MHC
Company Details
Linkedin ID:
mclaren-health-care
Website:
Employees number:
9,073
Number of followers:
32,869
NAICS:
62
Industry Type:
Homepage:
mclaren.org
IP Addresses:
0
Company ID:
MCL_2784125
Scan Status:
In-progress
McLaren Health Care Company CyberSecurity Posture
mclaren.org
McLaren Health Care, headquartered in Grand Blanc, Michigan, is a $7.3 billion, fully integrated health care delivery system committed to quality, evidence-based patient care and cost efficiency. The McLaren system includes 12 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 640-member employed primary and specialty care physician network, commercial and Medicaid HMOs covering more than 732,838 lives in Michigan and Indiana, home health, infusion and hospice providers, pharmacy services, a clinical laboratory network and a wholly owned medical malpractice insurance company. McLaren operates Michigan’s largest network of cancer centers and providers, anchored by the Karmanos Cancer Institute, a National Cancer Institute-designated comprehensive cancer centers. McLaren has 28,000 full-, part-time and contracted employees and more than 113,000 network providers throughout Michigan, Indiana and Ohio. As part of its Graduate Medical Education (GME) program, McLaren maintains academic affiliations with medical schools at Wayne State University, Michigan State University and Central Medical University. McLaren’s seven (7) GME campuses offer 27 residencies and eight (8) fellowship programs that train over 650 future physicians annually. All GME programs at McLaren are overseen and managed centrally by the Department of Academic Affairs.
McLaren Health Care A.I CyberSecurity Scoring
MHC Risk Score (AI oriented)Between 0 and 549
MHC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MHC Global Score (TPRM)XXXX
MHC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MHC Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
McLaren Health Care
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: McLaren Health Care (McLaren) suffered a data breach that exposed almost 2.2 million people's sensitive personal data. When the corporation saw unusual activity, it promptly hired outside forensic specialists to assist with the investigation. McLaren discovered that during the unauthorised actor's access, they were able to obtain specific data that was kept on the network. McLaren conducted a comprehensive examination of the potentially affected files as part of an ongoing inquiry to find out if any sensitive material was there.
McLaren Health Care
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Maine Office of the Attorney General reported on November 9, 2023, that McLaren Health Care experienced a data breach due to unauthorized access between July 28, 2023, and August 23, 2023, affecting 2,192,515 individuals in total, including 77 Maine residents. The compromised information includes names and Social Security numbers, among other health-related data. McLaren is offering 12 months of credit monitoring services through IDX to impacted individuals.
McLaren Health Care
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: McLaren Health Care suffered a data breach in July 2024 caused by the INC ransomware gang, impacting 743,000 patients. The attack was discovered on August 5, 2024, but forensic investigations were completed on May 5, 2025. The breach involved an IT and phone systems outage, affecting patient databases. Full names were exposed, but the full extent of the data breach remains unclear. This is the second major breach for McLaren, with the previous one in July 2023 by the ALPHV/BlackCat ransomware group affecting 2.2 million people.
McLaren Health Care
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: McLaren Health Care hospitals suffered a ransomware attack by the INC Ransom group, leading to the disruption of IT and phone systems. Patients' sensitive information was compromised, including Social Security numbers, health insurance details, medical records, and more. The breach affected 2,192,515 individuals, risking their personal and medical information, which may lead to fraudulent activities. The hospital experienced operational difficulties, and healthcare services were impacted, as patients were requested to bring their own medication and test information due to the loss of database access.
McLaren Health Care and Karmanos Cancer Institute
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A ransomware attack between July and August 2024 affecting McLaren Health Care and Karmanos Cancer Institute has resulted in a data breach affecting nearly 750,000 people. Hackers stole data including Social Security numbers, health insurance information, driver's license details, names, and medical data. The breach was linked to the INC ransomware gang. The attack disrupted IT and phone systems, leading to cancellations and rescheduling of surgeries, appointments, and treatments. Affected individuals are being offered a year of free credit monitoring.
MHC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MHC
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for McLaren Health Care in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for McLaren Health Care in 2025.
Incident Types MHC vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for McLaren Health Care in 2025.
Incident History — MHC (X = Date, Y = Severity)
MHC cyber incidents detection timeline including parent company and subsidiaries
MHC Company Subsidiaries
McLaren Health Care, headquartered in Grand Blanc, Michigan, is a $7.3 billion, fully integrated health care delivery system committed to quality, evidence-based patient care and cost efficiency. The McLaren system includes 12 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 640-member employed primary and specialty care physician network, commercial and Medicaid HMOs covering more than 732,838 lives in Michigan and Indiana, home health, infusion and hospice providers, pharmacy services, a clinical laboratory network and a wholly owned medical malpractice insurance company. McLaren operates Michigan’s largest network of cancer centers and providers, anchored by the Karmanos Cancer Institute, a National Cancer Institute-designated comprehensive cancer centers. McLaren has 28,000 full-, part-time and contracted employees and more than 113,000 network providers throughout Michigan, Indiana and Ohio. As part of its Graduate Medical Education (GME) program, McLaren maintains academic affiliations with medical schools at Wayne State University, Michigan State University and Central Medical University. McLaren’s seven (7) GME campuses offer 27 residencies and eight (8) fellowship programs that train over 650 future physicians annually. All GME programs at McLaren are overseen and managed centrally by the Department of Academic Affairs.
