Comparison Overview

MD Anderson Cancer Center

VS

Penn Medicine, University of Pennsylvania Health System

MD Anderson Cancer Center

1515 Holcombe Blvd., Houston, 77030, US
Last Update: 2026-01-23
View Profile
Between 750 and 799
http://MDAnderson.org

The University of Texas MD Anderson Cancer Center is one of the world's most respected centers devoted exclusively to cancer patient care, research, education and prevention. MD Anderson provides cancer care at several convenient locations throughout the Greater Houston Area and collaborates with community hospitals and health systems nationwide through MD Anderson Cancer Network®. U.S. News & World Report's "Best Hospitals"​ survey has ranked MD Anderson the nation's top hospital for cancer care. Every year since the survey began in 1990, MD Anderson has been named one of the top two cancer hospitals. The recognition reflects the passion of our 21,000 extraordinary employees and 1,000 volunteers for providing exceptional care to our patients and their families, and for realizing our mission to #EndCancer. You can view all of our career opportunities at careers.mdanderson.org.

NAICS: 62
NAICS Definition: Health Care and Social Assistance
Employees: 22,634
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Penn Medicine, University of Pennsylvania Health System

3400 Spruce Street, Philadelphia, 19104, US
Last Update: 2026-01-18
Between 750 and 799
http://www.pennmedicine.org

Penn Medicine is a world leader in academic medicine, setting the standard for cutting-edge research, compassionate patient care, and the education of future health care professionals. From founding the nation’s first hospital and medical school to pioneering Nobel Prize-winning mRNA vaccines and lifesaving cancer therapies, Penn Medicine continues to show the world what comes next. Home to more than 49,000 team members, Penn Medicine includes the University of Pennsylvania Health System and the Perelman School of Medicine. Together, our clinicians and scientists drive discoveries that transform patient care and improve lives across Pennsylvania, New Jersey, and beyond. Penn Medicine’s seven hospitals—the Hospital of the University of Pennsylvania, Penn Presbyterian Medical Center, Pennsylvania Hospital, Chester County Hospital, Lancaster General Health, Penn Medicine Princeton Health, and Doylestown Health—along with hundreds of outpatient sites and home care services, provide exceptional care throughout the region. At Penn Medicine, innovation and collaboration fuel everything we do. Our mission is to advance knowledge and improve health through research, patient care, and education in an inclusive culture that embraces diversity, fosters innovation, and sustains our legacy of excellence. Learn more: www.pennmedicine.org Read the latest stories: www.pennmedicine.org/news

NAICS: 62
NAICS Definition: Health Care and Social Assistance
Employees: 21,498
Subsidiaries: 6
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/mdandersoncancercenter.jpeg
MD Anderson Cancer Center
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/university-of-pennsylvania-health-system.jpeg
Penn Medicine, University of Pennsylvania Health System
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
MD Anderson Cancer Center
100%
Compliance Rate
0/4 Standards Verified
Penn Medicine, University of Pennsylvania Health System
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Hospitals and Health Care Industry Average (This Year)

No incidents recorded for MD Anderson Cancer Center in 2026.

Incidents vs Hospitals and Health Care Industry Average (This Year)

No incidents recorded for Penn Medicine, University of Pennsylvania Health System in 2026.

Incident History — MD Anderson Cancer Center (X = Date, Y = Severity)

MD Anderson Cancer Center cyber incidents detection timeline including parent company and subsidiaries

Incident History — Penn Medicine, University of Pennsylvania Health System (X = Date, Y = Severity)

Penn Medicine, University of Pennsylvania Health System cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/mdandersoncancercenter.jpeg
MD Anderson Cancer Center
Incidents

No Incident

https://images.rankiteo.com/companyimages/university-of-pennsylvania-health-system.jpeg
Penn Medicine, University of Pennsylvania Health System
Incidents

No Incident

FAQ

MD Anderson Cancer Center company demonstrates a stronger AI Cybersecurity Score compared to Penn Medicine, University of Pennsylvania Health System company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Penn Medicine, University of Pennsylvania Health System company has disclosed a higher number of cyber incidents compared to MD Anderson Cancer Center company.

In the current year, Penn Medicine, University of Pennsylvania Health System company and MD Anderson Cancer Center company have not reported any cyber incidents.

Neither Penn Medicine, University of Pennsylvania Health System company nor MD Anderson Cancer Center company has reported experiencing a ransomware attack publicly.

Neither Penn Medicine, University of Pennsylvania Health System company nor MD Anderson Cancer Center company has reported experiencing a data breach publicly.

Neither Penn Medicine, University of Pennsylvania Health System company nor MD Anderson Cancer Center company has reported experiencing targeted cyberattacks publicly.

Neither MD Anderson Cancer Center company nor Penn Medicine, University of Pennsylvania Health System company has reported experiencing or disclosing vulnerabilities publicly.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds any compliance certifications.

Neither company holds any compliance certifications.

Penn Medicine, University of Pennsylvania Health System company has more subsidiaries worldwide compared to MD Anderson Cancer Center company.

MD Anderson Cancer Center company employs more people globally than Penn Medicine, University of Pennsylvania Health System company, reflecting its scale as a Hospitals and Health Care.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds SOC 2 Type 1 certification.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds SOC 2 Type 2 certification.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds ISO 27001 certification.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds PCI DSS certification.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds HIPAA certification.

Neither MD Anderson Cancer Center nor Penn Medicine, University of Pennsylvania Health System holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
References
Description

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Description

Azure Entra ID Elevation of Privilege Vulnerability

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
Description

Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss4
Base: 2.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.

Published
Date
2026-01-22
Updated
Date
2026-01-22
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References