MHS
Company Details
Linkedin ID:
multicare-health-system
Website:
Employees number:
11,958
Number of followers:
62,390
NAICS:
62
Industry Type:
Homepage:
multicare.org
IP Addresses:
0
Company ID:
MUL_1272346
Scan Status:
In-progress
MultiCare Health System Company CyberSecurity Posture
multicare.org
MultiCare’s roots in the Pacific Northwest go back to 1882, with the founding of Tacoma’s first hospital. Over the years, we’ve grown from a Tacoma-centric, hospital-based organization into the largest, community-based, locally governed health system in the state of Washington. Today, our comprehensive system of health includes more than 300 primary, urgent, pediatric and specialty care locations across Washington, Idaho and Oregon, as well as 13 hospitals. We welcome patients from the entire Pacific Northwest region and our 20,000-plus team members — including employees, providers and volunteers — proudly care for the communities we serve. Without a doubt, our organization has changed over the years. But what has never changed, throughout our long history, has been our dedication to health and wellness of the people of the Pacific Northwest. Guided by our mission, vision and values, we are on continuous journey to deliver the services that our communities need, and to ensure access to those services, now and in the future.
MultiCare Health System A.I CyberSecurity Scoring
MHS Risk Score (AI oriented)Between 650 and 699
MHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MHS Global Score (TPRM)XXXX
MHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MHS Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
MultiCare Health System, Inc.
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Maine Office of the Attorney General reported that MultiCare Health System, Inc. experienced an external system breach on May 18, 2022, due to hacking, affecting a total of 23,712 individuals, including 3 residents of Maine. The breach involved potential compromise of Social Security Numbers and identity theft protection services were offered for two years through Equifax credit monitoring.
MultiCare Health System
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: MultiCare Health System in Washington suffered a third-party data breach that originated at its mailing service provider, Kaye-Smith. The breach impacted more than 23,000 individuals at MultiCare. The breached information included Names, addresses, and Social Security numbers.
MultiCare Health System
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On August 21, 2020, the Washington State Office of the Attorney General reported a ransomware attack affecting MultiCare Health System, which took place from February 7, 2020, to May 20, 2020. The incident impacted 302,769 Washington residents, with the compromised information including names, addresses, telephone numbers, and medical information.
MHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for MultiCare Health System in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for MultiCare Health System in 2025.
Incident Types MHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for MultiCare Health System in 2025.
Incident History — MHS (X = Date, Y = Severity)
MHS cyber incidents detection timeline including parent company and subsidiaries
MHS Company Subsidiaries
MultiCare’s roots in the Pacific Northwest go back to 1882, with the founding of Tacoma’s first hospital. Over the years, we’ve grown from a Tacoma-centric, hospital-based organization into the largest, community-based, locally governed health system in the state of Washington. Today, our comprehensive system of health includes more than 300 primary, urgent, pediatric and specialty care locations across Washington, Idaho and Oregon, as well as 13 hospitals. We welcome patients from the entire Pacific Northwest region and our 20,000-plus team members — including employees, providers and volunteers — proudly care for the communities we serve. Without a doubt, our organization has changed over the years. But what has never changed, throughout our long history, has been our dedication to health and wellness of the people of the Pacific Northwest. Guided by our mission, vision and values, we are on continuous journey to deliver the services that our communities need, and to ensure access to those services, now and in the future.
Loading...
