Emory Healthcare
Company Details
Linkedin ID:
emory-healthcare
Website:
Employees number:
16,255
Number of followers:
118,671
NAICS:
62
Industry Type:
Homepage:
emoryhealthcare.org
IP Addresses:
34
Company ID:
EMO_7349933
Scan Status:
Completed
Emory Healthcare Company CyberSecurity Posture
emoryhealthcare.org
Emory Healthcare is the most comprehensive health care system in Georgia. We offer 11 hospitals, the Emory Clinic, more than 250 provider locations, and more than 2,800 physicians specializing in 70 different medical subspecialties. Meaning we can provide treatments and services that may not be available at local community hospitals. That's the Emory Difference.
Emory Healthcare A.I CyberSecurity Scoring
Emory Healthcare Risk Score (AI oriented)Between 700 and 749
Emory Healthcare
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Emory Healthcare Global Score (TPRM)XXXX
Emory Healthcare
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Emory Healthcare Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Emory Healthcare
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: MultiCare Health System in Washington suffered a third-party data breach that originated at its mailing service provider, Kaye-Smith. The breach impacted more than 23,000 individuals at MultiCare. However, Kaye-Smith hired experts to investigate suspicious activity within its digital environment
Emory Healthcare, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving Emory Healthcare, Inc. on May 16, 2012. The breach was discovered on February 20, 2012, involving the loss of 10 backup data discs containing personal information of surgical patients treated between September 1990 and April 2007, potentially affecting approximately 228,000 records that included Social Security numbers.
Healthcare Corp
Cyber Attack
Rankiteo Explanation
Attack that could injure or kill people
Description: Healthcare Corp experienced a severe data breach where hackers compromised the core health system, delaying critical treatments like surgeries and cancer procedures. The attack caused significant disruptions, potentially endangering patient lives. The breach was detected in real-time using Breachsense, which monitors the dark web for such threats. Despite the detection, the attack had already caused substantial damage, highlighting the importance of proactive cybersecurity measures.
Emory Healthcare Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Emory Healthcare
Incidents vs Hospitals and Health Care Industry Average (This Year)
Emory Healthcare has 33.33% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Emory Healthcare has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Emory Healthcare vs Hospitals and Health Care Industry Avg (This Year)
Emory Healthcare reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Emory Healthcare (X = Date, Y = Severity)
Emory Healthcare cyber incidents detection timeline including parent company and subsidiaries
Emory Healthcare Company Subsidiaries
Emory Healthcare is the most comprehensive health care system in Georgia. We offer 11 hospitals, the Emory Clinic, more than 250 provider locations, and more than 2,800 physicians specializing in 70 different medical subspecialties. Meaning we can provide treatments and services that may not be available at local community hospitals. That's the Emory Difference.
Loading...
Emory Healthcare Similar Companies
Trinity Health
Trinity Health is one of the largest not-for-profit, Catholic health care systems in the nation. It is a family of 123,000 colleagues and nearly 27,000 physicians and clinicians caring for diverse communities across 26 states. Nationally recognized for care and experience, the Trinity Health system
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
Lifespan
Lifespan, Rhode Island's first health system, was founded in 1994 by Rhode Island Hospital and The Miriam Hospital. A comprehensive, integrated, academic health system, Lifespan’s present partners also include RI Hospital’s Hasbro Children's Hospital , Bradley Hospital, and Newport Hospital. A not
A national blended health organization, Highmark Health and our leading businesses support millions of customers with products, services and solutions closely aligned to our mission of creating remarkable health experiences, freeing people to be their best. Headquartered in Pittsburgh, we're region
Labcorp
Clear and confident health care decisions begin with questions. At Labcorp, we’re constantly in pursuit of answers. As a global leader of innovative and comprehensive laboratory services, we help doctors, hospitals, pharmaceutical companies, researchers and patients make clear and confident decisi
Omega Healthcare Management Services
Founded in 2003, Omega Healthcare Management Services® (Omega Healthcare) empowers healthcare to thrive via intelligent solutions that optimize revenue cycle operations, administrative workflows, care coordination, and clinical research on a global scale. The company works with providers, payers, li
IQVIA (NYSE:IQV) is a leading global provider of clinical research services, commercial insights and healthcare intelligence to the life sciences and healthcare industries. IQVIA’s portfolio of solutions are powered by IQVIA Connected Intelligence™ to deliver actionable insights and services built o
Ramsay Health Care
Ramsay Health Care is a trusted provider of private hospital and healthcare services in Australia, Europe and the United Kingdom. Every year, millions of patients put their trust in Ramsay, confident in our ability to deliver safe, high-quality healthcare with outstanding clinical outcomes. We ope
GeBBS Healthcare Solutions
GeBBS Healthcare Solutions is a KLAS rated leading provider of Revenue Cycle Management (RCM) services and Risk Adjustment solutions. GeBBS’ innovative technology, combined with over 14,000-strong global workforce, helps clients improve financial performance, adhere to compliance, and enhance the pa
.png)
Emory Healthcare CyberSecurity News
September 30, 2025 07:00 AM
Atlanta United Gains More Space for Productions, Creative Projects at New Emory Healthcare Studio in Marietta
The 2025 Major League Soccer season is winding down, but Atlanta United is ending the year on a high note with the opening of its new Emory...
September 29, 2025 07:00 AM
Top 5 Best Coding Bootcamps in Atlanta in 2025
The top five bootcamps offer diverse options, including Emory Coding Bootcamp, Tech Talent South, DigitalCrafts, Flatiron School, and General Assembly.
September 05, 2025 07:00 AM
How CVS is working with health systems to push primary care
CVS Health is tapping into health system partnerships as it rapidly expands primary care offerings. CVS has added primary care services at...
August 29, 2025 07:00 AM
Emory Healthcare Hands Legal Reins to K&L Gates Partner
Atlanta-based Emory Healthcare has named Gina Bertolini, a health care regulatory lawyer with more than two decades of experience,...
August 13, 2025 07:00 AM
AHA podcast: How CommonSpirit Mercy Hospital Is Revolutionizing Rural Cardiac Care
Josh Neff, CEO of CommonSpirit Mercy Hospital, discusses a new cutting-edge communication platform that sends patient EKGs directly from the...
August 10, 2025 07:00 AM
How AI Is Helping Healthcare Companies in Atlanta Cut Costs and Improve Efficiency
Atlanta healthcare companies use AI to reduce administrative costs by automating tasks like scheduling, billing, and insurance verification,...
June 10, 2025 07:00 AM
Emory Healthcare invests in value-based care startup
Guidehealth, a value-based care and health technology services startup, received $10 million in a strategic investment from Atlanta-based Emory Healthcare on...
June 02, 2025 07:00 AM
Top 5 Best AI Bootcamps in Atlanta in 2025
Atlanta's top AI bootcamps for 2025 include 4Geeks Academy, Georgia Tech, Fullstack Academy (Emory), Noble Desktop, and NobleProg.
May 22, 2025 07:00 AM
Apple products transform care at Emory Healthcare
Emory Healthcare has introduced Mac, iPhone, iPad, and Apple Watch across Emory Hillandale Hospital, enabling clinicians to work more efficiently and stay...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Emory Healthcare CyberSecurity History Information
Official Website of Emory Healthcare
The official website of Emory Healthcare is http://www.emoryhealthcare.org.
Emory Healthcare’s AI-Generated Cybersecurity Score
According to Rankiteo, Emory Healthcare’s AI-generated cybersecurity score is 733, reflecting their Moderate security posture.
How many security badges does Emory Healthcare’ have ?
According to Rankiteo, Emory Healthcare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Emory Healthcare have SOC 2 Type 1 certification ?
According to Rankiteo, Emory Healthcare is not certified under SOC 2 Type 1.
Does Emory Healthcare have SOC 2 Type 2 certification ?
According to Rankiteo, Emory Healthcare does not hold a SOC 2 Type 2 certification.
Does Emory Healthcare comply with GDPR ?
According to Rankiteo, Emory Healthcare is not listed as GDPR compliant.
Does Emory Healthcare have PCI DSS certification ?
According to Rankiteo, Emory Healthcare does not currently maintain PCI DSS compliance.
Does Emory Healthcare comply with HIPAA ?
According to Rankiteo, Emory Healthcare is not compliant with HIPAA regulations.
Does Emory Healthcare have ISO 27001 certification ?
According to Rankiteo,Emory Healthcare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Emory Healthcare
Emory Healthcare operates primarily in the Hospitals and Health Care industry.
