DRH Health
Company Details
Linkedin ID:
duncanregionalhospital
Website:
Employees number:
196
Number of followers:
867
NAICS:
62
Industry Type:
Homepage:
drhhealth.org
IP Addresses:
0
Company ID:
DRH_6212429
Scan Status:
In-progress
DRH Health Company CyberSecurity Posture
drhhealth.org
DRH Health is a progressive, not-for-profit community hospital that is constantly evolving to meet the ever-changing needs of the community. Our team of dedicated healthcare professionals is committed to delivering compassionate, personalized service and care to our patients and their families. DRH Health is committed to: Delivering a seamless, state-of-the-art health services environment Exceeding the expectations of those we serve. Making our patients’ ideal encounter a reality. Providing personalized care and service with a commitment to excellence.
DRH Health A.I CyberSecurity Scoring
DRH Health Risk Score (AI oriented)Between 700 and 749
DRH Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DRH Health Global Score (TPRM)XXXX
DRH Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DRH Health Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
DRH Health
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Duncan Regional Hospital, Inc. suffered a data breach incident that impacted many individuals. A cybersecurity incident affected one of the hospital’s servers in January 2022 and compromised the consumer information of about 92,398 individuals including parties’ names and Social Security numbers. The hospital investigated the incident, secured its systems, and notified the affected individuals.
DRH Health
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Some of the systems of DRH Health suspected suspicious activity that impacted its primary electronic medical records system. The compromised information included names, Social Security numbers, dates of birth, phone numbers, addresses, limited treatment information and medical appointment information such as dates of service and names of the healthcare provider. DRH immediately implemented incident response protocols, disconnected all systems, and investigated the incident with external cybersecurity experts
DRH Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DRH Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for DRH Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for DRH Health in 2025.
Incident Types DRH Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for DRH Health in 2025.
Incident History — DRH Health (X = Date, Y = Severity)
DRH Health cyber incidents detection timeline including parent company and subsidiaries
DRH Health Company Subsidiaries
DRH Health is a progressive, not-for-profit community hospital that is constantly evolving to meet the ever-changing needs of the community. Our team of dedicated healthcare professionals is committed to delivering compassionate, personalized service and care to our patients and their families. DRH Health is committed to: Delivering a seamless, state-of-the-art health services environment Exceeding the expectations of those we serve. Making our patients’ ideal encounter a reality. Providing personalized care and service with a commitment to excellence.
Loading...
DRH Health Similar Companies
Providence
Every day, 119,000 compassionate caregivers serve patients and communities through Providence St. Joseph Health, a national, Catholic, not-for-profit health system, driven by a belief that health is a human right. Rooted in the founding missions of the Sisters of Providence and the Sisters of St.
Sutter Health is a not-for-profit, people-centered healthcare system providing comprehensive care throughout California. Sutter Health is committed to innovative, high-quality patient care and community partnerships, and innovative, high-quality patient care. Today, Sutter Health is pursuing a bold
A Dasa é a maior rede de saúde integrada do Brasil. Faz parte da vida de mais de 20 milhões de pessoas por ano, com alta tecnologia, experiência intuitiva e atitude à frente do tempo. Com mais de 50 mil colaboradores e 250 mil médicos parceiros, existe para ser a saúde que as pessoas desejam e que
RWJBarnabas Health is New Jersey’s largest and most comprehensive academic health system, caring for more than 5 million people annually. Nationally renowned for quality and safety, the system includes 14 hospitals and 9,000 affiliated physicians integrated to provide care at more than 700 patient
As a premier care provider since 1985, Genesis HealthCare is a holding company with subsidiaries that, on a combined basis, provide services to skilled nursing facilities and senior living communities. Genesis also specializes in contract rehabilitation therapy, respiratory therapy, physician servic
HCA Healthcare is dedicated to giving people a healthier tomorrow. As one of the nation’s leading providers of healthcare services, HCA Healthcare is comprised of 188 hospitals and 2,400+ sites of care in 20 states and the United Kingdom. In addition to hospitals, sites of care include surgery cen
Ardent Health is a leading provider of healthcare in communities across the country. With a focus on consumer-friendly processes and investments in innovative services and technologies, Ardent is passionate about making healthcare better and easier to access. Through its subsidiaries, Ardent owns an
Relationships are the heart of our culture. They help us create a sense of family among our residents, associates and patients. Integrity is our soul. It guides us to be open in our communication with each other, and it enables us to make the right decisions for the people who have entrusted us with
Endeavor Health
NorthShore University HealthSystem, Swedish Hospital, Northwest Community Healthcare and Edward-Elmhurst Health are now united under one name: Endeavor Health. Together, we’re driven by our mission to help everyone in our communities be their best and our commitment to setting a new standard for he
.png)
DRH Health CyberSecurity News
November 17, 2025 08:00 AM
DRH Health in US implements BD Alaris interoperability with MEDITECH EHR
Duncan Regional Hospital (DRH Health) in the US has implemented Becton, Dickinson and Company's (BD) Alaris electronic medical record (EMR)...
November 09, 2025 08:00 AM
DRH Health expanding AI technology into clinical documentation
DRH Health in Duncan, Oklahoma, will be applying artificial intelligence to clinical documentation across its hospitals and clinics due to a...
November 07, 2025 08:00 AM
Commure collaborates with DRH Health to improve workflow efficiency
The partnership positions DRH Health among health systems utilising Ambient AI to document over 20 million clinician encounters.
August 28, 2025 07:00 AM
CISA releases updated draft guidance for SBOM minimum elements
The Cybersecurity and Infrastructure Security Agency has released long-awaited updated guidance on the Minimum Elements for a Software Bill...
