MGB
Company Details
Linkedin ID:
mass-general-brigham
Employees number:
13,230
Number of followers:
156,634
NAICS:
62
Industry Type:
Homepage:
massgeneralbrigham.org
IP Addresses:
69
Company ID:
MAS_6710814
Scan Status:
Completed
Mass General Brigham Company CyberSecurity Posture
massgeneralbrigham.org
Mass General Brigham is an integrated academic health care system, uniting great minds to solve the hardest problems in medicine for our communities and the world. Mass General Brigham connects a full continuum of care across a system of academic medical centers, community and specialty hospitals, a health insurance plan, physician networks, community health centers, home care, and long-term care services. Mass General Brigham is a nonprofit organization that is committed to patient care, research, teaching, and service to the community. In addition, Mass General Brigham is one of the nation’s leading biomedical research organizations and a principal teaching affiliate of Harvard Medical School.
Mass General Brigham A.I CyberSecurity Scoring
MGB Risk Score (AI oriented)Between 700 and 749
MGB
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MGB Global Score (TPRM)XXXX
MGB
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MGB Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Mass General Brigham Health Plan
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported on June 28, 2024, a data breach incident involving Mass General Brigham Health Plan (MGBHP) that may have allowed unauthorized access to members' personal information between July 31, 2023, and April 2, 2024. The exposed information potentially included names, addresses, medical record numbers, dates of birth, email addresses, phone numbers, health insurance policy numbers, and Social Security numbers.
Mass General Brigham Incorporated
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The New Hampshire Attorney General's Office reported a data breach involving Mass General Brigham Incorporated on December 18, 2020. The breach was due to human error where a file containing personal information, including names and Social Security numbers, was posted on a public website for a 14-hour period between November 23-24, 2020, affecting approximately 179 New Hampshire residents.
MGB Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MGB
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Mass General Brigham in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Mass General Brigham in 2026.
Incident Types MGB vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Mass General Brigham in 2026.
Incident History — MGB (X = Date, Y = Severity)
MGB cyber incidents detection timeline including parent company and subsidiaries
MGB Company Subsidiaries
Mass General Brigham is an integrated academic health care system, uniting great minds to solve the hardest problems in medicine for our communities and the world. Mass General Brigham connects a full continuum of care across a system of academic medical centers, community and specialty hospitals, a health insurance plan, physician networks, community health centers, home care, and long-term care services. Mass General Brigham is a nonprofit organization that is committed to patient care, research, teaching, and service to the community. In addition, Mass General Brigham is one of the nation’s leading biomedical research organizations and a principal teaching affiliate of Harvard Medical School.
Loading...
MGB Similar Companies
Texas Children's Hospital
Texas Children’s Hospital is a world-class pediatric facility, nationally recognized as a top children’s hospital, and voted one of the best places to work in Houston for nine years running. We’re committed to creating a healthy community for children by providing the best pediatric care possible, t
Over the past decade we have transformed into a focused leader in health technology. At Philips, our purpose is to improve people’s health and well-being through meaningful innovation. We aim to improve 2.5 billion lives per year by 2030, including 400 million in underserved communities. We see h
RHÖN-KLINIKUM AG
Die RHÖN‐KLINIKUM AG ist einer der größten Gesundheitsdienstleister in Deutschland. Die Kliniken bieten exzellente Medizin mit direkter Anbindung zu Universitäten und Forschungseinrichtungen. An den fünf Standorten Campus Bad Neustadt, Klinikum Frankfurt (Oder), Universitätsklinikum Gießen und Unive
Northwell Health
Northwell Health is New York State’s largest health care provider and private employer, with 28 hospitals, about 1,000+ outpatient facilities and more than 16,000 affiliated physicians. At Northwell, we focus on cultivating an environment that inspires growth, empowers leadership, and encourages br
UAB Medicine
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you ar
UPMC
UPMC is a world-renowned, nonprofit health care provider and insurer committed to delivering exceptional, people-centered care and community services. Headquartered in Pittsburgh and affiliated with the University of Pittsburgh Schools of the Health Sciences, UPMC is shaping the future of health thr
Stanford Health Care
Stanford Health Care, with multiple facilities throughout the Bay Area, is internationally renowned for leading edge and coordinated care in cancer care, neurosciences, cardiovascular medicine, surgery, organ transplant, medicine specialties, and primary care. Throughout its history, Stanford has be
Corewell Health
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,0
The University of Texas MD Anderson Cancer Center is one of the world's most respected centers devoted exclusively to cancer patient care, research, education and prevention. MD Anderson provides cancer care at several convenient locations throughout the Greater Houston Area and collaborates with co
.png)
MGB CyberSecurity News
August 11, 2025 07:00 AM
48 CIOs On the Move
This month, we're highlighting 48 CIOs, CTOs, and CISOs taking on leadership roles in industries from healthcare to finance to technology.
February 12, 2025 08:00 AM
Mass General Brigham Researchers Awarded ARPA-H Funding to Enhance Health Outcomes in Rural America
Mass General Brigham has been awarded three Advanced Research Projects Agency for Health (ARPA-H) contracts to deliver hospital-level care...
January 29, 2025 08:00 AM
Amazon One Medical, Montefiore Health to open primary care sites
The primary care offices will offer same- and next-day appointments, onsite lab services and virtual care support.
December 20, 2024 08:00 AM
Facing The Inevitable Failure Of Complex Systems, Embrace Resilience
Given the dangerous consequences of system failure, health care leaders must support programs and systems that focus on resiliency and...
November 30, 2024 08:00 AM
Establishing responsible use of AI guidelines: a comprehensive case study for healthcare institutions
This report presents a comprehensive case study for the responsible integration of artificial intelligence (AI) into healthcare settings.
