Intermountain Health Company CyberSecurity Posture
intermountainhealthcare.org
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 33 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Select Health with more than one million members, and other health services. With more than 68,000 caregivers on a mission to help people live the healthiest lives possible, Intermountain is committed to improving community health, and is widely recognized as a leader in transforming healthcare. We strive to be a model health system by taking full clinical and financial accountability for the health of more people, partnering to proactively keep people well, and coordinating and providing the best possible care. At Intermountain, every caregiver helps us fulfill our mission of helping people live the healthiest lives possible. Interested in joining our team? Check out our career website and apply today at https://intermountainhealthcare.org/careers/.
Company Details
intermountain-health
33,999
122,518
62
intermountainhealthcare.org
68
INT_3266000
Completed
Intermountain Health Risk Score (AI oriented)Between 750 and 799
Intermountain Health Global Score (TPRM)XXXX
Description: On July 16, 2021, the Maine Office of the Attorney General reported a data breach involving Intermountain Healthcare that was discovered on May 17, 2021, after a hacking incident began on April 6, 2021. The breach affected approximately 28,628 individuals, including two residents of Maine, potentially exposing personal health information (PHI) such as names and scanned images.
No incidents recorded for Intermountain Health in 2025.
No incidents recorded for Intermountain Health in 2025.
No incidents recorded for Intermountain Health in 2025.
Intermountain Health cyber incidents detection timeline including parent company and subsidiaries
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 33 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Select Health with more than one million members, and other health services. With more than 68,000 caregivers on a mission to help people live the healthiest lives possible, Intermountain is committed to improving community health, and is widely recognized as a leader in transforming healthcare. We strive to be a model health system by taking full clinical and financial accountability for the health of more people, partnering to proactively keep people well, and coordinating and providing the best possible care. At Intermountain, every caregiver helps us fulfill our mission of helping people live the healthiest lives possible. Interested in joining our team? Check out our career website and apply today at https://intermountainhealthcare.org/careers/.
CHRISTUS Health is a Catholic not-for-profit health care system comprising more than 600 centers, including long-term care facilities, community hospitals, walk-in clinics and health ministries. We are a community of 50,000 Associates, with over 15,000 physicians providing personalized care. Our m
Fortis Healthcare Group is a leading integrated healthcare provider operating across the Asia Pacific region. With more than 20,000 employees and growing, Fortis Helathcare is currently present in Australia, Canada, Hong Kong SAR, India, Mauritius, New Zealand, Singapore, Sri Lanka, UAE, and Vietnam
Mayo Clinic has expanded and changed in many ways, but our values remain true to the vision of our founders. Our primary value – The needs of the patient come first – guides our plans and decisions as we create the future of health care. Join us and you'll find a culture of teamwork, professionalism
UMass Memorial Health is the health and wellness partner of the people of Central Massachusetts. Through pain and pandemics, our commitment to our communities never wanes. We use knowledge and innovation to create breakthrough medicine, to create jobs, and to make life better for those we serve. We
NorthShore University HealthSystem, Swedish Hospital, Northwest Community Healthcare and Edward-Elmhurst Health are now united under one name: Endeavor Health. Together, we’re driven by our mission to help everyone in our communities be their best and our commitment to setting a new standard for he
UCSF Health is an integrated health care network encompassing several entities, including UCSF Medical Center, one of the nation’s top 10 hospitals according to U.S. News & World Report, and UCSF Benioff Children’s Hospitals, with campuses in Oakland and San Francisco. We are recognized throughout t
Det handler om liv. Om at bringe liv til verden og skabe livskvalitet. Om at redde liv og forbedre liv. Som medarbejder i Region Hovedstaden træder du ind i en verden af muligheder og mangfoldighed med plads til dine ambitioner. Du er en del af et stærkt fagligt miljø, hvor vi har fingeren på pulsen
Cencora, a company building on the legacy of AmerisourceBergen, is a leading global pharmaceutical solutions organization centered on improving the lives of people and animals around the world. We connect manufacturers, providers, and patients to ensure that anyone can get the therapies they need, w
Our purpose is to provide safe, high quality health and personal social services to the population of Ireland. Our vision is a healthier Ireland with a high quality health service valued by all. Our Workforce The health service is the largest employer in the state with over 110,000 whole time equ
.png)
On Tuesday morning, Family Health West Hospital in Fruita discovered that it was the target of a cyberattack.
Dozens of organizations, including 11 health systems, have agreed to work together to help improve the sharing of medical data across...
These health IT influencers are change-makers, innovators and compassionate leaders who use technology to make a difference in provider...
Erik Decker, Intermountain Health's VP & CISO, and Shawn Anderson, cybersecurity director of data, endpoint and application protection,...
Intermountain and Microsoft recently formed a rural health coalition 1 with an interesting set of partners: Gates Ventures, Epic, and West Health.
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing.
Intermountain Health CISO Erik Decker explains how healthcare organizations can mitigate third-party risk with proper due diligence.
The 43rd annual J.P. Morgan Healthcare Conference wrapped on Thursday after four days of company presentations, networking and meetings...
The annual JP Morgan Healthcare Conference is officially underway, bringing the healthcare and biopharma industries' biggest wheelers and dealers to San...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Intermountain Health is https://intermountainhealthcare.org/.
According to Rankiteo, Intermountain Health’s AI-generated cybersecurity score is 764, reflecting their Fair security posture.
According to Rankiteo, Intermountain Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Intermountain Health is not certified under SOC 2 Type 1.
According to Rankiteo, Intermountain Health does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Intermountain Health is not listed as GDPR compliant.
According to Rankiteo, Intermountain Health does not currently maintain PCI DSS compliance.
According to Rankiteo, Intermountain Health is not compliant with HIPAA regulations.
According to Rankiteo,Intermountain Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Intermountain Health operates primarily in the Hospitals and Health Care industry.
Intermountain Health employs approximately 33,999 people worldwide.
Intermountain Health presently has no subsidiaries across any sectors.
Intermountain Health’s official LinkedIn profile has approximately 122,518 followers.
Intermountain Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Yes, Intermountain Health has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/intermountain-healthcare.
Yes, Intermountain Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/intermountain-health.
As of December 13, 2025, Rankiteo reports that Intermountain Health has experienced 1 cybersecurity incidents.
Intermountain Health has an estimated 31,122 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Title: Intermountain Healthcare Data Breach
Description: A data breach involving Intermountain Healthcare that potentially exposed personal health information (PHI) such as names and scanned images.
Date Detected: 2021-05-17
Date Publicly Disclosed: 2021-07-16
Type: Data Breach
Attack Vector: Hacking
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Personal health information (phi), Names, Scanned images
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Health Information (Phi), Names, Scanned Images and .
Entity Name: Intermountain Healthcare
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 28628
Type of Data Compromised: Personal health information (phi), Names, Scanned images
Number of Records Exposed: 28628
Sensitivity of Data: High
Personally Identifiable Information: Names
Source: Maine Office of the Attorney General
Date Accessed: 2021-07-16
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2021-07-16.
Most Recent Incident Detected: The most recent incident detected was on 2021-05-17.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-07-16.
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Health Information (PHI), Names, Scanned Images and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Personal Health Information (PHI) and Scanned Images.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 314.0.
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid