Intermountain Health Company CyberSecurity Posture
intermountainhealthcare.org
As the largest nonprofit health system in the Mountain West, Intermountain Health is dedicated to creating healthier communities and helping our patients and caregivers thrive. It’s time to think of health in a whole new way, and by partnering with our patients and communities, providing expert care closer to home, and making great health more affordable, we can help more people get and stay well. We proudly invest back into improving the care we deliver, and our pioneering research is making healthcare more personalized, effective, and affordable. Serving patients and communities throughout the Mountain West, primarily in Colorado, Utah, Montana, Nevada, Idaho, and Wyoming, Intermountain includes 34 hospitals, 400+ clinics, a medical group, affiliate networks, homecare, telehealth, health insurance plans, and other services - along with wholly owned subsidiaries including Select Health, Castell, Tellica Imaging, and Classic Air Medical.
Company Details
intermountain-healthcare
32,995
112,578
62
intermountainhealthcare.org
0
INT_2153515
In-progress
Intermountain Health Risk Score (AI oriented)Between 750 and 799
Intermountain Health Global Score (TPRM)XXXX
Description: On July 16, 2021, the Maine Office of the Attorney General reported a data breach involving Intermountain Healthcare that was discovered on May 17, 2021, after a hacking incident began on April 6, 2021. The breach affected approximately 28,628 individuals, including two residents of Maine, potentially exposing personal health information (PHI) such as names and scanned images.
No incidents recorded for Intermountain Health in 2025.
No incidents recorded for Intermountain Health in 2025.
No incidents recorded for Intermountain Health in 2025.
Intermountain Health cyber incidents detection timeline including parent company and subsidiaries
As the largest nonprofit health system in the Mountain West, Intermountain Health is dedicated to creating healthier communities and helping our patients and caregivers thrive. It’s time to think of health in a whole new way, and by partnering with our patients and communities, providing expert care closer to home, and making great health more affordable, we can help more people get and stay well. We proudly invest back into improving the care we deliver, and our pioneering research is making healthcare more personalized, effective, and affordable. Serving patients and communities throughout the Mountain West, primarily in Colorado, Utah, Montana, Nevada, Idaho, and Wyoming, Intermountain includes 34 hospitals, 400+ clinics, a medical group, affiliate networks, homecare, telehealth, health insurance plans, and other services - along with wholly owned subsidiaries including Select Health, Castell, Tellica Imaging, and Classic Air Medical.
Beginning with a single community in 1981, Sunrise Senior Living has grown to more than 270 communities throughout the U.S. and Canada. Each of our communities continues the mission laid out by founders Paul and Terry Klaassen more than 40 years ago: to champion quality of life for all seniors. Jo
Fresenius Medical Care is the world’s leading provider of products and services for individuals with renal diseases. We aim to create a future worth living for chronically and critically ill patients – worldwide and every day. Thanks to our decades of experience in dialysis, our innovative research
Answering God's call to bring health, healing and hope to all. Ascension is one of the nation’s leading non-profit and Catholic health systems, with a Mission of delivering compassionate, personalized care to all, with special attention to those most vulnerable. In FY2025, Ascension provided $1.7
BrightSpring is the parent company of a family of services and brands that provides clinical, nonclinical, pharmacy and ancillary care services for people of all ages, health and skill levels across home and community settings. The company is a leading provider of diversified home and community-ba
Centene Corporation is a leading healthcare enterprise committed to helping people live healthier lives. Centene offers affordable and high-quality products to more than 1 in 15 individuals across the nation, including Medicaid and Medicare members (including Medicare Prescription Drug Plans) as wel
Access Healthcare provides business process outsourcing, application services, and robotic process automation tools to hospitals, health systems, providers, payers, and related service providers. We operate from 20 delivery centers across nine cities in the US, India, and the Philippines, and our 2
ELSAN, groupe leader de l’hospitalisation privée en France, compte aujourd’hui plus de 28 000 collaborateurs et 7500 médecins libéraux qui exercent dans les 212 établissements et centres du groupe. Ils prennent en charge plus de 4,8 millions de patients par an. Notre mission : offrir à chac
Leading Private Healthcare Provider in the Middle East With a vision to be the most trusted healthcare provider in medical excellence and patient experience globally, Dr. Sulaiman Al-Habib Medical Group (HMG) has become the largest provider of comprehensive healthcare services in the Middle East. A
Sharp HealthCare is a not-for-profit health care system based in San Diego, California, with four acute care hospitals, three specialty hospitals, three medical groups and a health plan. We provide medical services in virtually all fields of medicine, including primary care, heart care, cancer, orth
.png)
On Tuesday morning, Family Health West Hospital in Fruita discovered that it was the target of a cyberattack.
Dozens of organizations, including 11 health systems, have agreed to work together to help improve the sharing of medical data across...
These health IT influencers are change-makers, innovators and compassionate leaders who use technology to make a difference in provider...
Erik Decker, Intermountain Health's VP & CISO, and Shawn Anderson, cybersecurity director of data, endpoint and application protection,...
Intermountain and Microsoft recently formed a rural health coalition 1 with an interesting set of partners: Gates Ventures, Epic, and West Health.
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing.
Intermountain Health CISO Erik Decker explains how healthcare organizations can mitigate third-party risk with proper due diligence.
The 43rd annual J.P. Morgan Healthcare Conference wrapped on Thursday after four days of company presentations, networking and meetings...
The annual JP Morgan Healthcare Conference is officially underway, bringing the healthcare and biopharma industries' biggest wheelers and dealers to San...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Intermountain Health is http://intermountainhealthcare.org/.
According to Rankiteo, Intermountain Health’s AI-generated cybersecurity score is 790, reflecting their Fair security posture.
According to Rankiteo, Intermountain Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Intermountain Health is not certified under SOC 2 Type 1.
According to Rankiteo, Intermountain Health does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Intermountain Health is not listed as GDPR compliant.
According to Rankiteo, Intermountain Health does not currently maintain PCI DSS compliance.
According to Rankiteo, Intermountain Health is not compliant with HIPAA regulations.
According to Rankiteo,Intermountain Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Intermountain Health operates primarily in the Hospitals and Health Care industry.
Intermountain Health employs approximately 32,995 people worldwide.
Intermountain Health presently has no subsidiaries across any sectors.
Intermountain Health’s official LinkedIn profile has approximately 112,578 followers.
Intermountain Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Yes, Intermountain Health has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/intermountain-healthcare.
Yes, Intermountain Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/intermountain-healthcare.
As of December 08, 2025, Rankiteo reports that Intermountain Health has experienced 1 cybersecurity incidents.
Intermountain Health has an estimated 30,617 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Title: Intermountain Healthcare Data Breach
Description: A data breach involving Intermountain Healthcare that potentially exposed personal health information (PHI) such as names and scanned images.
Date Detected: 2021-05-17
Date Publicly Disclosed: 2021-07-16
Type: Data Breach
Attack Vector: Hacking
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Personal health information (phi), Names, Scanned images
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Health Information (Phi), Names, Scanned Images and .
Entity Name: Intermountain Healthcare
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 28628
Type of Data Compromised: Personal health information (phi), Names, Scanned images
Number of Records Exposed: 28628
Sensitivity of Data: High
Personally Identifiable Information: Names
Source: Maine Office of the Attorney General
Date Accessed: 2021-07-16
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2021-07-16.
Most Recent Incident Detected: The most recent incident detected was on 2021-05-17.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-07-16.
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Health Information (PHI), Names, Scanned Images and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Scanned Images, Personal Health Information (PHI) and Names.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 314.0.
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid