Excellus BCBS
Company Details
Linkedin ID:
excellusbcbs
Website:
Employees number:
3,672
Number of followers:
21,541
NAICS:
524
Industry Type:
Homepage:
excellusbcbs.com
IP Addresses:
0
Company ID:
EXC_1112381
Scan Status:
In-progress
Excellus BCBS Company CyberSecurity Posture
excellusbcbs.com
Excellus BlueCross BlueShield, a nonprofit independent licensee of the BlueCross BlueShield Association, is part of a family of companies that finances and delivers vital health care services to about 1.5 million people across upstate New York. Excellus BlueCross BlueShield provides access to high-quality, affordable health coverage, including valuable health-related resources that our members use every day, such as cost-saving prescription drug discounts and wellness tracking tools. To learn more, visit excellusbcbs.com.
Excellus BCBS A.I CyberSecurity Scoring
Excellus BCBS Risk Score (AI oriented)Between 750 and 799
Excellus BCBS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Excellus BCBS Global Score (TPRM)XXXX
Excellus BCBS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Excellus BCBS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Excellus BCBS
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Health insurance provider Excellus BlueCross BlueShield experienced a data breach incident in December 2013. The breach exposed the personal information including the name, date of birth, Social Security number, mailing address, member identification number, and financial account information of its customer. Excellus along with cyber security experts investigated the incident.
Excellus BCBS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Excellus BCBS
Incidents vs Insurance Industry Average (This Year)
No incidents recorded for Excellus BCBS in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Excellus BCBS in 2025.
Incident Types Excellus BCBS vs Insurance Industry Avg (This Year)
No incidents recorded for Excellus BCBS in 2025.
Incident History — Excellus BCBS (X = Date, Y = Severity)
Excellus BCBS cyber incidents detection timeline including parent company and subsidiaries
Excellus BCBS Company Subsidiaries
Excellus BlueCross BlueShield, a nonprofit independent licensee of the BlueCross BlueShield Association, is part of a family of companies that finances and delivers vital health care services to about 1.5 million people across upstate New York. Excellus BlueCross BlueShield provides access to high-quality, affordable health coverage, including valuable health-related resources that our members use every day, such as cost-saving prescription drug discounts and wellness tracking tools. To learn more, visit excellusbcbs.com.
Loading...
Excellus BCBS Similar Companies
HDFC ERGO General Insurance
HDFC ERGO General Insurance Company Limited was promoted by erstwhile Housing Development Finance Corporation Ltd. (HDFC), India’s premier Housing Finance Institution and ERGO International AG, the primary insurance entity of Munich Re Group. Consequent to the implementation of the Scheme of Amalgam
Allianz Partners
Allianz Partners is a world leader in B2B2C insurance and assistance, offering global solutions that span international health and life, travel insurance, automotive and assistance. Customer driven, our innovative experts are redefining insurance services by delivering future-ready, high-tech high-t
Assurant is a leading global business services company that supports, protects, and connects major consumer purchases. A Fortune 500 company with a presence in 21 countries, Assurant supports the advancement of the connected world by partnering with the world’s leading brands to develop innovative s
About ICICI Lombard General Insurance Company Limited ICICI Lombard is the leading private general insurance company in the country. The Company offers a comprehensive and well-diversified range of products through multiple distribution channels, including motor, health, crop, fire, personal accide
Gruppo Unipol
Unipol Group is one of the leading insurance groups in Europe and the leader in Italy in Non-Life business (particularly in Motor and Health), with total premium income of 15.1 billion euros, including 8.7 billion in Non-Life business and 6.4 billion in Life business (2023 figures). Unipol adopts an
CNO Financial Group
CNO Financial Group, Inc. (NYSE: CNO) secures the future of middle-income America. CNO provides life and health insurance, annuities, financial services, and workforce benefits solutions through our family of brands, including Bankers Life, Colonial Penn, Optavise and Washington National. Our cus
Blue Cross Blue Shield of Michigan
Blue Cross Blue Shield of Michigan is a nonprofit corporation and an independent licensee of the Blue Cross and Blue Shield Association. BCBSM's commitment to Michigan is what differentiates it from other health insurance companies doing business in the state. That mission has never changed. Nea
Prudential Indonesia (PT Prudential Life Assurance)
Listening. Understanding. Delivering. At Prudential Indonesia we deliver excellence by consistently innovating, creating new opportunities and growing our business to cater all of our customers' needs. With a vision of becoming truly world class, Prudential Indonesia provides quality services and
Gallagher, a global insurance brokerage, risk management, and consulting firm, serves communities around the globe, helping clients address risk, protecting assets, and recovering from losses. The products and services we provide keep businesses and institutions running, and enable individuals and f
.png)
Excellus BCBS CyberSecurity News
July 07, 2025 07:00 AM
GLP-1 Drugs: What Employers Need to Know
GLP-1 drugs like Ozempic® and Zepbound® have gained significant attention in recent years for treating both diabetes and assisting with weight loss.