Loading...
MHC Similar Companies
Northwell Health
Northwell Health is New York State’s largest health care provider and private employer, with 21 hospitals, about 900 outpatient facilities and more than 12,000 affiliated physicians. We care for over two million people annually in the New York metro area and beyond, thanks to philanthropic support
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 33 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Se
Northwestern Medicine is the collaboration between Northwestern Memorial HealthCare and Northwestern University Feinberg School of Medicine around a strategic vision to transform the future of healthcare. It encompasses the research, teaching, and patient care activities of the academic medical cent
CHRISTUS Health
CHRISTUS Health is a Catholic not-for-profit health care system comprising more than 600 centers, including long-term care facilities, community hospitals, walk-in clinics and health ministries. We are a community of 50,000 Associates, with over 15,000 physicians providing personalized care. Our m
CVS Health
CVS Health is the leading health solutions company, delivering care like no one else can. We reach more people and improve the health of communities across America through our local presence, digital channels and over 300,000 dedicated colleagues – including more than 40,000 physicians, pharmacists,
Aster DM Healthcare
From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl
Sevita
Homes and communities are where people thrive. We’ve held this belief since our founding in 1967 and have worked to make it reality for the thousands of individuals we serve. We continue that work today and are using innovation, technology, and collaboration across our organization to do more for mo
SARquavitae
SARquavitae, personas que cuidan a las personas SARquavitae es la mayor plataforma de España de servicios sanitarios y sociales de atención a las personas. La plantilla, formada por 12.200 profesionales, ofrece más de 10.900 plazas repartidas por todo el territorio español y atiende a unas 200.0
Mercy, one of the 15 largest U.S. health systems and named the top large system in the U.S. for excellent patient experience by NRC Health, serves millions annually with nationally recognized care and one of the nation’s largest and highest performing Accountable Care Organizations in quality and co
.png)
MHC CyberSecurity News
November 07, 2025 12:52 PM
McLaren Health Care Reports Data Breach Affecting 2.2 Million Patients
McLaren Health Care, a healthcare provider, has reported a data breach that compromised the personal and health information of about 2.2...
July 11, 2025 07:00 AM
Healthcare organizations still facing high cyberattack rates
A record-high number of organizations reported healthcare data breaches in 2024 — and the first half of 2025 forecasts another challenging year...
July 07, 2025 07:00 AM
Biggest healthcare data breaches reported in 2025, so far
9/2/2025 -- Editor's note: This story was originally published on July 7, 2025. It was updated on Sept. 2, 2025, to reflect additional large data breaches...
June 26, 2025 07:00 AM
Ten months later, McLaren reveals 740,000 impacted by ransomware attack
Last summer, hackers accessed sensitive patient information at McLaren Health Care, including medical records and Social Security numbers...
June 26, 2025 07:00 AM
McLaren Health Breach Highlights a Surge in Healthcare Ransomware Attacks
McLaren Health Care, a major nonprofit health system based in Michigan, has confirmed that a ransomware attack last summer led to the compromise of sensitive...
June 24, 2025 07:00 AM
Mclaren Health Care Data Breach Impacts Over 743,000 Patients
More than 743,000 individuals have been affected by a data breach at Michigan-based McLaren Health Care. The nonprofit health system...
June 24, 2025 07:00 AM
743,000 patients had their data compromised in the McLaren Health Care breach
US healthcare organization McLaren Health Care has told nearly three quarters of a million people that their data may have been stolen in a...
June 24, 2025 07:00 AM
McLaren notifies 743K patients about data breach
The Michigan-based health system has told patients, for the second time in three years, that personal and protected health information has...
June 24, 2025 07:00 AM
Lynch Carpenter Investigates Claims in McLaren Health Care Data Breach
PITTSBURGH, June 24, 2025 (GLOBE NEWSWIRE) -- McLaren Health Care (“McLaren”) recently announced a cybersecurity incident, which impacted...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MHC CyberSecurity History Information
Official Website of McLaren Health Care
The official website of McLaren Health Care is http://www.mclaren.org.
McLaren Health Care’s AI-Generated Cybersecurity Score
According to Rankiteo, McLaren Health Care’s AI-generated cybersecurity score is 356, reflecting their Critical security posture.
