MEDHOST
Company Details
Linkedin ID:
medhost
Website:
Employees number:
578
Number of followers:
23,474
NAICS:
62
Industry Type:
Homepage:
medhost.com
IP Addresses:
0
Company ID:
MED_1422751
Scan Status:
In-progress
MEDHOST Company CyberSecurity Posture
medhost.com
MEDHOST is a provider of market-leading enterprise, departmental and healthcare engagement solutions to healthcare facilities nationwide. Our integrated product portfolio includes intuitive, cloud-based solutions, including YourCareEverywhere, a robust health and wellness consumer engagement platform. Our broad offering of hosting, outsourcing, marketing and consulting services are changing how clinicians and hospital leaders work and collaborate, while generating notable operational improvements. MEDHOST delivers value by enabling hospitals of all types and all sizes to better manage the business of healthcare across the care continuum while meeting evolving regulatory requirements.
MEDHOST A.I CyberSecurity Scoring
MEDHOST Risk Score (AI oriented)Between 750 and 799
MEDHOST
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MEDHOST Global Score (TPRM)XXXX
MEDHOST
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MEDHOST Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
MEDHOST
Breach
Rankiteo Explanation
Attack without any consequences
Description: Medhost’s public website medhost.com was targeted by the cyberattack in December 2017. No evidence has been found by MEDHOST to suggest that patient information was compromised, and maintained complete control over their internal systems during the incident and moving forward. The domain is fully under the control of MEDHOST, and the web-based apps and domain have been fully restored. Some customers already have full access depending on their location, but it's conceivable that it will take up to 24 hours for the change to take effect. End users can encounter intermittent application impact during that period.
MEDHOST Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MEDHOST
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for MEDHOST in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for MEDHOST in 2025.
Incident Types MEDHOST vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for MEDHOST in 2025.
Incident History — MEDHOST (X = Date, Y = Severity)
MEDHOST cyber incidents detection timeline including parent company and subsidiaries
MEDHOST Company Subsidiaries
MEDHOST is a provider of market-leading enterprise, departmental and healthcare engagement solutions to healthcare facilities nationwide. Our integrated product portfolio includes intuitive, cloud-based solutions, including YourCareEverywhere, a robust health and wellness consumer engagement platform. Our broad offering of hosting, outsourcing, marketing and consulting services are changing how clinicians and hospital leaders work and collaborate, while generating notable operational improvements. MEDHOST delivers value by enabling hospitals of all types and all sizes to better manage the business of healthcare across the care continuum while meeting evolving regulatory requirements.
Loading...
MEDHOST Similar Companies
Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritional and branded generic medicines. Our 114,000 col
Cencora
Cencora, a company building on the legacy of AmerisourceBergen, is a leading global pharmaceutical solutions organization centered on improving the lives of people and animals around the world. We connect manufacturers, providers, and patients to ensure that anyone can get the therapies they need, w
Emory Healthcare
Emory Healthcare is the most comprehensive health care system in Georgia. We offer 11 hospitals, the Emory Clinic, more than 250 provider locations, and more than 2,800 physicians specializing in 70 different medical subspecialties. Meaning we can provide treatments and services that may not be avai
Penn Medicine, University of Pennsylvania Health System
Penn Medicine’s mission is to advance knowledge and improve health through research, patient care, and the education of trainees in an inclusive culture that embraces diversity, fosters innovation, stimulates critical thinking, supports lifelong learning, and sustains our legacy of excellence. Penn
Duke University Health System
As a world-class academic and health care system, Duke Health strives to transform medicine and health locally and globally through innovative scientific research, rapid translation of breakthrough discoveries, educating future clinical and scientific leaders, advocating and practicing evidence-base
Michigan Medicine
Michigan Medicine, based in Ann Arbor, Michigan, is part of one of the world’s leading universities. Michigan Medicine is a premier, highly ranked academic medical center and award-winning health care system with state-of-the-art facilities. Our vision is to create the future of health care throu
Express Scripts by Evernorth
Express Scripts by Evernorth provides pharmacy benefits services with a clear mission: To simplify complexities and provide holistic, condition-focused care and clinically superior pharmacy benefit solutions for our clients and the people they serve. Guided by our core values of service, patient ca
Providence
Every day, 119,000 compassionate caregivers serve patients and communities through Providence St. Joseph Health, a national, Catholic, not-for-profit health system, driven by a belief that health is a human right. Rooted in the founding missions of the Sisters of Providence and the Sisters of St.
