CHS A.I CyberSecurity Scoring
CHS
Company Information
Website:http://coniferhealth.com
Employees number:7,666
Number of followers:91,935
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:coniferhealth.com
CHS Risk Score (AI oriented)
Between 650 and 699
CHSHospitals and Health Care
Updated:
29/03/2026
29/03/2026
683/1000
Weak
B
CHS Global Score (TPRM)
xxxx
CHSHospitals and Health Care
Score locked

CHSWeak
Current Score
683B (WEAK)
01000
3 incidents
-106 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
689
JUNE 2026
688
MAY 2026
685
APRIL 2026
684
MARCH 2026
683
FEBRUARY 2026
680
JANUARY 2026
629
DECEMBER 2025
627
NOVEMBER 2025
626
OCTOBER 2025
623
SEPTEMBER 2025
620
AUGUST 2025
723
Breach
28 Aug 2025 • CHS
Conifer Value-Based Care, LLC and Conifer Health Solutions: Conifer Data Breach Exposes Sensitive Pediatric Patient Data
Conifer Value-Based Care Business Email Compromise and Data Breach
617
CRITICAL-106
CONCON1766160151
Conifer Value-Based Care Reports Email Breach Exposing Pediatric Patient Data
On August 28, 2025, Conifer Value-Based Care, LLC—a subsidiary of Conifer Health Solutions providing administrative services to healthcare providers and plans—detected unauthorized access to an employee’s Microsoft Office 365-hosted business email account. The breach, which also occurred on August 29, exposed personally identifiable information (PII) and protected health information (PHI) of pediatric patients, their parents, and guarantors.
The compromised data included names, dates of birth, medical details, and health insurance information, though the exact scope varied by individual. Notably, the breach was isolated to the email account and did not affect Conifer’s internal networks or systems.
Conifer contained the threat immediately and launched an investigation, concluding on November 10, 2025, with affected providers and health plans notified by November 14. Address verification for impacted individuals was finalized by December 5, and the breach was officially disclosed to the California Attorney General on December 18, 2025. A Notice of Data Breach was also posted on Conifer’s website.
In response, the company enhanced security controls and monitoring to prevent future incidents and collaborated with providers to notify affected parties. While no evidence suggests misuse of the exposed data, the breach underscores risks to sensitive healthcare information.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2022
725
Breach
01 Aug 2022 • CHS
Conifer Health Solutions
Conifer Revenue Cycle Solutions Data Breach
672
CRITICAL-53
CON23171122
Conifer Revenue Cycle Solutions, LLC (“we” or “Conifer”), a provider of revenue cycle management and other administrative services to healthcare providers, suffered a cybersecurity incident that affected its users' personal information.
An unauthorized third party gained access to a Microsoft Office 365-hosted business email account and compromised certain information.
The exposed information involved information to identify the individual (such as full name, date of birth, and address); (2) Social Security number, driver’s license/state ID number, and/or financial account information; (3) medical and/or treatment information (such as medical record number, dates of service, provider and facility, diagnosis or symptom information, and prescription/medication); (4) health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and (5) billing and claims information.
However, upon revelation, the email account was separate from Conifer’s internal network and systems, and those who were affected were notified.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2022
778
Breach
20 Jan 2022 • CHS
Conifer Revenue Cycle Solutions, LLC
Data Breach at Conifer Revenue Cycle Solutions, LLC
719
CRITICAL-59
CON721082025
The Vermont Office of the Attorney General disclosed a data breach affecting Conifer Revenue Cycle Solutions, LLC, discovered on April 14, 2022, but reported on September 30, 2022. The incident involved unauthorized access to a Microsoft Office 365-hosted email account, potentially compromising personal information of individuals. The exposed data included sensitive medical and health insurance details, raising concerns about privacy violations and potential misuse of protected health information (PHI). While the exact number of affected individuals was not specified, the breach highlights vulnerabilities in third-party vendor systems handling healthcare data. The delayed detection and reporting further exacerbate risks, as prolonged exposure increases the likelihood of fraud, identity theft, or secondary attacks leveraging the stolen information. The breach underscores the critical need for robust email security measures and timely incident response in sectors managing highly sensitive data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CHS ??
What was CHS's A.I Rankiteo Cyber Score in June 2026 ??
What was CHS's A.I Rankiteo Cyber Score in May 2026 ??
What was CHS's A.I Rankiteo Cyber Score in April 2026 ??
What was CHS's A.I Rankiteo Cyber Score in March 2026 ??
What was CHS's A.I Rankiteo Cyber Score in February 2026 ??
What was CHS's A.I Rankiteo Cyber Score in January 2026 ??
What was CHS's A.I Rankiteo Cyber Score in December 2025 ??
What was CHS's A.I Rankiteo Cyber Score in November 2025 ??
What was CHS's A.I Rankiteo Cyber Score in October 2025 ??
What was CHS's A.I Rankiteo Cyber Score in September 2025 ??
What was CHS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CHS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CHS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CHS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?