How many security badges does McLaren Health Care’ have ?
According to Rankiteo, McLaren Health Care currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does McLaren Health Care have SOC 2 Type 1 certification ?
According to Rankiteo, McLaren Health Care is not certified under SOC 2 Type 1.
Does McLaren Health Care have SOC 2 Type 2 certification ?
According to Rankiteo, McLaren Health Care does not hold a SOC 2 Type 2 certification.
Does McLaren Health Care comply with GDPR ?
According to Rankiteo, McLaren Health Care is not listed as GDPR compliant.
Does McLaren Health Care have PCI DSS certification ?
According to Rankiteo, McLaren Health Care does not currently maintain PCI DSS compliance.
Does McLaren Health Care comply with HIPAA ?
According to Rankiteo, McLaren Health Care is not compliant with HIPAA regulations.
Does McLaren Health Care have ISO 27001 certification ?
According to Rankiteo,McLaren Health Care is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of McLaren Health Care
McLaren Health Care operates primarily in the Hospitals and Health Care industry.
Number of Employees at McLaren Health Care
McLaren Health Care employs approximately 9,073 people worldwide.
Subsidiaries Owned by McLaren Health Care
McLaren Health Care presently has no subsidiaries across any sectors.
McLaren Health Care’s LinkedIn Followers
McLaren Health Care’s official LinkedIn profile has approximately 32,869 followers.
NAICS Classification of McLaren Health Care
McLaren Health Care is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
McLaren Health Care’s Presence on Crunchbase
No, McLaren Health Care does not have a profile on Crunchbase.
McLaren Health Care’s Presence on LinkedIn
Yes, McLaren Health Care maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mclaren-health-care.
Cybersecurity Incidents Involving McLaren Health Care
As of November 27, 2025, Rankiteo reports that McLaren Health Care has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
McLaren Health Care has an estimated 29,962 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at McLaren Health Care ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
How does McLaren Health Care detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with outside forensic specialists, and communication strategy with notice sent to impacted individuals, and communication strategy with public notification released, free credit monitoring offered..
Incident Details
Can you provide details on each incident ?
Title: McLaren Health Care Data Breach
Description: McLaren Health Care (McLaren) suffered a data breach that exposed almost 2.2 million people's sensitive personal data.
Type: Data Breach
Title: McLaren Health Care Ransomware Attack
Description: McLaren Health Care hospitals suffered a ransomware attack by the INC Ransom group, leading to the disruption of IT and phone systems. Patients' sensitive information was compromised, including Social Security numbers, health insurance details, medical records, and more. The breach affected 2,192,515 individuals, risking their personal and medical information, which may lead to fraudulent activities. The hospital experienced operational difficulties, and healthcare services were impacted, as patients were requested to bring their own medication and test information due to the loss of database access.
Type: Ransomware Attack
Threat Actor: INC Ransom group
Title: McLaren Health Care Data Breach
Description: McLaren Health Care suffered a data breach caused by an attack by the INC ransomware gang, affecting 743,000 patients.
Date Detected: 2024-08-05
Date Publicly Disclosed: 2025-05-05
Type: Ransomware
Attack Vector: Unspecified
Threat Actor: INC ransomware gang
Motivation: Financial gain
Title: McLaren Health Care and Karmanos Cancer Institute Data Breach
Description: A ransomware attack between July and August 2024 affecting McLaren Health Care and Karmanos Cancer Institute has resulted in a data breach affecting nearly 750,000 people.
Date Detected: 2024-08-05
Date Publicly Disclosed: 2025-05
Type: Data Breach, Ransomware
Attack Vector: Ransomware
Threat Actor: INC ransomware gang
Motivation: Financial gain, Data theft
Title: McLaren Health Care Data Breach
Description: Unauthorized access to McLaren Health Care's systems resulted in a data breach affecting 2,192,515 individuals, including 77 Maine residents. Compromised information includes names, Social Security numbers, and other health-related data.
Date Detected: 2023-08-23
Date Publicly Disclosed: 2023-11-09
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MCL120121123
Data Compromised: Sensitive personal data
Incident : Ransomware Attack MCL000081124
Data Compromised: Social security numbers, Health insurance details, Medical records
Systems Affected: IT systemsphone systems
Operational Impact: Operational difficulties and impacted healthcare services
Identity Theft Risk: High
Incident : Ransomware MCL601062325
Data Compromised: Full names, Potentially other unspecified data
Systems Affected: IT systemsPhone systems
Operational Impact: Patient databases impacted
Incident : Data Breach, Ransomware MCL600062425
Data Compromised: Social security numbers, Health insurance information, Driver's license details, Names, Medical data
Systems Affected: IT systemsPhone systems
Downtime: Some surgeries, appointments and treatments were canceled or rescheduled
Operational Impact: Staff resorted to manually managing appointments and medication information
Incident : Data Breach MCL852072725
Data Compromised: Names, Social security numbers, Health-related data
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive Personal Data, , Social Security Numbers, Health Insurance Details, Medical Records, , Full Names, Potentially Other Unspecified Data, , Social Security Numbers, Health Insurance Information, Driver'S License Details, Names, Medical Data, , Names, Social Security Numbers, Health-Related Data and .