August 26, 2025 07:00 AM
Factors hindering cybersecurity efforts in healthcare
Roger Neal, VP and COO at DRH Health, says that due to the complexities of the healthcare industry, "our goal right now needs to be to get...
August 26, 2025 07:00 AM
Advent International acquires PatientPoint for nationwide growth
The private equity firm signed a definitive agreement to acquire PatientPoint from an investor group led by L Catterton and Littlejohn & Co.
May 27, 2025 07:00 AM
Nationwide Recovery Service Data Breach Victim List Grows: 545,000+ Individuals Affected
The list of victims from the data breach at the debt collection agency Nationwide Recovery Service (NRS) is steadily growing, with a further...
May 20, 2025 07:00 AM
Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients
A third-party data breach has compromised personal information belonging to more than 200,000 Harbin Clinic patients.
April 28, 2025 07:00 AM
DRH Health Affected by the Nationwide Recovery Service Data Breach
Data breach at DRH Health may have exposed names, SSNs, and medical info. Check if you're affected and use offered credit monitoring.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DRH Health CyberSecurity History Information
Official Website of DRH Health
The official website of DRH Health is http://www.drhhealth.org.
DRH Health’s AI-Generated Cybersecurity Score
According to Rankiteo, DRH Health’s AI-generated cybersecurity score is 720, reflecting their Moderate security posture.
How many security badges does DRH Health’ have ?
According to Rankiteo, DRH Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does DRH Health have SOC 2 Type 1 certification ?
According to Rankiteo, DRH Health is not certified under SOC 2 Type 1.
Does DRH Health have SOC 2 Type 2 certification ?
According to Rankiteo, DRH Health does not hold a SOC 2 Type 2 certification.
Does DRH Health comply with GDPR ?
According to Rankiteo, DRH Health is not listed as GDPR compliant.
Does DRH Health have PCI DSS certification ?
According to Rankiteo, DRH Health does not currently maintain PCI DSS compliance.
Does DRH Health comply with HIPAA ?
According to Rankiteo, DRH Health is not compliant with HIPAA regulations.
Does DRH Health have ISO 27001 certification ?
According to Rankiteo,DRH Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of DRH Health
DRH Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at DRH Health
DRH Health employs approximately 196 people worldwide.
Subsidiaries Owned by DRH Health
DRH Health presently has no subsidiaries across any sectors.
DRH Health’s LinkedIn Followers
DRH Health’s official LinkedIn profile has approximately 867 followers.
NAICS Classification of DRH Health
DRH Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
DRH Health’s Presence on Crunchbase
No, DRH Health does not have a profile on Crunchbase.
DRH Health’s Presence on LinkedIn
Yes, DRH Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/duncanregionalhospital.
Cybersecurity Incidents Involving DRH Health
As of December 05, 2025, Rankiteo reports that DRH Health has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
DRH Health has an estimated 30,458 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at DRH Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does DRH Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with yes, and containment measures with disconnected all systems, and communication strategy with notified the affected individuals..
Incident Details
Can you provide details on each incident ?
Title: DRH Health Data Breach
Description: Some of the systems of DRH Health suspected suspicious activity that impacted its primary electronic medical records system. The compromised information included names, Social Security numbers, dates of birth, phone numbers, addresses, limited treatment information and medical appointment information such as dates of service and names of the healthcare provider.
Type: Data Breach
Title: Duncan Regional Hospital Data Breach
Description: Duncan Regional Hospital, Inc. suffered a data breach incident that impacted many individuals. A cybersecurity incident affected one of the hospital’s servers in January 2022 and compromised the consumer information of about 92,398 individuals including parties’ names and Social Security numbers. The hospital investigated the incident, secured its systems, and notified the affected individuals.
Date Detected: January 2022
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DRH11627422
Data Compromised: Names, Social security numbers, Dates of birth, Phone numbers, Addresses, Limited treatment information, Medical appointment information
Systems Affected: primary electronic medical records system
Incident : Data Breach DRH378622
Data Compromised: Names, Social security numbers
Systems Affected: one of the hospital’s servers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Dates Of Birth, Phone Numbers, Addresses, Limited Treatment Information, Medical Appointment Information, , Names, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach DRH11627422
Entity Name: DRH Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach DRH378622
Entity Name: Duncan Regional Hospital, Inc.
Entity Type: Hospital
Industry: Healthcare
Customers Affected: 92,398 individuals
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DRH11627422
Incident Response Plan Activated: Yes
Third Party Assistance: Yes
Containment Measures: disconnected all systems
Incident : Data Breach DRH378622
Communication Strategy: notified the affected individuals
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DRH11627422
Type of Data Compromised: Names, Social security numbers, Dates of birth, Phone numbers, Addresses, Limited treatment information, Medical appointment information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach DRH378622
Type of Data Compromised: Names, Social security numbers
Number of Records Exposed: 92,398
Sensitivity of Data: High
Personally Identifiable Information: yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disconnected all systems and .
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach DRH11627422
Investigation Status: Investigated with external cybersecurity experts
Incident : Data Breach DRH378622
Investigation Status: Investigated
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through notified the affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach DRH378622
Customer Advisories: notified the affected individuals
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was notified the affected individuals.
Post-Incident Analysis
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on January 2022.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, dates of birth, phone numbers, addresses, limited treatment information, medical appointment information, , names, Social Security numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was primary electronic medical records system and one of the hospital’s servers.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was disconnected all systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were limited treatment information, names, dates of birth, Social Security numbers, addresses, medical appointment information and phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 92.4K.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigated with external cybersecurity experts.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an notified the affected individuals.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).
Risk Information
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Description
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
Risk Information
cvss4
Base: 8.0
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=duncanregionalhospital' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
