Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Houston Methodist

Houston Methodist Vendor Cyber Rating & Cyber Score

houstonmethodist.org

Houston Methodist is one of the nation’s leading health systems and academic medical centers. The health system consists of eight hospitals: Houston Methodist Hospital, its flagship academic hospital in the Texas Medical Center, seven community hospitals and one long-term acute care hospital throughout the Greater Houston metropolitan area. Houston Methodist also includes a research institute; a comprehensive residency program; international patient services; freestanding comprehensive care, emergency care and imaging centers; and outpatient facilities. Houston Methodist employs more than 32,000 people. Come lead with us.


Houston Methodist A.I CyberSecurity Scoring

Houston Methodist
Company Information
Website:http://www.houstonmethodist.org
Employees number:21,373
Number of followers:163,098
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:houstonmethodist.org
Houston Methodist Risk Score (AI oriented)
Between 700 and 749
logo
Houston MethodistHospitals and Health Care
Updated:
05/04/2026
719/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Houston Methodist Global Score (TPRM)
xxxx
logo
Houston MethodistHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Houston Methodist
Houston MethodistModerate
Current Score
719Ba (MODERATE)
01000
2 incidents
-65 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
723Before Incident
JUNE 2026
722Before Incident
MAY 2026
721Before Incident
APRIL 2026
720Before Incident
MARCH 2026
718Before Incident
FEBRUARY 2026
717Before Incident
JANUARY 2026
781Before Incident
Breach
10 Jan 2026Houston Methodist
Lena Health and Houston Methodist: AI “digital helper” Lena Health breach exposed some Houston Methodist patients’ medical info – DataBreaches.Net

AI Healthcare Platform Lena Health Hit by Major Data Breach Exposing Sensitive Patient Data

716After Incident
CRITICAL-65
HOULEN1769632931
AI Healthcare Platform Lena Health Hit by Major Data Breach Exposing Sensitive Patient Data On June 1, 2025, cybersecurity researchers uncovered a significant data breach at Lena Health, an AI-powered care coordination platform based in Houston, Texas. The breach, attributed to the hacking group FulcrumSec, exposed the protected health information (PHI) of over 2,100 patients, primarily from Houston Methodist, along with thousands of recorded phone calls and sensitive medical documents. ### How the Breach Occurred FulcrumSec exploited an unpatched vulnerability in Lena Health’s systems, which had been publicly disclosed in early December 2024. Despite a patch being available, Lena Health had not applied it by the time the attack occurred in mid-to-late December. The hackers gained access to an unencrypted, public-facing S3 bucket, which contained: - 2,134 patients’ full PHI (names, dates of birth, phone numbers, medical record numbers) - 19,542 recorded phone calls (later clarified to be fewer than 7,500 after deduplication), many with full transcriptions - 68 hospital discharge documents with highly sensitive details, including prescriptions for controlled substances, post-surgical care instructions, and intimate medical conditions - API keys, staff login credentials, and patient phone numbers linked to elderly and vulnerable individuals ### Hackers’ Motives and Response from Lena Health FulcrumSec claimed their attack was part of a broader campaign targeting "AI-driven SaaS startups" they accused of poor security practices. They contacted Lena Health on January 10, 2025, but the company initially failed to respond. After being provided with proof of the breach, Lena Health acknowledged the issue but ceased communication before taking further action. The hackers later released redacted samples of the stolen data on a dedicated webpage, though they have not yet dumped the full dataset. Notably, some patients may have been unaware they were interacting with an AI system, as call recordings included personal details about living situations and medical needs. ### Regulatory and Legal Implications As a HIPAA business associate for Houston Methodist, Lena Health’s breach raises serious compliance concerns. The exposed data includes HIPAA-protected information, such as medical conditions, prescriptions, and doctor-patient communications. Neither Lena Health nor Houston Methodist has publicly responded to requests for comment as of this report. The incident follows another major healthcare breach disclosed the same week, where Serviceaide, an AI healthcare software provider, exposed the data of 483,000 patients at Catholic Health in Buffalo, New York, due to an unsecured database. That breach, discovered in May 2025, has already resulted in six federal class-action lawsuits.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Targeting AI-driven SaaS startups with poor security practices
IMPACT
Data Compromised: Protected health information (PHI), recorded phone calls, medical documents, API keys, staff login credentialsSystems Affected: Public-facing S3 bucket, AI care coordination platformBrand Reputation Impact: SignificantLegal Liabilities: Potential HIPAA violations, federal class-action lawsuitsIdentity Theft Risk: High
DATA BREACH
Protected health information (PHI)Recorded phone callsMedical documentsAPI keysStaff login credentialsNumber Of Records Exposed: 2,134 patients, 7,500+ recorded phone calls, 68 hospital discharge documentsSensitivity Of Data: High (medical conditions, prescriptions, doctor-patient communications, intimate medical details)Data Exfiltration: YesData Encryption: No (unencrypted S3 bucket)Audio recordingsText transcriptionsPDF/medical documentsPersonally Identifiable Information: Names, dates of birth, phone numbers, medical record numbers
DECEMBER 2025
781Before Incident
NOVEMBER 2025
781Before Incident
OCTOBER 2025
781Before Incident
SEPTEMBER 2025
781Before Incident
AUGUST 2025
781Before Incident
MARCH 2017
789Before Incident
Data Leak
01 Mar 2017Houston Methodist
Houston Methodist

Houston Methodist Cancer Center Data Breach

726After Incident
MEDIUM-63
HOU115424722
Houston Methodist Cancer Center suffered a data breach that compromised the 1,417 cancer patients’ email addresses. Patients at Houston Methodist Cancer Center were informed that all receivers' addresses were displayed, possibly disclosing their identities and affiliation with the medical center to the general public. Methodist's investigated the incident and tried to recall the emails and develop additional technical safeguards to prevent this situation from happening again and retrained appropriate staff."
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Email addresses
DATA BREACH
Type Of Data Compromised: Email addressesSensitivity Of Data: Medium

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Houston Methodist ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Houston Methodist's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Houston Methodist's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Houston Methodist ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Houston Methodist's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?