Corewell Health
Company Details
Linkedin ID:
corewell-health
Website:
Employees number:
41,860
Number of followers:
65,125
NAICS:
62
Industry Type:
Homepage:
corewellhealth.org
IP Addresses:
0
Company ID:
COR_1772978
Scan Status:
In-progress
Corewell Health Company CyberSecurity Posture
corewellhealth.org
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.
Corewell Health A.I CyberSecurity Scoring
Corewell Health Risk Score (AI oriented)Between 700 and 749
Corewell Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Corewell Health Global Score (TPRM)XXXX
Corewell Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Corewell Health Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Corewell Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients. The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme. The exposed information includes patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals. The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.
Corewell Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Corewell Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Corewell Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Corewell Health in 2025.
Incident Types Corewell Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Corewell Health in 2025.
Incident History — Corewell Health (X = Date, Y = Severity)
Corewell Health cyber incidents detection timeline including parent company and subsidiaries
Corewell Health Company Subsidiaries
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.
Loading...
Corewell Health Similar Companies
Health Care Service Corporation
Health Care Service Corporation serves nearly 23 million people across the United States through its portfolio of health benefit solutions. HCSC provides health coverage options for employers large and small, individuals and families, and Medicare and Medicaid plans. HCSC also offers related health
Zuellig Pharma
Zuellig Pharma is a leading integrated healthcare solutions company in Asia with experience spanning over a century in the region. Partnering with multinational pharmaceutical manufacturers, governments, healthcare providers, and professionals, we broaden access to pharmaceutical and healthcare prod
OhioHealth
OhioHealth is a nationally recognized, not-for-profit, faith-based health system of more than 35,000 associates, providers and volunteers. We lead with our mission to improve the health of those we serve throughout our 16 hospitals and 200+ urgent, primary and specialty care sites spanning 50 Ohio c
Trinity Health
Trinity Health is one of the largest not-for-profit, Catholic health care systems in the nation. It is a family of 123,000 colleagues and nearly 27,000 physicians and clinicians caring for diverse communities across 26 states. Nationally recognized for care and experience, the Trinity Health system
Advocate Aurora Health
Advocate Aurora Health and Atrium Health are now Advocate Health – the fifth-largest nonprofit integrated health system in the U.S. Advocate Health is the fifth-largest nonprofit integrated health system in the United States –created from the combination of Advocate Aurora Health and Atrium Health
Boston Children's Hospital
Boston Children's Hospital is a 404-bed comprehensive center for pediatric health care. As one of the largest pediatric medical centers in the United States, Boston Children's offers a complete range of health care services for children from birth through 21 years of age. (Our services can begin int
NYU Langone Health is a fully integrated health system that consistently achieves the best patient outcomes through a rigorous focus on quality that has resulted in some of the lowest mortality rates in the nation. Vizient Inc. has ranked NYU Langone the No. 1 comprehensive academic medical center i
UAB Medicine
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you ar
Keralty
Anteriormente Organización Sanitas Internacional, Keralty es un grupo empresarial de valor en salud, con más de 40 años de experiencia conformado por empresas de aseguramiento y prestación de servicios de salud y una red propia hospitalaria y asistencial. También forman parte de Keralty institucion
.png)
Corewell Health CyberSecurity News
October 29, 2025 07:00 AM
This Week’s Health IT Jobs – October 29, 2025
It can be very overwhelming scrolling through job board after job board in search of a position that fits your wants and needs.
August 26, 2025 07:00 AM
Thumb hospital system hacked as cybercriminals move to rural heath care industry
The personal data of nearly 139000 people in Michigan's Thumb has been compromised in a cybersecurity breach at Aspire Rural Health System.
August 12, 2025 07:00 AM
SpartanNash Names Ed Rybicki CIO, Brett Hoffman CISO
They will both be part of the IT department, reporting to EVP and CFO Jason Monaco as part of the company's newly combined finance,...
June 17, 2025 07:00 AM
$5.48M Lawsuit Settlement Reached in Software Vendor Hack
A provider of artificial intelligence-enabled hospital cost-cutting software and several of its healthcare clients agreed to $5.48 million...
June 12, 2025 07:00 AM
$5.48 Million Settlement Approved to Resolve HealthEC Data Breach Litigation
A settlement has been agreed to resolve class action data breach litigation against HealthEC and its clients over a 2023 hacking incident and data breach.
March 24, 2025 07:00 AM
FBI, healthcare agencies warn of credible threat against hospitals, after multi-city social media terror plot alert
Hospitals and healthcare networks across America are under threat. From ransomware and insider sabotage to shootings and credible terror alerts.
