Corewell Health
Company Details
Linkedin ID:
corewell-health
Website:
Employees number:
41,961
Number of followers:
66,399
NAICS:
62
Industry Type:
Homepage:
corewellhealth.org
IP Addresses:
0
Company ID:
COR_1772978
Scan Status:
In-progress
Corewell Health Company CyberSecurity Posture
corewellhealth.org
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.
Corewell Health A.I CyberSecurity Scoring
Corewell Health Risk Score (AI oriented)Between 700 and 749
Corewell Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Corewell Health Global Score (TPRM)XXXX
Corewell Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Corewell Health Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Corewell Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients. The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme. The exposed information includes patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals. The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.
Corewell Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Corewell Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Corewell Health in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Corewell Health in 2026.
Incident Types Corewell Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Corewell Health in 2026.
Incident History — Corewell Health (X = Date, Y = Severity)
Corewell Health cyber incidents detection timeline including parent company and subsidiaries
Corewell Health Company Subsidiaries
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.
Loading...
Corewell Health Similar Companies
At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across
UC San Diego Health
UC San Diego Health and Health Sciences has been caring for the community for almost 60 years. In 1966, we established our first medical center. Two years later, in 1968, UC San Diego School of Medicine opened for business. Today, UC San Diego Health is the only academic health system in the San D
CHRISTUS Health
CHRISTUS Health is a Catholic not-for-profit health care system comprising more than 600 centers, including long-term care facilities, community hospitals, walk-in clinics and health ministries. We are a community of 50,000 Associates, with over 15,000 physicians providing personalized care. Our m
Aurora Health Care is proud to be a part of Advocate Health, the third-largest nonprofit integrated health system in the U.S. Advocate Health is the third-largest nonprofit, integrated health system in the United States, created from the combination of Advocate Aurora Health and Atrium Health. Prov
Beth Israel Lahey Health
Beth Israel Lahey Health is a new, integrated system providing patients with better care wherever they are. Care informed by world-class research and education. We are doctors and nurses, technicians and social workers, innovators and educators, and so many others. All with a shared vision for what
Einstein Hospital Israelita
O nascimento da Sociedade Beneficente Israelita Brasileira Albert Einstein, na década de 50, resultou do compromisso da comunidade judaica em oferecer à população brasileira uma referência em qualidade da prática médica. Mas a Sociedade queria ir além da simples construção de um hospital. E assi
Piedmont
Piedmont is empowering Georgians by changing health care. We continue to fuel Georgia’s growth through safe, cost-effective, high-quality care close to home through an integrated health care system that provides a hassle-free, unified experience. We are a private, not-for-profit organization with mo
VCU Health
We are a strong, passionate team of more than 12,500 who take pride in caring for every person who comes through our doors. We lift each other up so we can provide the very best and safest care to those who need us most. Together. Every day. With the support of our university, we make up an acade
The University of Texas Medical Branch
The first academic health center in Texas opened its doors in 1891 and today has four campuses, five health sciences schools, seven institutes for advanced study, a research enterprise that includes one of only two national laboratories dedicated to the safe study of infectious threats to human heal
.png)
Corewell Health CyberSecurity News
December 10, 2025 08:00 AM
AHA’s Pollack announces plan to retire
AHA President and CEO Rick Pollack today announced his plans to retire by the end of 2026. A 43-year veteran of the association, Pollack has...
December 10, 2025 08:00 AM
HealthEC Data Hack Class Seeks OK Of $5.5M Privacy Deal
Over 1.6 million patients affected by HealthEC's cybersecurity attack in 2023 asked a New Jersey magistrate judge for her final stamp of...
November 10, 2025 08:00 AM
AHA leadership to discuss AI, public-private partnerships and more during 48th World Hospital Congress in Switzerland
AHA leaders tomorrow will participate in a series of panels during the International Hospital Federation's 48th annual World Hospital...
October 06, 2025 07:00 AM
Jason Joseph | Notable Leaders in Health Care Technology 2025
Chief Digital and Information Officer Corewell Health. Scope of work: Joseph leads more than 1,900 staff delivering digital solutions at...
September 16, 2025 07:00 AM
AHA chair discusses need for innovation during Newsweek event on digital health care
AHA Chair Tina Freese Decker, president and CEO of Corewell Health in Michigan, gave the opening remarks at Newsweek's Digital Health Care...
August 28, 2025 07:00 AM
Healthcare on the Move: HIMSS Michigan Chapter 2025 Fall Conference
The HIMSS Michigan Chapter is bringing healthcare and technology leaders together this fall for its annual 2025 Fall Conference, “Healthcare...
