
CommonSpirit Health Vendor Breach Exposes Data of Nearly 20,000 Washington Residents A ransomware attack on Pinnacle Holdings, LTD, a healthcare consulting vendor, has led to the exposure of sensitive personal data linked to CommonSpirit Health, one of the largest nonprofit health systems in the U.S. The incident, discovered on November 25, 2024, involved unauthorized access to Pinnacle’s network between November 11 and November 25, 2024, during which a threat actor copied personally identifiable information (PII). Pinnacle, which provides services to Northgauge Healthcare Advisors a contractor for CommonSpirit Health isolated its systems and launched an investigation following the breach. However, delays in notification meant that Northgauge was only informed in November 2025, with impacted individuals not identified until January 30, 2026. CommonSpirit Health was notified of affected Washington residents on February 2, 2026. The exposed data includes names, full dates of birth, medical information, and other unspecified details. The breach was reported to the Washington Attorney General, with 19,027 state residents confirmed as affected. CommonSpirit Health has since posted a notice on its website regarding the incident. The law firm Shamis & Gentile P.A. is investigating potential compensation for those impacted, citing eligibility for damages related to the exposure of personal data. The breach highlights risks associated with third-party vendors in healthcare cybersecurity.
INCIDENT DETAILS -
TYPE
Ransomware
IMPACT
Data Compromised: Personally identifiable information (PII), medical informationSystems Affected: Pinnacle Holdings, LTD networkOperational Impact: Delayed notifications to affected partiesBrand Reputation Impact: Potential reputational damage to CommonSpirit HealthLegal Liabilities: Potential legal actions and finesIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personally identifiable information (PII), medical informationNumber Of Records Exposed: 19,027Sensitivity Of Data: High (names, full dates of birth, medical information)Data Exfiltration: YesPersonally Identifiable Information: Names, full dates of birth, medical information
OCTOBER 2022
743Before Incident
Cyber Attack
01 Oct 2022CommonSpirit Health
CommonSpirit Health

Cybersecurity Incident at CommonSpirit

726After Incident
CRITICAL-17
COM01921122
CommonSpirit, the second-largest nonprofit hospital chain in the U.S., suffered a cybersecurity incident that disrupted medical services across the country. The attack caused certain IT systems including electronic health records and other systems to go offline which resulted in rescheduling some patient appointments.
INCIDENT DETAILS -
TYPE
Cyber Attack
IMPACT
Electronic Health RecordsOther IT SystemsDowntime: Some downtime resulting in rescheduling of patient appointmentsOperational Impact: Disruption of medical services
JUNE 2022
794Before Incident
Breach
16 Jun 2022CommonSpirit Health
CommonSpirit Health

CommonSpirit Health Cyberattacks

739After Incident
CRITICAL-55
COM205827123
CommonSpirit Health is now facing a class action lawsuit because of the cyberattacks that it faced in 2022. The lawsuit was initiated because the attacks impacted facilities across one of the largest nonprofit healthcare systems in the US. Back in the last year, CommonSpirit began reporting IT outages, EHR downtime, and appointment cancellations in early October, later confirming that these disruptions were caused by attacks. The latest lawsuit alleges that CommonSpirit lost control of highly sensitive information as a result of the breach and suggested that the health system has not been forthcoming about the breach. It was also alleged that the number of actual victims of the Data Breach may be much higher to approx twenty million individuals. The plaintiffs are seeking reimbursement for out-of-pocket costs, credit monitoring services, and improvements to CommonSpirit’s data security systems.
INCIDENT DETAILS -
TYPE
Cyberattack
IMPACT
Highly sensitive informationIT systemsEHR systemsIT outagesEHR downtimeAppointment cancellationsClass action lawsuit
DATA BREACH
Type Of Data Compromised: Highly sensitive informationNumber Of Records Exposed: Approx twenty million individualsSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CommonSpirit Health ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CommonSpirit Health's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CommonSpirit Health's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CommonSpirit Health ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CommonSpirit Health's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?