MHS Similar Companies
Piedmont
At Piedmont, we deliver healthcare marked by compassion and sustainable excellence in a progressive environment, guided by physicians, delivered by exceptional professionals and inspired by the communities we serve. Piedmont is a not-for-profit, community health system comprised of 25 hospitals and
Lehigh Valley Health Network
Lehigh Valley Health Network (LVHN) is proudly part of Jefferson Health, forming a leading integrated academic health care delivery system. With 65,000 colleagues, 32 hospitals and over 700 sites of care across the Lehigh Valley, northeastern Pennsylvania, Delaware Valley and southern New Jersey. L
Johnson & Johnson MedTech
At Johnson & Johnson MedTech, we are working to solve the world’s most pressing healthcare challenges through innovations at the intersection of biology and technology. With deep expertise in surgery, orthopaedics, cardiovascular, and vision, we design healthcare solutions that are smarter, less inv
Guy's and St Thomas' NHS Foundation Trust
One of the largest Trusts in the UK, Guy’s and St Thomas’ NHS Foundation Trust comprises five of the UK’s best known hospitals – Guy’s, St Thomas’, Evelina London Children’s Hospital, Royal Brompton and Harefield – as well as community services in Lambeth and Southwark, all with a long history of hi
Allina Health
People at Allina Health have a career of making a difference in the lives of the millions of patients we see each year at our 90+ clinics, 12 hospitals and through a wide variety of specialty care services in Minnesota and western Wisconsin. We’re a not-for-profit organization committed to enrichin
Boston Children's Hospital
Boston Children's Hospital is a 404-bed comprehensive center for pediatric health care. As one of the largest pediatric medical centers in the United States, Boston Children's offers a complete range of health care services for children from birth through 21 years of age. (Our services can begin int
Sentara Health
Sentara Health, an integrated, not-for-profit health care delivery system, celebrates more than 135 years in pursuit of its mission - "we improve health every day." Sentara is one of the largest health systems in the U.S. Mid-Atlantic and Southeast, and among the top 20 largest not-for-profit integr
University of Maryland Medical System
The University of Maryland Medical System (UMMS) was created in 1984 when the state-owned University Hospital became a private, nonprofit organization. It has evolved into a multi-hospital system with academic, community and specialty service missions reaching every part of the state and beyond. UM
UMass Memorial Health
UMass Memorial Health is the health and wellness partner of the people of Central Massachusetts. Through pain and pandemics, our commitment to our communities never wanes. We use knowledge and innovation to create breakthrough medicine, to create jobs, and to make life better for those we serve. We
.png)
MHS CyberSecurity News
November 06, 2025 01:21 PM
CHIME Honors 18 Organizations for Achieving Highest Level of Digital Health Excellence in 2025 Digital Health Most Wired (DHMW) Survey
CHIME Honors 18 Organizations for Achieving Highest Level of Digital Health Excellence in 2025 Digital Health Most Wired (DHMW) Survey...
October 25, 2025 07:00 AM
Vijay Kedia bets big money on these 2 high-growth stocks: Should you follow?
Market Master Vijay Kedia has just added two less known stocks to his portfolio, both of which have logged in triple digit compounded profit...
October 24, 2025 07:00 AM
MultiCare plans acquisition of Oregon hospital system
Two Pacific Northwest hospitals systems are planning to come together. Image: Samaritan Health Services. The MultiCare Health System and...
October 22, 2025 07:00 AM
MultiCare, Samaritan lay out integration plans
MultiCare Health System and Samaritan Health Services look to combine the two nonprofit health systems, they announced Wednesday.
May 30, 2025 07:00 AM
From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care
When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to...
May 28, 2025 07:00 AM
Do You Have Insurance Through MVP? Beware of Scam Calls
MVP Health Care members are being targeted by a sophisticated phishing scam involving automated calls that falsely claim to be from the...
March 25, 2025 07:00 AM
How MultiCare Health System saved $10M with clinical decision support
The 13-hospital network's CDS system also maintained stable patient experience scores – and data validated that cost reduction was achieved...
February 18, 2025 08:00 AM
Tacoma Cybersecurity Job Market: Trends and Growth Areas for 2025
Discover the latest trends and growth areas in Tacoma's cybersecurity job market in Washington for 2025, from education to economic impact.
December 11, 2024 08:00 AM
Kaye-Smith Settles Class Action Data Breach Lawsuit for $2 Million
The marketing company and mailing vendor, Kaye-Smith Enterprises, has agreed to settle a class action lawsuit filed in response to a 2022 cyberattack and data...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MHS CyberSecurity History Information
Official Website of MultiCare Health System
The official website of MultiCare Health System is http://jobs.multicare.org.
MultiCare Health System’s AI-Generated Cybersecurity Score
According to Rankiteo, MultiCare Health System’s AI-generated cybersecurity score is 685, reflecting their Weak security posture.
How many security badges does MultiCare Health System’ have ?
According to Rankiteo, MultiCare Health System currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does MultiCare Health System have SOC 2 Type 1 certification ?
According to Rankiteo, MultiCare Health System is not certified under SOC 2 Type 1.
Does MultiCare Health System have SOC 2 Type 2 certification ?
According to Rankiteo, MultiCare Health System does not hold a SOC 2 Type 2 certification.
Does MultiCare Health System comply with GDPR ?
According to Rankiteo, MultiCare Health System is not listed as GDPR compliant.
Does MultiCare Health System have PCI DSS certification ?
According to Rankiteo, MultiCare Health System does not currently maintain PCI DSS compliance.
Does MultiCare Health System comply with HIPAA ?
