Comparison Overview

Mass General Brigham

VS

NHG Health

Mass General Brigham

399 Revolution Dr, None, Somerville, Massachusetts, US, 02145
Last Update: 2025-12-09
View Profile
Between 700 and 749
https://www.massgeneralbrigham.org/

Mass General Brigham is an integrated academic health care system, uniting great minds to solve the hardest problems in medicine for our communities and the world. Mass General Brigham connects a full continuum of care across a system of academic medical centers, community and specialty hospitals, a health insurance plan, physician networks, community health centers, home care, and long-term care services. Mass General Brigham is a nonprofit organization that is committed to patient care, research, teaching, and service to the community. In addition, Mass General Brigham is one of the nation’s leading biomedical research organizations and a principal teaching affiliate of Harvard Medical School.

NAICS: 62
NAICS Definition: Health Care and Social Assistance
Employees: 11,655
Subsidiaries: 10
12-month incidents
0
Known data breaches
2
Attack type number
1
View Profile

NHG Health

3 Fusionopolis Link, #03-08, Nexus@one-north (South Lobby), Singapore, SG, 138543
Last Update: 2025-12-09
Between 750 and 799
http://www.nhghealth.com.sg

NHG Health is a leading public healthcare provider in Singapore recognised for its quality clinical care and its commitment in enabling healthier lives through preventive health, innovative solutions and person-centred programmes tailored to every life stage. Our integrated health system, which spans primary care, hospitals and national specialty centres, includes Tan Tock Seng Hospital, Khoo Teck Puat Hospital, Woodlands Health, Yishun Community Hospital, NHG Polyclinics, the Institute of Mental Health, National Skin Centre and the National Centre for Infectious Diseases. Together with academic and industry partners, we advance medical education, research and healthcare innovation in Singapore, addressing areas that are critical to Singapore’s population needs. As the Regional Health Manager for Central and North Singapore, NHG Health partners general practices and health and social care agencies to ensure the physical, mental and social well-being of residents in the community. Together, we are committed to building healthier and resilient communities, and Adding Years of Healthy Life to the people we serve. More information at www.nhghealth.com.sg.

NAICS: 62
NAICS Definition: Health Care and Social Assistance
Employees: 14,683
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/mass-general-brigham.jpeg
Mass General Brigham
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/nhghealth.jpeg
NHG Health
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Mass General Brigham
100%
Compliance Rate
0/4 Standards Verified
NHG Health
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Hospitals and Health Care Industry Average (This Year)

No incidents recorded for Mass General Brigham in 2025.

Incidents vs Hospitals and Health Care Industry Average (This Year)

No incidents recorded for NHG Health in 2025.

Incident History — Mass General Brigham (X = Date, Y = Severity)

Mass General Brigham cyber incidents detection timeline including parent company and subsidiaries

Incident History — NHG Health (X = Date, Y = Severity)

NHG Health cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/mass-general-brigham.jpeg
Mass General Brigham
Incidents

Date Detected: 7/2023
Type:Breach
Blog: Blog

Date Detected: 11/2020
Type:Breach
Attack Vector: Human Error
Blog: Blog
https://images.rankiteo.com/companyimages/nhghealth.jpeg
NHG Health
Incidents

No Incident

FAQ

NHG Health company demonstrates a stronger AI Cybersecurity Score compared to Mass General Brigham company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Mass General Brigham company has historically faced a number of disclosed cyber incidents, whereas NHG Health company has not reported any.

In the current year, NHG Health company and Mass General Brigham company have not reported any cyber incidents.

Neither NHG Health company nor Mass General Brigham company has reported experiencing a ransomware attack publicly.

Mass General Brigham company has disclosed at least one data breach, while the other NHG Health company has not reported such incidents publicly.

Neither NHG Health company nor Mass General Brigham company has reported experiencing targeted cyberattacks publicly.

Neither Mass General Brigham company nor NHG Health company has reported experiencing or disclosing vulnerabilities publicly.

Neither Mass General Brigham nor NHG Health holds any compliance certifications.

Neither company holds any compliance certifications.

Mass General Brigham company has more subsidiaries worldwide compared to NHG Health company.

NHG Health company employs more people globally than Mass General Brigham company, reflecting its scale as a Hospitals and Health Care.

Neither Mass General Brigham nor NHG Health holds SOC 2 Type 1 certification.

Neither Mass General Brigham nor NHG Health holds SOC 2 Type 2 certification.

Neither Mass General Brigham nor NHG Health holds ISO 27001 certification.

Neither Mass General Brigham nor NHG Health holds PCI DSS certification.

Neither Mass General Brigham nor NHG Health holds HIPAA certification.

Neither Mass General Brigham nor NHG Health holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
References
Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
Description

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References