The people of Memorial Sloan Kettering Cancer Center (MSK) are united by a singular mission: ending cancer for life. Our specialized care teams provide personalized, compassionate, expert care to patients of all ages. Informed by basic research done at our Sloan Kettering Institute, scientists acros
.png)
MEDHOST CyberSecurity News
November 08, 2018 08:00 AM
MEDHOST Welcomes Its New Chief Information Security Officer
Michael Johnson brings to MEDHOST decades of extensive healthcare information security experience.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MEDHOST CyberSecurity History Information
Official Website of MEDHOST
The official website of MEDHOST is http://www.medhost.com/.
MEDHOST’s AI-Generated Cybersecurity Score
According to Rankiteo, MEDHOST’s AI-generated cybersecurity score is 756, reflecting their Fair security posture.
How many security badges does MEDHOST’ have ?
According to Rankiteo, MEDHOST currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does MEDHOST have SOC 2 Type 1 certification ?
According to Rankiteo, MEDHOST is not certified under SOC 2 Type 1.
Does MEDHOST have SOC 2 Type 2 certification ?
According to Rankiteo, MEDHOST does not hold a SOC 2 Type 2 certification.
Does MEDHOST comply with GDPR ?
According to Rankiteo, MEDHOST is not listed as GDPR compliant.
Does MEDHOST have PCI DSS certification ?
According to Rankiteo, MEDHOST does not currently maintain PCI DSS compliance.
Does MEDHOST comply with HIPAA ?
According to Rankiteo, MEDHOST is not compliant with HIPAA regulations.
Does MEDHOST have ISO 27001 certification ?
According to Rankiteo,MEDHOST is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of MEDHOST
MEDHOST operates primarily in the Hospitals and Health Care industry.
Number of Employees at MEDHOST
MEDHOST employs approximately 578 people worldwide.
Subsidiaries Owned by MEDHOST
MEDHOST presently has no subsidiaries across any sectors.
MEDHOST’s LinkedIn Followers
MEDHOST’s official LinkedIn profile has approximately 23,474 followers.
NAICS Classification of MEDHOST
MEDHOST is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
MEDHOST’s Presence on Crunchbase
Yes, MEDHOST has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/medhost.
MEDHOST’s Presence on LinkedIn
Yes, MEDHOST maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/medhost.
Cybersecurity Incidents Involving MEDHOST
As of November 30, 2025, Rankiteo reports that MEDHOST has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
MEDHOST has an estimated 30,121 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at MEDHOST ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does MEDHOST detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with full restoration of web-based apps and domain..
Incident Details
Can you provide details on each incident ?
Title: MEDHOST Public Website Cyberattack
Description: MEDHOST’s public website medhost.com was targeted by a cyberattack in December 2017. No evidence has been found to suggest that patient information was compromised, and MEDHOST maintained complete control over their internal systems during the incident and moving forward. The domain is fully under the control of MEDHOST, and the web-based apps and domain have been fully restored. Some customers already have full access depending on their location, but it's conceivable that it will take up to 24 hours for the change to take effect. End users can encounter intermittent application impact during that period.
Date Detected: December 2017
Type: Cyberattack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack MED84626223
Systems Affected: Public WebsiteWeb-based Apps
Downtime: Up to 24 hours
Operational Impact: Intermittent application impact
Which entities were affected by each incident ?
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack MED84626223
Remediation Measures: Full restoration of web-based apps and domain
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Full restoration of web-based apps and domain.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on December 2017.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Public WebsiteWeb-based Apps.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=medhost' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