February 19, 2025 08:00 AM
Starkman: Corewell Health CEO Tina Freese Decker Fires 186 Michigan Workers, Offshores Sensitive Patient Info to India
An estimated 186 employees who worked remotely and were responsible for Corewell's billing and finance functions, last Thursday were ordered to attend a 10 am...
December 16, 2024 08:00 AM
Leadership Dialogue — Assessing Health Care Challenges and Successes With Tina Freese Decker, President and CEO of Corewell Health | AHA News
In this Leadership Dialogue — my last one as AHA board chair — I talk with Tina Freese Decker, president and CEO of Corewell Health,...
September 26, 2024 07:00 AM
Over 57K Michigan Medicine patients' health information exposed in July cyberattack
Information that may have been compromised includes patients' names, medical record numbers, diagnostic information and treatment...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Corewell Health CyberSecurity History Information
Official Website of Corewell Health
The official website of Corewell Health is http://corewellhealth.org.
Corewell Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Corewell Health’s AI-generated cybersecurity score is 737, reflecting their Moderate security posture.
How many security badges does Corewell Health’ have ?
According to Rankiteo, Corewell Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Corewell Health have SOC 2 Type 1 certification ?
According to Rankiteo, Corewell Health is not certified under SOC 2 Type 1.
Does Corewell Health have SOC 2 Type 2 certification ?
According to Rankiteo, Corewell Health does not hold a SOC 2 Type 2 certification.
Does Corewell Health comply with GDPR ?
According to Rankiteo, Corewell Health is not listed as GDPR compliant.
Does Corewell Health have PCI DSS certification ?
According to Rankiteo, Corewell Health does not currently maintain PCI DSS compliance.
Does Corewell Health comply with HIPAA ?
According to Rankiteo, Corewell Health is not compliant with HIPAA regulations.
Does Corewell Health have ISO 27001 certification ?
According to Rankiteo,Corewell Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Corewell Health
Corewell Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Corewell Health
Corewell Health employs approximately 41,860 people worldwide.
Subsidiaries Owned by Corewell Health
Corewell Health presently has no subsidiaries across any sectors.
Corewell Health’s LinkedIn Followers
Corewell Health’s official LinkedIn profile has approximately 65,125 followers.
NAICS Classification of Corewell Health
Corewell Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Corewell Health’s Presence on Crunchbase
No, Corewell Health does not have a profile on Crunchbase.
Corewell Health’s Presence on LinkedIn
Yes, Corewell Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/corewell-health.
Cybersecurity Incidents Involving Corewell Health
As of November 27, 2025, Rankiteo reports that Corewell Health has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Corewell Health has an estimated 29,991 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Corewell Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Corewell Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notifying affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Welltok Data Breach
Description: Welltok revealed a data breach affecting around 8.5 million patients due to a zero-day vulnerability in the MOVEit Transfer programme.
Type: Data Breach
Attack Vector: Exploitation of Zero-Day Vulnerability
Vulnerability Exploited: MOVEit Transfer programme
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through MOVEit Transfer programme.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COR358271123
Data Compromised: Patient information, Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Information, Phone Numbers, Physical Addresses, Email Addresses, Full Names, Health Insurance Details, Medicare/Medicaid Id Numbers, Social Security Numbers (Ssns) and .
Which entities were affected by each incident ?
Incident : Data Breach COR358271123
Entity Name: Welltok
Entity Type: Healthcare Services
Industry: Healthcare
Customers Affected: 8.5 million
Incident : Data Breach COR358271123
Entity Name: Asuris Northwest Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: BridgeSpan Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Minnesota
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Alabama
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Kansas
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of North Carolina
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Corewell Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Faith Regional Health Services
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Mass General
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Brigham Health Plan
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Priority Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueCross BlueShield of Oregon
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueShield
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueCross BlueShield of Utah
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence Blue Shield of Idaho
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: St. Bernards Healthcare
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Sutter Health
Entity Type: Healthcare
Industry: Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COR358271123
Communication Strategy: Notifying affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COR358271123
Type of Data Compromised: Patient information, Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
Number of Records Exposed: 8.5 million
Sensitivity of Data: High
Personally Identifiable Information: full namesphone numbersphysical addressesemail addressesMedicare/Medicaid ID numbersSocial Security numbers (SSNs)
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifying affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COR358271123
Entry Point: MOVEit Transfer programme
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach COR358271123
Root Causes: Zero-day vulnerability in the MOVEit Transfer programme
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient information, phone numbers, physical addresses, email addresses, full names, health insurance details, Medicare/Medicaid ID numbers, Social Security numbers (SSNs) and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were physical addresses, health insurance details, patient information, email addresses, phone numbers, Medicare/Medicaid ID numbers, full names and Social Security numbers (SSNs).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 8.5M.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an MOVEit Transfer programme.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=corewell-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