April 11, 2025 07:00 AM
Health plans call on Congress to protect older adults in upstate NY
Excellus BlueCross BlueShield, CDPHP and MVP Health Care have come together to urge elected officials to pass bipartisan legislation that...
February 19, 2025 08:00 AM
Top 10 Tech Companies to Work for in Rochester in 2025
Explore Rochester's top tech employers in 2025! Discover opportunities and innovations from leading companies in New York's growing tech...
January 21, 2025 08:00 AM
Excellus BlueCross BlueShield announces Health Equity Innovation Award recipients
Excellus BlueCross BlueShield recently announced the recipients of its Health Equity Innovation Awards, designed to support community programs and services.
March 20, 2024 07:00 AM
WellBe Senior Medical grows through Excellus BCBS partnership
In-home healthcare provider WellBe Senior Medical is expanding into New York through a partnership with Excellus BlueCross BlueShield.
January 28, 2022 08:00 AM
Excellus, BCBSA Reach Settlement Following 2015 Data Breach
Excellus and Blue Cross Blue Shield Association reached a settlement in a class-action lawsuit resulting from a 2015 data breach that...
January 25, 2022 08:00 AM
$4.35M Excellus breach lawsuit settlement requires data retention, security overhaul
Excellus reported an 18-month systems' hack in 2015, which impacted 10.5 million people. A proposed settlement requires the insurance giant...
August 18, 2017 10:36 AM
Excellus BlueCross BlueShield Hacked
Yet another health insurer - Excellus BlueCross BlueShield - has belatedly discovered that its systems were hacked. The breach potentially exposed...
September 10, 2015 07:00 AM
Hack Brief: Health Insurer Excellus Says Attackers Breached 10M Records
Excellus has revealed that in August of this year it discovered a nearly 2-year old intrusion campaign in its network that gave hackers access to potentially...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Excellus BCBS CyberSecurity History Information
Official Website of Excellus BCBS
The official website of Excellus BCBS is http://excellusbcbs.com.
Excellus BCBS’s AI-Generated Cybersecurity Score
According to Rankiteo, Excellus BCBS’s AI-generated cybersecurity score is 757, reflecting their Fair security posture.
How many security badges does Excellus BCBS’ have ?
According to Rankiteo, Excellus BCBS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Excellus BCBS have SOC 2 Type 1 certification ?
According to Rankiteo, Excellus BCBS is not certified under SOC 2 Type 1.
Does Excellus BCBS have SOC 2 Type 2 certification ?
According to Rankiteo, Excellus BCBS does not hold a SOC 2 Type 2 certification.
Does Excellus BCBS comply with GDPR ?
According to Rankiteo, Excellus BCBS is not listed as GDPR compliant.
Does Excellus BCBS have PCI DSS certification ?
According to Rankiteo, Excellus BCBS does not currently maintain PCI DSS compliance.
Does Excellus BCBS comply with HIPAA ?
According to Rankiteo, Excellus BCBS is not compliant with HIPAA regulations.
Does Excellus BCBS have ISO 27001 certification ?
According to Rankiteo,Excellus BCBS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Excellus BCBS
Excellus BCBS operates primarily in the Insurance industry.
Number of Employees at Excellus BCBS
Excellus BCBS employs approximately 3,672 people worldwide.
Subsidiaries Owned by Excellus BCBS
Excellus BCBS presently has no subsidiaries across any sectors.
Excellus BCBS’s LinkedIn Followers
Excellus BCBS’s official LinkedIn profile has approximately 21,541 followers.
NAICS Classification of Excellus BCBS
Excellus BCBS is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.
Excellus BCBS’s Presence on Crunchbase
No, Excellus BCBS does not have a profile on Crunchbase.
Excellus BCBS’s Presence on LinkedIn
Yes, Excellus BCBS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/excellusbcbs.
Cybersecurity Incidents Involving Excellus BCBS
As of December 01, 2025, Rankiteo reports that Excellus BCBS has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Excellus BCBS has an estimated 14,926 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Excellus BCBS ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Excellus BlueCross BlueShield Data Breach
Description: Health insurance provider Excellus BlueCross BlueShield experienced a data breach incident in December 2013. The breach exposed the personal information including the name, date of birth, Social Security number, mailing address, member identification number, and financial account information of its customer. Excellus along with cyber security experts investigated the incident.
Date Detected: 2013-12-01
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach EXC233319422
Data Compromised: Name, Date of birth, Social security number, Mailing address, Member identification number, Financial account information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Financial Information and .
Which entities were affected by each incident ?
Incident : Data Breach EXC233319422
Entity Name: Excellus BlueCross BlueShield
Entity Type: Health Insurance Provider
Industry: Healthcare
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach EXC233319422
Type of Data Compromised: Personal information, Financial information
Sensitivity of Data: High
Personally Identifiable Information: namedate of birthSocial Security numbermailing addressmember identification number
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2013-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were name, date of birth, Social Security number, mailing address, member identification number, financial account information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were date of birth, name, financial account information, mailing address, Social Security number and member identification number.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 3.3
Severity: LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
cvss3
Base: 2.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025).
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Qualitor 8.20/8.24. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=excellusbcbs' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