August 26, 2025 07:00 AM
Thumb hospital system hacked as cybercriminals move to rural heath care industry
The personal data of nearly 139000 people in Michigan's Thumb has been compromised in a cybersecurity breach at Aspire Rural Health System.
August 12, 2025 07:00 AM
SpartanNash Names Ed Rybicki CIO, Brett Hoffman CISO
They will both be part of the IT department, reporting to EVP and CFO Jason Monaco as part of the company's newly combined finance,...
August 11, 2025 07:00 AM
SpartanNash Reveals New IT Leadership
Food solutions company SpartanNash has appointed two new IT leaders: Ed Rybicki as SVP and chief information officer (CIO) and Brett Hoffman...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Corewell Health CyberSecurity History Information
Official Website of Corewell Health
The official website of Corewell Health is http://corewellhealth.org.
Corewell Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Corewell Health’s AI-generated cybersecurity score is 739, reflecting their Moderate security posture.
How many security badges does Corewell Health’ have ?
According to Rankiteo, Corewell Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Corewell Health been affected by any supply chain cyber incidents ?
According to Rankiteo, Corewell Health has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Corewell Health have SOC 2 Type 1 certification ?
According to Rankiteo, Corewell Health is not certified under SOC 2 Type 1.
Does Corewell Health have SOC 2 Type 2 certification ?
According to Rankiteo, Corewell Health does not hold a SOC 2 Type 2 certification.
Does Corewell Health comply with GDPR ?
According to Rankiteo, Corewell Health is not listed as GDPR compliant.
Does Corewell Health have PCI DSS certification ?
According to Rankiteo, Corewell Health does not currently maintain PCI DSS compliance.
Does Corewell Health comply with HIPAA ?
According to Rankiteo, Corewell Health is not compliant with HIPAA regulations.
Does Corewell Health have ISO 27001 certification ?
According to Rankiteo,Corewell Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Corewell Health
Corewell Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Corewell Health
Corewell Health employs approximately 41,961 people worldwide.
Subsidiaries Owned by Corewell Health
Corewell Health presently has no subsidiaries across any sectors.
Corewell Health’s LinkedIn Followers
Corewell Health’s official LinkedIn profile has approximately 66,399 followers.
NAICS Classification of Corewell Health
Corewell Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Corewell Health’s Presence on Crunchbase
No, Corewell Health does not have a profile on Crunchbase.
Corewell Health’s Presence on LinkedIn
Yes, Corewell Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/corewell-health.
Cybersecurity Incidents Involving Corewell Health
As of January 21, 2026, Rankiteo reports that Corewell Health has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Corewell Health has an estimated 31,578 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Corewell Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Corewell Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notifying affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Welltok Data Breach
Description: Welltok revealed a data breach affecting around 8.5 million patients due to a zero-day vulnerability in the MOVEit Transfer programme.
Type: Data Breach
Attack Vector: Exploitation of Zero-Day Vulnerability
Vulnerability Exploited: MOVEit Transfer programme
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through MOVEit Transfer programme.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COR358271123
Data Compromised: Patient information, Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Information, Phone Numbers, Physical Addresses, Email Addresses, Full Names, Health Insurance Details, Medicare/Medicaid Id Numbers, Social Security Numbers (Ssns) and .
Which entities were affected by each incident ?
Incident : Data Breach COR358271123
Entity Name: Welltok
Entity Type: Healthcare Services
Industry: Healthcare
Customers Affected: 8.5 million
Incident : Data Breach COR358271123
Entity Name: Asuris Northwest Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: BridgeSpan Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Minnesota
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Alabama
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Kansas
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of North Carolina
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Corewell Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Faith Regional Health Services
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Mass General
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Brigham Health Plan
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Priority Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueCross BlueShield of Oregon
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueShield
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueCross BlueShield of Utah
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence Blue Shield of Idaho
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: St. Bernards Healthcare
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Sutter Health
Entity Type: Healthcare
Industry: Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COR358271123
Communication Strategy: Notifying affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COR358271123
Type of Data Compromised: Patient information, Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
Number of Records Exposed: 8.5 million
Sensitivity of Data: High
Personally Identifiable Information: full namesphone numbersphysical addressesemail addressesMedicare/Medicaid ID numbersSocial Security numbers (SSNs)
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifying affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COR358271123
Entry Point: MOVEit Transfer programme
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach COR358271123
Root Causes: Zero-day vulnerability in the MOVEit Transfer programme
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient information, phone numbers, physical addresses, email addresses, full names, health insurance details, Medicare/Medicaid ID numbers, Social Security numbers (SSNs) and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were health insurance details, Medicare/Medicaid ID numbers, Social Security numbers (SSNs), email addresses, patient information, phone numbers, full names and physical addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 8.5M.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an MOVEit Transfer programme.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=corewell-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
