Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Dignity Health

Dignity Health Vendor Cyber Rating & Cyber Score

commonspirit.careers

We provide quality, compassionate health care at more than 40 hospitals and care centers that are serving communities across California, Arizona and Nevada every minute of every day. And while not everyone may live near a major medical facility, Dignity Health is making health care more accessible by bringing resources closer to where people live and work. In urban and rural communities alike, residents of all ages and backgrounds have access to primary care, preventive treatment, clinical support, chronic disease management, trauma services, and a host of medical and therapeutic specializations. With several different ways to activate your search, let us help you to quickly and easily find an affordable, quality medical facility


Dignity Health A.I CyberSecurity Scoring

Dignity Health
Company Information
Website:https://www.commonspirit.careers/
Employees number:31,720
Number of followers:196,602
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:commonspirit.careers
Dignity Health Risk Score (AI oriented)
Between 650 and 699
logo
Dignity HealthHospitals and Health Care
Updated:
12/06/2026
692/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Dignity Health Global Score (TPRM)
xxxx
logo
Dignity HealthHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Dignity Health
Dignity HealthWeak
Current Score
692B (WEAK)
01000
6 incidents
-48 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
693Before Incident
JUNE 2026
692Before Incident
MAY 2026
689Before Incident
APRIL 2026
736Before Incident
Breach
09 Apr 2026Dignity Health
Dignity Health, St. Mary’s Medical Center and Clinical Registry Solutions: Clinical Registry Solutions Data Breach Exposes Sensitive Patient Data

Cyberattack on Clinical Registry Solutions Exposes Patient and Employee Data

688After Incident
CRITICAL-48
DIGST-CLI1781224155
Cyberattack on Clinical Registry Solutions Exposes Patient and Employee Data Brooklyn-based healthcare data management firm Clinical Registry Solutions (CRS) disclosed a data breach affecting patient information it maintained for St. Mary’s Medical Center, a Dignity Health hospital. CRS, which provides clinical data abstraction and registry support to healthcare providers, detected suspicious activity on its network on April 9, 2026, prompting an immediate investigation. The company confirmed that an unauthorized party accessed its systems on the same day, acquiring files containing patient data from St. Mary’s Medical Center. According to CRS’s notification, the exposed information included names, medical record numbers, and procedure dates classified as both personally identifiable information (PII) and protected health information (PHI). The company clarified that Social Security numbers, diagnoses, and treatment plans were not part of the compromised patient data. However, on May 6, 2026, the Akira ransomware group claimed responsibility for the attack via a Tor-based dark web posting, asserting it had exfiltrated 41 GB of data from CRS. The group’s claims extended beyond patient records, alleging the theft of employee PII including passports, driver’s licenses, and Social Security numbers as well as corporate documents, financial records, payment details, contracts, and non-disclosure agreements. The discrepancy between CRS’s disclosure and Akira’s claims remains unresolved. CRS reported the breach to the California Attorney General and stated it found no evidence of misuse of the exposed data for fraud or identity theft. The company engaged Cyberscout (a TransUnion subsidiary) to manage breach notifications, sending letters to affected individuals with guidance on fraud alerts, credit freezes, and credit monitoring. A dedicated call center was established for inquiries, operating Monday through Friday from 8:00 a.m. to 8:00 p.m. EST. The incident highlights the risks of third-party vendor breaches in healthcare, where sensitive data is often shared across multiple entities. While CRS has taken steps to mitigate the fallout, the full scope of the exposure particularly regarding employee and corporate records remains under scrutiny.
INCIDENT DETAILS -
TYPE
Data Breach, Ransomware
MOTIVATION
Data exfiltration, Financial gain
IMPACT
Data Compromised: 41 GBSystems Affected: Clinical Registry Solutions networkBrand Reputation Impact: HighLegal Liabilities: PotentialIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Personally Identifiable Information (PII)Protected Health Information (PHI)Employee PIICorporate documentsFinancial recordsPayment detailsContractsNon-disclosure agreementsSensitivity Of Data: HighData Exfiltration: Yes (41 GB)NamesMedical record numbersProcedure datesPassportsDriver’s licensesSocial Security numbers
MARCH 2026
736Before Incident
FEBRUARY 2026
734Before Incident
JANUARY 2026
734Before Incident
DECEMBER 2025
732Before Incident
NOVEMBER 2025
731Before Incident
OCTOBER 2025
730Before Incident
SEPTEMBER 2025
729Before Incident
AUGUST 2025
728Before Incident
MARCH 2024
752Before Incident
Breach
01 Mar 2024Dignity Health
Dignity Health (St. Rose Dominican Hospital, Rosa de Lima Campus)

Data Breach at Dignity Health - St. Rose Dominican Hospital, Rosa de Lima Campus via R1 RCM Inc.

704After Incident
CRITICAL-48
DIG5762157091125
An unauthorized third party accessed the personal identifying information (PII) and protected health information (PHI) of patients at Dignity Health’s St. Rose Dominican Hospital (Rosa de Lima Campus). The compromised data included names, contact details, Social Security numbers, dates of birth, clinical/diagnosis records, medical account numbers, and service locations. The breach, disclosed around March 2024, led to a $675,000 class-action settlement to cover identity theft risks, fraudulent transactions, falsified tax returns, and unauthorized medical claims. Patients were offered credit monitoring, medical identity-theft protection, and reimbursements up to $2,500 for extraordinary losses. The incident exposed victims to financial fraud, medical identity theft, and reputational harm, with potential long-term consequences for affected individuals. The breach was attributed to a cybersecurity failure allowing external access to sensitive records.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized AccessClass Action Settlement
IMPACT
Settlement Fund: $675,000Out Of Pocket Expenses: Up to $500Extraordinary Losses: Up to $2,500Pro Rata Cash Payment: Varies (based on remaining funds)Settlement Administration: To be determinedAttorneys Fees: Amount pending court approvalClass Representative Award: Up to $2,500NameContact informationDate of birthSocial Security numberLocation of servicesClinical/diagnosis informationPatient account numberMedical record numberCustomer Complaints: Class action lawsuit filedBrand Reputation Impact: Likely negative (settlement indicates reputational harm)Legal Liabilities: $675,000 settlementIdentity Theft Risk: High (SSNs and medical data exposed)
DATA BREACH
PIIPHISensitivity Of Data: High (includes SSNs, medical records, and clinical data)Data Exfiltration: Likely (data accessed by unauthorized third party)NameContact informationDate of birthSocial Security numberPatient account numberMedical record number
SEPTEMBER 2017
682Before Incident
Breach
08 Sep 2017Dignity Health
Dignity Health

Data Breach at Dignity Health - Mercy San Juan Medical Center

634After Incident
HIGH-48
DIG328072625
The California Office of the Attorney General reported a data breach involving Dignity Health - Mercy San Juan Medical Center on November 13, 2017. From September 8 to 12, 2017, a software error in the Employee Self Service system exposed employee names, employee ID numbers, and Social Security Numbers to other internal staff. The total number of individuals affected is unknown.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Employee namesEmployee ID numbersSocial Security NumbersEmployee Self Service system
DATA BREACH
Employee namesEmployee ID numbersSocial Security NumbersSensitivity Of Data: High
AUGUST 2016
701Before Incident
Breach
01 Aug 2016Dignity Health
Dignity Health

Dominican Hospital Data Breach

652After Incident
CRITICAL-49
DIG15131522
Dominican Hospital, part of Dignity Health, accedentially suffered from a data breach incident in August 2016. The attack compromised the name, account number, admission date, length of stay, total charges, unit they were seen in, room number they were seen in, and insurance carrier name. The health plan that received the transmission has been cooperating with the hospital and expected to provide an attestation that the errant data was destroyed. Dominican Hospital took action and provided traning sessions to their staff and took disciplinary action.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
nameaccount numberadmission datelength of staytotal chargesunit they were seen inroom number they were seen ininsurance carrier name
DATA BREACH
nameaccount numberadmission datelength of staytotal chargesunit they were seen inroom number they were seen ininsurance carrier namenameaccount numberadmission datelength of staytotal chargesunit they were seen inroom number they were seen ininsurance carrier name
JULY 2016
749Before Incident
Breach
28 Jul 2016Dignity Health
Dominican Hospital

Dominican Hospital Data Breach (2016)

701After Incident
CRITICAL-48
DIG014091825
On July 28, 2016, Dominican Hospital, a healthcare facility under the jurisdiction of the California Office of the Attorney General, suffered a data breach involving the unauthorized transmission of a Microsoft Excel workbook via secured email. The file was sent to a local health plan but inadvertently included patient information for individuals not affiliated with the plan. The exposed data comprised sensitive details such as names, account numbers, and medical records, though Social Security numbers were not compromised. The breach raised concerns over patient privacy violations and potential misuse of medical data, which could lead to identity theft, targeted phishing, or fraudulent medical claims. While the exact number of affected individuals remains undisclosed (marked as 'UNKN'), the incident underscored vulnerabilities in data-sharing protocols between healthcare providers and third-party entities. The exposure of medical information—a highly regulated and sensitive data category—poses long-term risks, including reputational damage to the hospital and erosion of patient trust. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) likely followed, given the nature of the compromised data.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaccount numbersmedical informationIdentity Theft Risk: Low (no SSNs compromised)
DATA BREACH
namesaccount numbersmedical informationNumber Of Records Exposed: UNKNSensitivity Of Data: Moderate (no SSNs, but medical and account data)Data Exfiltration: Yes (transmitted via email)Data Encryption: Yes (secured email)Microsoft Excel workbooknamesaccount numbers
JUNE 2015
793Before Incident
Breach
01 Jun 2015Dignity Health
Dignity Health

Dignity Health Data Breach

738After Incident
CRITICAL-55
DIG456080425
On June 9, 2016, Dignity Health reported a data breach involving patient information accessed inappropriately by a case manager employed by their business partner, naviHealth, from June 2015 to May 2016. The breach potentially affected various personal and clinical information of patients, including names, social security numbers, and health insurance details. Dignity Health is offering 12 months of free credit monitoring to affected individuals.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Unknown
IMPACT
NamesSocial Security NumbersHealth Insurance Details
DATA BREACH
Personal InformationClinical InformationSensitivity Of Data: HighNamesSocial Security Numbers

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Dignity Health ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Dignity Health's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Dignity Health's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Dignity Health ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Dignity Health's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?