Number of Employees at Emory Healthcare
Emory Healthcare employs approximately 16,255 people worldwide.
Subsidiaries Owned by Emory Healthcare
Emory Healthcare presently has no subsidiaries across any sectors.
Emory Healthcare’s LinkedIn Followers
Emory Healthcare’s official LinkedIn profile has approximately 118,671 followers.
NAICS Classification of Emory Healthcare
Emory Healthcare is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Emory Healthcare’s Presence on Crunchbase
No, Emory Healthcare does not have a profile on Crunchbase.
Emory Healthcare’s Presence on LinkedIn
Yes, Emory Healthcare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/emory-healthcare.
Cybersecurity Incidents Involving Emory Healthcare
As of November 27, 2025, Rankiteo reports that Emory Healthcare has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Emory Healthcare has an estimated 29,962 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Emory Healthcare ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Emory Healthcare detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experts hired by kaye-smith, and enhanced monitoring with breachsense..
Incident Details
Can you provide details on each incident ?
Title: MultiCare Health System Data Breach
Description: MultiCare Health System in Washington suffered a third-party data breach that originated at its mailing service provider, Kaye-Smith. The breach impacted more than 23,000 individuals at MultiCare. However, Kaye-Smith hired experts to investigate suspicious activity within its digital environment.
Type: Data Breach
Attack Vector: Third-party Service Provider
Title: Healthcare Corp Data Breach
Description: Healthcare Corp experienced a severe data breach where hackers compromised the core health system, delaying critical treatments like surgeries and cancer procedures. The attack caused significant disruptions, potentially endangering patient lives. The breach was detected in real-time using Breachsense, which monitors the dark web for such threats. Despite the detection, the attack had already caused substantial damage, highlighting the importance of proactive cybersecurity measures.
Type: Data Breach
Threat Actor: Hackers
Title: Data Breach at Emory Healthcare, Inc.
Description: The California Office of the Attorney General reported a data breach involving Emory Healthcare, Inc. on May 16, 2012. The breach was discovered on February 20, 2012, involving the loss of 10 backup data discs containing personal information of surgical patients treated between September 1990 and April 2007, potentially affecting approximately 228,000 records that included Social Security numbers.
Date Detected: 2012-02-20
Date Publicly Disclosed: 2012-05-16
Type: Data Breach
Attack Vector: Loss of backup data discs
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach EMO118251222
Data Compromised: Personally identifiable information
Incident : Data Breach EMO729051525
Systems Affected: Core health system
Downtime: ['Delay in critical treatments like surgeries and cancer procedures']
Operational Impact: Significant disruptions
Incident : Data Breach EMO728072825
Data Compromised: Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, , Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach EMO118251222
Entity Name: MultiCare Health System
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Washington
Customers Affected: 23,000
Incident : Data Breach EMO729051525
Entity Name: Healthcare Corp
Entity Type: Healthcare Provider
Industry: Healthcare
Incident : Data Breach EMO728072825
Entity Name: Emory Healthcare, Inc.
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 228000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach EMO118251222
Third Party Assistance: Experts Hired By Kaye-Smith.
Incident : Data Breach EMO729051525
Enhanced Monitoring: Breachsense
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experts hired by Kaye-Smith, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach EMO118251222
Type of Data Compromised: Personally identifiable information
Number of Records Exposed: 23,000
Personally Identifiable Information: Patient Information
Incident : Data Breach EMO728072825
Type of Data Compromised: Social security numbers
Number of Records Exposed: 228000
Sensitivity of Data: High
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach EMO729051525
Lessons Learned: Highlighting the importance of proactive cybersecurity measures.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Highlighting the importance of proactive cybersecurity measures.
References
Where can I find more information about each incident ?
Incident : Data Breach EMO728072825
Source: California Office of the Attorney General
Date Accessed: 2012-05-16
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2012-05-16.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach EMO118251222
Investigation Status: Ongoing
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experts Hired By Kaye-Smith, , Breachsense, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Hackers.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2012-02-20.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2012-05-16.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personally Identifiable Information, , Social Security numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Core health system.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experts hired by kaye-smith, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers and Personally Identifiable Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 23.2K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Highlighting the importance of proactive cybersecurity measures.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=emory-healthcare' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
