CommonSpirit Health A.I CyberSecurity Scoring
CommonSpirit Health
Company Information
Website:http://www.commonspirit.careers
Employees number:45,793
Number of followers:145,452
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:commonspirit.careers
CommonSpirit Health Risk Score (AI oriented)
Between 700 and 749
CommonSpirit HealthHospitals and Health Care
Updated:
04/04/2026
04/04/2026
721/1000
Moderate
Ba
CommonSpirit Health Global Score (TPRM)
xxxx
CommonSpirit HealthHospitals and Health Care
Score locked

CommonSpirit HealthModerate
Current Score
721Ba (MODERATE)
01000
3 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
725
JUNE 2026
724
MAY 2026
722
APRIL 2026
722
MARCH 2026
720
FEBRUARY 2026
719
JANUARY 2026
718
DECEMBER 2025
715
NOVEMBER 2025
715
OCTOBER 2025
713
SEPTEMBER 2025
712
AUGUST 2025
710
NOVEMBER 2024
752
Breach
11 Nov 2024 • CommonSpirit Health
CommonSpirit Health and Northgauge Healthcare Advisors: CommonSpirit Health Data Breach Lawsuit Investigation
CommonSpirit Health Vendor Breach Exposes Data of Nearly 20,000 Washington Residents
694
CRITICAL-58
COMPIN1773247957
CommonSpirit Health Vendor Breach Exposes Data of Nearly 20,000 Washington Residents
A ransomware attack on Pinnacle Holdings, LTD, a healthcare consulting vendor, has led to the exposure of sensitive personal data linked to CommonSpirit Health, one of the largest nonprofit health systems in the U.S. The incident, discovered on November 25, 2024, involved unauthorized access to Pinnacle’s network between November 11 and November 25, 2024, during which a threat actor copied personally identifiable information (PII).
Pinnacle, which provides services to Northgauge Healthcare Advisors a contractor for CommonSpirit Health isolated its systems and launched an investigation following the breach. However, delays in notification meant that Northgauge was only informed in November 2025, with impacted individuals not identified until January 30, 2026. CommonSpirit Health was notified of affected Washington residents on February 2, 2026.
The exposed data includes names, full dates of birth, medical information, and other unspecified details. The breach was reported to the Washington Attorney General, with 19,027 state residents confirmed as affected. CommonSpirit Health has since posted a notice on its website regarding the incident.
The law firm Shamis & Gentile P.A. is investigating potential compensation for those impacted, citing eligibility for damages related to the exposure of personal data. The breach highlights risks associated with third-party vendors in healthcare cybersecurity.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2022
743
Cyber Attack
01 Oct 2022 • CommonSpirit Health
CommonSpirit Health
Cybersecurity Incident at CommonSpirit
726
CRITICAL-17
COM01921122
CommonSpirit, the second-largest nonprofit hospital chain in the U.S., suffered a cybersecurity incident that disrupted medical services across the country.
The attack caused certain IT systems including electronic health records and other systems to go offline which resulted in rescheduling some patient appointments.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
JUNE 2022
794
Breach
16 Jun 2022 • CommonSpirit Health
CommonSpirit Health
CommonSpirit Health Cyberattacks
739
CRITICAL-55
COM205827123
CommonSpirit Health is now facing a class action lawsuit because of the cyberattacks that it faced in 2022.
The lawsuit was initiated because the attacks impacted facilities across one of the largest nonprofit healthcare systems in the US.
Back in the last year, CommonSpirit began reporting IT outages, EHR downtime, and appointment cancellations in early October, later confirming that these disruptions were caused by attacks.
The latest lawsuit alleges that CommonSpirit lost control of highly sensitive information as a result of the breach and suggested that the health system has not been forthcoming about the breach.
It was also alleged that the number of actual victims of the Data Breach may be much higher to approx twenty million individuals.
The plaintiffs are seeking reimbursement for out-of-pocket costs, credit monitoring services, and improvements to CommonSpirit’s data security systems.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CommonSpirit Health ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in June 2026 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in May 2026 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in April 2026 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in March 2026 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in February 2026 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in January 2026 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in December 2025 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in November 2025 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in October 2025 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in September 2025 ??
What was CommonSpirit Health's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CommonSpirit Health's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CommonSpirit Health ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CommonSpirit Health's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?