CHS
Company Details
Linkedin ID:
community-health-systems
Website:
Employees number:
23,751
Number of followers:
98,504
NAICS:
62
Industry Type:
Homepage:
chs.net
IP Addresses:
0
Company ID:
COM_1368018
Scan Status:
In-progress
Community Health Systems Company CyberSecurity Posture
chs.net
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Community Health Systems A.I CyberSecurity Scoring
CHS Risk Score (AI oriented)Between 650 and 699
CHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CHS Global Score (TPRM)XXXX
CHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CHS Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Community Health Systems
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer technology was the focus of a recent round of attacks, according to Community Health Systems (CHS). A further investigation showed that the consequent data breach affected up to 1 million patients' personal and health information. Additionally, it stated that it would provide identity theft protection services and alert any affected people whose information was compromised.
Community Health Systems Professional Services Corporation
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that Community Health Systems Professional Services Corporation experienced a data breach due to an external criminal cyber attack confirmed in July 2014. The breach occurred between April 10, 2014, and June 24, 2014, potentially affecting personal information including names, addresses, birthdates, and Social Security numbers of unknown individuals.
Community Health Systems
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Community Health Systems (CHS) announced a data compromise, wherein attackers used Fortra's GoAnywhere MFT platform's zero-day vulnerability. Up to 1 million patients were harmed, according to an investigation CHS undertook to see if any of its systems were compromised. The Company now estimates that up to one million people may have been impacted by this assault. This information was compromised by the Fortran breach. All affected people whose information was exposed in the data breach will be notified and offered protection services by the company.
CHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Community Health Systems in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Community Health Systems in 2025.
Incident Types CHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Community Health Systems in 2025.
Incident History — CHS (X = Date, Y = Severity)
CHS cyber incidents detection timeline including parent company and subsidiaries
CHS Company Subsidiaries
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Loading...
CHS Similar Companies
Houston Methodist
Houston Methodist is one of the nation’s leading health systems and academic medical centers. The health system consists of eight hospitals: Houston Methodist Hospital, its flagship academic hospital in the Texas Medical Center, seven community hospitals and one long-term acute care hospital through
Atrium Health
Atrium Health, part of Advocate Health, is redefining how, when and where care is delivered. We are rethinking methods of care delivery to reach more people and bringing human kindness to every step of their health journey. Our dedication to elevating health care for every individual, every teammate
Yeditepe University Hospital
Университет Едитепе был основан фондом ISTEK в 1996 году. 1. Стоматологическая клиника Университета Йедитепе, 1996 г. 2. Больница Козьятаги Университета Едитепе в 2005 г. 3. Поликлиника Багдат Каддеси Университета Едитепе, 2006 г. 4. Глазной центр Университета Йедитепе, 2007 г. 5. Центр генетическо
UAB Medicine
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you ar
Providence
Every day, 119,000 compassionate caregivers serve patients and communities through Providence St. Joseph Health, a national, Catholic, not-for-profit health system, driven by a belief that health is a human right. Rooted in the founding missions of the Sisters of Providence and the Sisters of St.
Access Healthcare provides business process outsourcing, application services, and robotic process automation tools to hospitals, health systems, providers, payers, and related service providers. We operate from 20 delivery centers across nine cities in the US, India, and the Philippines, and our 2
Cardinal Health is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities. With more than 50 years in business, operations in more than 30 countries and approximately 48,00
Allina Health
People at Allina Health have a career of making a difference in the lives of the millions of patients we see each year at our 90+ clinics, 12 hospitals and through a wide variety of specialty care services in Minnesota and western Wisconsin. We’re a not-for-profit organization committed to enrichin
HCA Healthcare is dedicated to giving people a healthier tomorrow. As one of the nation’s leading providers of healthcare services, HCA Healthcare is comprised of 188 hospitals and 2,400+ sites of care in 20 states and the United Kingdom. In addition to hospitals, sites of care include surgery cen
.png)
CHS CyberSecurity News
November 17, 2025 08:00 AM
Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss
A lawsuit filed by Nebraska Attorney General Mike Hilgers over the 2024 Change Healthcare data breach has been allowed to proceed after...
November 11, 2025 08:00 AM
Aultman Health System recognized for digital health excellence
Hospital system achieves Level 8 status in CHIME's 2025 Digital Health Most Wired Survey, highlighting leadership in patient care,...
November 06, 2025 08:00 AM
Alabama Focuses on Cybersecurity in Improving Rural Health Care
A cybersecurity initiative and a collaborative electronic health record are among the endeavors the state will work on, with $500 million...
November 05, 2025 02:36 PM
Strategies for Cyber Preparedness in Health Care
“Strategies for Cyber Preparedness in Health Care” guides hospitals and health systems in elevating cybersecurity beyond a technical challenge and instead...
October 29, 2025 07:00 AM
Community hospital in Colorado thwarts ransomware attack, says patient data is safe
Family West Health, a 25-bed facility, said it spotted a cyberattack this week that forced it to shut down IT systems.
October 26, 2025 07:00 AM
Healthcare Data Breach Statistics
The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS)...
October 24, 2025 07:00 AM
New report warns of healthcare cybersecurity crisis in Canada
The Canadian Cybersecurity Network's latest report reveals a surge in cyberattacks threatening patient safety, care delivery and the...
September 09, 2025 07:00 AM
Ascension Saint Thomas CEO Fahad Tahir talks industry challenges, responsibility
Ascension Saint Thomas CEO Fahad Tahir discusses health policy, cybersecurity and Nashville's potential to improve regional health outcomes.