Which entities were affected by each incident ?
Incident : Data Breach MCL120121123
Entity Name: McLaren Health Care
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 2.2 million
Incident : Ransomware Attack MCL000081124
Entity Name: McLaren Health Care
Entity Type: Hospital
Industry: Healthcare
Customers Affected: 2192515
Incident : Ransomware MCL601062325
Entity Name: McLaren Health Care
Entity Type: Healthcare system
Industry: Healthcare
Location: Michigan, USA
Size: 28,000 full-time staff
Customers Affected: 743,000 patients
Incident : Data Breach, Ransomware MCL600062425
Entity Name: McLaren Health Care
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 743,131
Incident : Data Breach, Ransomware MCL600062425
Entity Name: Karmanos Cancer Institute
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 743,131
Incident : Data Breach MCL852072725
Entity Name: McLaren Health Care
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 2192515
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MCL120121123
Third Party Assistance: Outside Forensic Specialists.
Incident : Ransomware MCL601062325
Communication Strategy: Notice sent to impacted individuals
Incident : Data Breach, Ransomware MCL600062425
Communication Strategy: Public notification released, Free credit monitoring offered
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Outside forensic specialists, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MCL120121123
Type of Data Compromised: Sensitive personal data
Number of Records Exposed: 2.2 million
Incident : Ransomware Attack MCL000081124
Type of Data Compromised: Social security numbers, Health insurance details, Medical records
Number of Records Exposed: 2192515
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Ransomware MCL601062325
Type of Data Compromised: Full names, Potentially other unspecified data
Number of Records Exposed: 743,000
Incident : Data Breach, Ransomware MCL600062425
Type of Data Compromised: Social security numbers, Health insurance information, Driver's license details, Names, Medical data
Number of Records Exposed: 743,131
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach MCL852072725
Type of Data Compromised: Names, Social security numbers, Health-related data
Number of Records Exposed: 2192515
Sensitivity of Data: High
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware Attack MCL000081124
Ransomware Strain: INC Ransom
Incident : Ransomware MCL601062325
Ransomware Strain: INC
Incident : Data Breach, Ransomware MCL600062425
Ransomware Strain: INC ransomware
Data Exfiltration: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware MCL601062325
Regulatory Notifications: Notification submitted to U.S. authorities
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach, Ransomware MCL600062425
Recommendations: Vigilance, Monitoring accounts for suspicious activity
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Vigilance and Monitoring accounts for suspicious activity.
References
Where can I find more information about each incident ?
Incident : Ransomware MCL601062325
Source: Unspecified source
Incident : Data Breach, Ransomware MCL600062425
Source: TechRadar Pro
Incident : Data Breach MCL852072725
Source: Maine Office of the Attorney General
Date Accessed: 2023-11-09
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Unspecified source, and Source: TechRadar Pro, and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-11-09.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach MCL120121123
Investigation Status: Ongoing
Incident : Ransomware MCL601062325
Investigation Status: Completed
Incident : Data Breach, Ransomware MCL600062425
Investigation Status: Completed
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notice sent to impacted individuals, Public notification released and Free credit monitoring offered.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware MCL601062325
Customer Advisories: Notice sent to impacted individuals
Incident : Data Breach, Ransomware MCL600062425
Customer Advisories: Offered a year of free credit monitoring
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notice sent to impacted individuals and Offered a year of free credit monitoring.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Outside Forensic Specialists, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an INC Ransom group, INC ransomware gang and INC ransomware gang.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-08-05.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-11-09.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive personal data, , Social Security numbers, health insurance details, medical records, , Full names, Potentially other unspecified data, , Social Security numbers, Health insurance information, Driver's license details, Names, Medical data, , names, Social Security numbers, health-related data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was IT systemsphone systems and IT systemsPhone systems and IT systemsPhone systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was outside forensic specialists, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Sensitive personal data, Social Security numbers, Potentially other unspecified data, Health insurance information, medical records, names, health insurance details, Medical data, Full names, Driver's license details and health-related data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 3.7M.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Vigilance and Monitoring accounts for suspicious activity.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are TechRadar Pro, Unspecified source and Maine Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Notice sent to impacted individuals and Offered a year of free credit monitoring.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mclaren-health-care' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