November 26, 2024 08:00 AM
New Collaborative Will Publicly Rank Top Health Care AI Applications
A new collaboration led by Mass General Brigham will provide a multi-institutional virtual, interactive series of events in which...
November 26, 2024 08:00 AM
Why private equity-backed players are losing doctors
Health systems are hiring specialists from private equity-backed companies as hospitals look to reduce costs by cutting out staffing agencies while easing...
October 30, 2024 07:00 AM
Have You Fallen for One of Those Fake Phishing E-Mails from IT?
UML's Information Security team is raising awareness about cybersecurity threats is to send phishing test emails to students, faculty and staff.
October 02, 2024 07:00 AM
The biggest opportunities for healthcare AI and the hurdles that stand in the way: Bessemer report
Bessemer Venture Partners unveiled a new road map for artificial intelligence in healthcare and its six investing criteria for AI.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MGB CyberSecurity History Information
Official Website of Mass General Brigham
The official website of Mass General Brigham is https://www.massgeneralbrigham.org/.
Mass General Brigham’s AI-Generated Cybersecurity Score
According to Rankiteo, Mass General Brigham’s AI-generated cybersecurity score is 733, reflecting their Moderate security posture.
How many security badges does Mass General Brigham’ have ?
According to Rankiteo, Mass General Brigham currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Mass General Brigham been affected by any supply chain cyber incidents ?
According to Rankiteo, Mass General Brigham has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Mass General Brigham have SOC 2 Type 1 certification ?
According to Rankiteo, Mass General Brigham is not certified under SOC 2 Type 1.
Does Mass General Brigham have SOC 2 Type 2 certification ?
According to Rankiteo, Mass General Brigham does not hold a SOC 2 Type 2 certification.
Does Mass General Brigham comply with GDPR ?
According to Rankiteo, Mass General Brigham is not listed as GDPR compliant.
Does Mass General Brigham have PCI DSS certification ?
According to Rankiteo, Mass General Brigham does not currently maintain PCI DSS compliance.
Does Mass General Brigham comply with HIPAA ?
According to Rankiteo, Mass General Brigham is not compliant with HIPAA regulations.
Does Mass General Brigham have ISO 27001 certification ?
According to Rankiteo,Mass General Brigham is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Mass General Brigham
Mass General Brigham operates primarily in the Hospitals and Health Care industry.
Number of Employees at Mass General Brigham
Mass General Brigham employs approximately 13,230 people worldwide.
Subsidiaries Owned by Mass General Brigham
Mass General Brigham presently has no subsidiaries across any sectors.
Mass General Brigham’s LinkedIn Followers
Mass General Brigham’s official LinkedIn profile has approximately 156,634 followers.
NAICS Classification of Mass General Brigham
Mass General Brigham is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Mass General Brigham’s Presence on Crunchbase
No, Mass General Brigham does not have a profile on Crunchbase.
Mass General Brigham’s Presence on LinkedIn
Yes, Mass General Brigham maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mass-general-brigham.
Cybersecurity Incidents Involving Mass General Brigham
As of January 24, 2026, Rankiteo reports that Mass General Brigham has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Mass General Brigham has an estimated 31,610 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Mass General Brigham ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Mass General Brigham Incorporated
Description: A data breach occurred due to human error where a file containing personal information, including names and Social Security numbers, was posted on a public website for a 14-hour period between November 23-24, 2020.
Date Detected: 2020-11-24
Date Publicly Disclosed: 2020-12-18
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Improper Data Handling
Title: Data Breach at Mass General Brigham Health Plan
Description: The Vermont Office of the Attorney General reported on June 28, 2024, a data breach incident involving Mass General Brigham Health Plan (MGBHP) that may have allowed unauthorized access to members' personal information between July 31, 2023, and April 2, 2024. The exposed information potentially included names, addresses, medical record numbers, dates of birth, email addresses, phone numbers, health insurance policy numbers, and Social Security numbers.
Date Detected: 2024-06-28
Date Publicly Disclosed: 2024-06-28
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MAS844072325
Data Compromised: Names, Social security numbers
Incident : Data Breach MAS548072825
Data Compromised: Names, Addresses, Medical record numbers, Dates of birth, Email addresses, Phone numbers, Health insurance policy numbers, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, , Names, Addresses, Medical Record Numbers, Dates Of Birth, Email Addresses, Phone Numbers, Health Insurance Policy Numbers, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach MAS844072325
Entity Name: Mass General Brigham Incorporated
Entity Type: Healthcare
Industry: Healthcare
Location: New Hampshire
Customers Affected: 179
Incident : Data Breach MAS548072825
Entity Name: Mass General Brigham Health Plan
Entity Type: Healthcare
Industry: Healthcare
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MAS844072325
Type of Data Compromised: Names, Social security numbers
Number of Records Exposed: 179
Sensitivity of Data: High
Incident : Data Breach MAS548072825
Type of Data Compromised: Names, Addresses, Medical record numbers, Dates of birth, Email addresses, Phone numbers, Health insurance policy numbers, Social security numbers
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach MAS844072325
Source: New Hampshire Attorney General's Office
Date Accessed: 2020-12-18
Incident : Data Breach MAS548072825
Source: Vermont Office of the Attorney General
Date Accessed: 2024-06-28
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: New Hampshire Attorney General's OfficeDate Accessed: 2020-12-18, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-06-28.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach MAS844072325
Root Causes: Human Error
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-11-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-06-28.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, , names, addresses, medical record numbers, dates of birth, email addresses, phone numbers, health insurance policy numbers, Social Security numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were email addresses, Names, addresses, medical record numbers, dates of birth, names, Social Security numbers, phone numbers and health insurance policy numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 179.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Vermont Office of the Attorney General and New Hampshire Attorney General's Office.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mass-general-brigham' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