August 29, 2025 07:00 AM
Information of over 200,000 patients leaked after data breach at UIHC affiliate
A data breach at one of University of Iowa Health Care's (UIHC) affiliate companies has resulted in the patient information of over 200000...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CHS CyberSecurity History Information
Official Website of Community Health Systems
The official website of Community Health Systems is https://www.chs.net/.
Community Health Systems’s AI-Generated Cybersecurity Score
According to Rankiteo, Community Health Systems’s AI-generated cybersecurity score is 666, reflecting their Weak security posture.
How many security badges does Community Health Systems’ have ?
According to Rankiteo, Community Health Systems currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Community Health Systems have SOC 2 Type 1 certification ?
According to Rankiteo, Community Health Systems is not certified under SOC 2 Type 1.
Does Community Health Systems have SOC 2 Type 2 certification ?
According to Rankiteo, Community Health Systems does not hold a SOC 2 Type 2 certification.
Does Community Health Systems comply with GDPR ?
According to Rankiteo, Community Health Systems is not listed as GDPR compliant.
Does Community Health Systems have PCI DSS certification ?
According to Rankiteo, Community Health Systems does not currently maintain PCI DSS compliance.
Does Community Health Systems comply with HIPAA ?
According to Rankiteo, Community Health Systems is not compliant with HIPAA regulations.
Does Community Health Systems have ISO 27001 certification ?
According to Rankiteo,Community Health Systems is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Community Health Systems
Community Health Systems operates primarily in the Hospitals and Health Care industry.
Number of Employees at Community Health Systems
Community Health Systems employs approximately 23,751 people worldwide.
Subsidiaries Owned by Community Health Systems
Community Health Systems presently has no subsidiaries across any sectors.
Community Health Systems’s LinkedIn Followers
Community Health Systems’s official LinkedIn profile has approximately 98,504 followers.
NAICS Classification of Community Health Systems
Community Health Systems is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Community Health Systems’s Presence on Crunchbase
Yes, Community Health Systems has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/chs-community-health-systems.
Community Health Systems’s Presence on LinkedIn
Yes, Community Health Systems maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/community-health-systems.
Cybersecurity Incidents Involving Community Health Systems
As of November 27, 2025, Rankiteo reports that Community Health Systems has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Community Health Systems has an estimated 29,962 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Community Health Systems ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Cyber Attack.
How does Community Health Systems detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with inform affected individuals and provide identity theft protection services, and communication strategy with notify and offer protection services to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Community Health Systems Due to Zero-Day Vulnerability in Fortra's GoAnywhere MFT
Description: A zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer technology was the focus of a recent round of attacks, affecting up to 1 million patients' personal and health information.
Type: Data Breach
Attack Vector: Zero-Day Vulnerability
Vulnerability Exploited: Zero-Day Vulnerability in Fortra's GoAnywhere MFT
Title: Community Health Systems Data Breach
Description: Community Health Systems (CHS) announced a data compromise, wherein attackers used Fortra's GoAnywhere MFT platform's zero-day vulnerability. Up to 1 million patients were harmed, according to an investigation CHS undertook to see if any of its systems were compromised. The Company now estimates that up to one million people may have been impacted by this assault. This information was compromised by the Fortran breach. All affected people whose information was exposed in the data breach will be notified and offered protection services by the company.
Type: Data Breach
Attack Vector: Zero-day vulnerability
Vulnerability Exploited: Fortra's GoAnywhere MFT platform's zero-day vulnerability
Title: Community Health Systems Data Breach
Description: The California Office of the Attorney General reported that Community Health Systems Professional Services Corporation experienced a data breach due to an external criminal cyber attack confirmed in July 2014. The breach occurred between April 10, 2014, and June 24, 2014, potentially affecting personal information including names, addresses, birthdates, and Social Security numbers of unknown individuals.
Date Detected: July 2014
Type: Data Breach
Attack Vector: External Criminal Cyber Attack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COM21810723
Data Compromised: Personal information, Health information
Identity Theft Risk: High
Incident : Data Breach COM201281023
Data Compromised: Patient information
Incident : Data Breach COM405072925
Data Compromised: Names, Addresses, Birthdates, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Health Information, , Patient information, Names, Addresses, Birthdates, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach COM21810723
Entity Name: Community Health Systems (CHS)
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 1000000
Incident : Data Breach COM201281023
Entity Name: Community Health Systems
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 1 million
Incident : Data Breach COM405072925
Entity Name: Community Health Systems Professional Services Corporation
Entity Type: Healthcare
Industry: Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COM21810723
Communication Strategy: Inform affected individuals and provide identity theft protection services
Incident : Data Breach COM201281023
Communication Strategy: Notify and offer protection services to affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COM21810723
Type of Data Compromised: Personal information, Health information
Number of Records Exposed: 1000000
Sensitivity of Data: High
Incident : Data Breach COM201281023
Type of Data Compromised: Patient information
Number of Records Exposed: 1 million
Incident : Data Breach COM405072925
Type of Data Compromised: Names, Addresses, Birthdates, Social security numbers
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach COM405072925
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Inform affected individuals and provide identity theft protection services and Notify and offer protection services to affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach COM21810723
Customer Advisories: Provide identity theft protection services and alert affected individuals
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Provide identity theft protection services and alert affected individuals.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on July 2014.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, Health Information, , Patient information, , names, addresses, birthdates, Social Security numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, addresses, birthdates, names, Patient information, Health Information and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Provide identity theft protection services and alert affected individuals.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=community-health-systems' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
