Dignity Health A.I CyberSecurity Scoring
Dignity Health
Company Information
Website:https://www.commonspirit.careers/
Employees number:31,720
Number of followers:196,602
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:commonspirit.careers
Dignity Health Risk Score (AI oriented)
Between 650 and 699
Dignity HealthHospitals and Health Care
Updated:
12/06/2026
12/06/2026
692/1000
Weak
B
Dignity Health Global Score (TPRM)
xxxx
Dignity HealthHospitals and Health Care
Score locked

Dignity HealthWeak
Current Score
692B (WEAK)
01000
6 incidents
-48 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
693
JUNE 2026
692
MAY 2026
689
APRIL 2026
736
Breach
09 Apr 2026 • Dignity Health
Dignity Health, St. Mary’s Medical Center and Clinical Registry Solutions: Clinical Registry Solutions Data Breach Exposes Sensitive Patient Data
Cyberattack on Clinical Registry Solutions Exposes Patient and Employee Data
688
CRITICAL-48
DIGST-CLI1781224155
Cyberattack on Clinical Registry Solutions Exposes Patient and Employee Data
Brooklyn-based healthcare data management firm Clinical Registry Solutions (CRS) disclosed a data breach affecting patient information it maintained for St. Mary’s Medical Center, a Dignity Health hospital. CRS, which provides clinical data abstraction and registry support to healthcare providers, detected suspicious activity on its network on April 9, 2026, prompting an immediate investigation.
The company confirmed that an unauthorized party accessed its systems on the same day, acquiring files containing patient data from St. Mary’s Medical Center. According to CRS’s notification, the exposed information included names, medical record numbers, and procedure dates classified as both personally identifiable information (PII) and protected health information (PHI). The company clarified that Social Security numbers, diagnoses, and treatment plans were not part of the compromised patient data.
However, on May 6, 2026, the Akira ransomware group claimed responsibility for the attack via a Tor-based dark web posting, asserting it had exfiltrated 41 GB of data from CRS. The group’s claims extended beyond patient records, alleging the theft of employee PII including passports, driver’s licenses, and Social Security numbers as well as corporate documents, financial records, payment details, contracts, and non-disclosure agreements. The discrepancy between CRS’s disclosure and Akira’s claims remains unresolved.
CRS reported the breach to the California Attorney General and stated it found no evidence of misuse of the exposed data for fraud or identity theft. The company engaged Cyberscout (a TransUnion subsidiary) to manage breach notifications, sending letters to affected individuals with guidance on fraud alerts, credit freezes, and credit monitoring. A dedicated call center was established for inquiries, operating Monday through Friday from 8:00 a.m. to 8:00 p.m. EST.
The incident highlights the risks of third-party vendor breaches in healthcare, where sensitive data is often shared across multiple entities. While CRS has taken steps to mitigate the fallout, the full scope of the exposure particularly regarding employee and corporate records remains under scrutiny.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
736
FEBRUARY 2026
734
JANUARY 2026
734
DECEMBER 2025
732
NOVEMBER 2025
731
OCTOBER 2025
730
SEPTEMBER 2025
729
AUGUST 2025
728
MARCH 2024
752
Breach
01 Mar 2024 • Dignity Health
Dignity Health (St. Rose Dominican Hospital, Rosa de Lima Campus)
Data Breach at Dignity Health - St. Rose Dominican Hospital, Rosa de Lima Campus via R1 RCM Inc.
704
CRITICAL-48
DIG5762157091125
An unauthorized third party accessed the personal identifying information (PII) and protected health information (PHI) of patients at Dignity Health’s St. Rose Dominican Hospital (Rosa de Lima Campus). The compromised data included names, contact details, Social Security numbers, dates of birth, clinical/diagnosis records, medical account numbers, and service locations. The breach, disclosed around March 2024, led to a $675,000 class-action settlement to cover identity theft risks, fraudulent transactions, falsified tax returns, and unauthorized medical claims. Patients were offered credit monitoring, medical identity-theft protection, and reimbursements up to $2,500 for extraordinary losses. The incident exposed victims to financial fraud, medical identity theft, and reputational harm, with potential long-term consequences for affected individuals. The breach was attributed to a cybersecurity failure allowing external access to sensitive records.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2017
682
Breach
08 Sep 2017 • Dignity Health
Dignity Health
Data Breach at Dignity Health - Mercy San Juan Medical Center
634
HIGH-48
DIG328072625
The California Office of the Attorney General reported a data breach involving Dignity Health - Mercy San Juan Medical Center on November 13, 2017. From September 8 to 12, 2017, a software error in the Employee Self Service system exposed employee names, employee ID numbers, and Social Security Numbers to other internal staff. The total number of individuals affected is unknown.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2016
701
Breach
01 Aug 2016 • Dignity Health
Dignity Health
Dominican Hospital Data Breach
652
CRITICAL-49
DIG15131522
Dominican Hospital, part of Dignity Health, accedentially suffered from a data breach incident in August 2016.
The attack compromised the name, account number, admission date, length of stay, total charges, unit they were seen in, room number they were seen in, and insurance carrier name.
The health plan that received the transmission has been cooperating with the hospital and expected to provide an attestation that the errant data was destroyed.
Dominican Hospital took action and provided traning sessions to their staff and took disciplinary action.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JULY 2016
749
Breach
28 Jul 2016 • Dignity Health
Dominican Hospital
Dominican Hospital Data Breach (2016)
701
CRITICAL-48
DIG014091825
On July 28, 2016, Dominican Hospital, a healthcare facility under the jurisdiction of the California Office of the Attorney General, suffered a data breach involving the unauthorized transmission of a Microsoft Excel workbook via secured email. The file was sent to a local health plan but inadvertently included patient information for individuals not affiliated with the plan. The exposed data comprised sensitive details such as names, account numbers, and medical records, though Social Security numbers were not compromised. The breach raised concerns over patient privacy violations and potential misuse of medical data, which could lead to identity theft, targeted phishing, or fraudulent medical claims. While the exact number of affected individuals remains undisclosed (marked as 'UNKN'), the incident underscored vulnerabilities in data-sharing protocols between healthcare providers and third-party entities. The exposure of medical information—a highly regulated and sensitive data category—poses long-term risks, including reputational damage to the hospital and erosion of patient trust. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) likely followed, given the nature of the compromised data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2015
793
Breach
01 Jun 2015 • Dignity Health
Dignity Health
Dignity Health Data Breach
738
CRITICAL-55
DIG456080425
On June 9, 2016, Dignity Health reported a data breach involving patient information accessed inappropriately by a case manager employed by their business partner, naviHealth, from June 2015 to May 2016. The breach potentially affected various personal and clinical information of patients, including names, social security numbers, and health insurance details. Dignity Health is offering 12 months of free credit monitoring to affected individuals.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Dignity Health ??
What was Dignity Health's A.I Rankiteo Cyber Score in June 2026 ??
What was Dignity Health's A.I Rankiteo Cyber Score in May 2026 ??
What was Dignity Health's A.I Rankiteo Cyber Score in April 2026 ??
What was Dignity Health's A.I Rankiteo Cyber Score in March 2026 ??
What was Dignity Health's A.I Rankiteo Cyber Score in February 2026 ??
What was Dignity Health's A.I Rankiteo Cyber Score in January 2026 ??
What was Dignity Health's A.I Rankiteo Cyber Score in December 2025 ??
What was Dignity Health's A.I Rankiteo Cyber Score in November 2025 ??
What was Dignity Health's A.I Rankiteo Cyber Score in October 2025 ??
What was Dignity Health's A.I Rankiteo Cyber Score in September 2025 ??
What was Dignity Health's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Dignity Health's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Dignity Health ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Dignity Health's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?