According to Rankiteo, MultiCare Health System is not compliant with HIPAA regulations.
Does MultiCare Health System have ISO 27001 certification ?
According to Rankiteo,MultiCare Health System is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of MultiCare Health System
MultiCare Health System operates primarily in the Hospitals and Health Care industry.
Number of Employees at MultiCare Health System
MultiCare Health System employs approximately 11,958 people worldwide.
Subsidiaries Owned by MultiCare Health System
MultiCare Health System presently has no subsidiaries across any sectors.
MultiCare Health System’s LinkedIn Followers
MultiCare Health System’s official LinkedIn profile has approximately 62,390 followers.
NAICS Classification of MultiCare Health System
MultiCare Health System is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
MultiCare Health System’s Presence on Crunchbase
No, MultiCare Health System does not have a profile on Crunchbase.
MultiCare Health System’s Presence on LinkedIn
Yes, MultiCare Health System maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/multicare-health-system.
Cybersecurity Incidents Involving MultiCare Health System
As of November 27, 2025, Rankiteo reports that MultiCare Health System has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
MultiCare Health System has an estimated 29,983 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at MultiCare Health System ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Ransomware.
How does MultiCare Health System detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with equifax credit monitoring..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at MultiCare Health System
Description: MultiCare Health System in Washington suffered a third-party data breach that originated at its mailing service provider, Kaye-Smith. The breach impacted more than 23,000 individuals at MultiCare. The breached information included names, addresses, and Social Security numbers.
Type: Data Breach
Attack Vector: Third-party vendor compromise
Title: Ransomware Attack on MultiCare Health System
Description: A ransomware attack on MultiCare Health System impacted 302,769 Washington residents, compromising names, addresses, telephone numbers, and medical information.
Date Detected: 2020-02-07
Date Publicly Disclosed: 2020-08-21
Date Resolved: 2020-05-20
Type: Ransomware
Title: MultiCare Health System Data Breach
Description: MultiCare Health System, Inc. experienced an external system breach on May 18, 2022, due to hacking, affecting a total of 23,712 individuals, including 3 residents of Maine. The breach involved potential compromise of Social Security Numbers and identity theft protection services were offered for two years through Equifax credit monitoring.
Date Detected: 2022-05-18
Type: Data Breach
Attack Vector: Hacking
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Mailing service provider and Kaye-Smith.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MUL20314123
Data Compromised: Names, Addresses, Social security numbers
Incident : Ransomware MUL752072725
Data Compromised: Names, Addresses, Telephone numbers, Medical information
Incident : Data Breach MUL423080525
Data Compromised: Social security numbers
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Social Security Numbers, , Names, Addresses, Telephone Numbers, Medical Information, , Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach MUL20314123
Entity Name: MultiCare Health System
Entity Type: Healthcare
Industry: Healthcare
Location: Washington
Customers Affected: 23000
Incident : Ransomware MUL752072725
Entity Name: MultiCare Health System
Entity Type: Healthcare
Industry: Healthcare
Location: Washington
Customers Affected: 302769
Incident : Data Breach MUL423080525
Entity Name: MultiCare Health System, Inc.
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 23712
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MUL423080525
Third Party Assistance: Equifax Credit Monitoring.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Equifax credit monitoring, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MUL20314123
Type of Data Compromised: Names, Addresses, Social security numbers
Number of Records Exposed: 23000
Personally Identifiable Information: NamesAddressesSocial Security numbers
Incident : Ransomware MUL752072725
Type of Data Compromised: Names, Addresses, Telephone numbers, Medical information
Number of Records Exposed: 302769
Incident : Data Breach MUL423080525
Type of Data Compromised: Social security numbers
Number of Records Exposed: 23712
Sensitivity of Data: High
Personally Identifiable Information: Social Security Numbers
References
Where can I find more information about each incident ?
Incident : Ransomware MUL752072725
Source: Washington State Office of the Attorney General
Date Accessed: 2020-08-21
Incident : Data Breach MUL423080525
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2020-08-21, and Source: Maine Office of the Attorney General.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach MUL20314123
Entry Point: Mailing service provider, Kaye-Smith
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Equifax Credit Monitoring, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-02-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-08-21.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2020-05-20.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Social Security numbers, , names, addresses, telephone numbers, medical information, , Social Security Numbers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was equifax credit monitoring, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Addresses, Social Security Numbers, Social Security numbers, addresses, medical information, telephone numbers, names and Names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.6K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and Washington State Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Mailing service provider and Kaye-Smith.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=multicare-health-system' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
