Future Cardia A.I CyberSecurity Scoring
Future Cardia
Company Information
Website:https://futurecardia.com/
Employees number:12
Number of followers:1,966
NAICS:3391
Industry Type:Medical Equipment Manufacturing
Homepage:futurecardia.com
Future Cardia Risk Score (AI oriented)
Between 0 and 549
Future CardiaMedical Equipment Manufacturing
Updated:
30/04/2026
30/04/2026
301/1000
Critical
C
Future Cardia Global Score (TPRM)
xxxx
Future CardiaMedical Equipment Manufacturing
Score locked

Future CardiaCritical
Current Score
301C (CRITICAL)
01000
5 incidents
-157 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
321
JUNE 2026
310
MAY 2026
301
APRIL 2026
301
MARCH 2026
416
FEBRUARY 2026
283
JANUARY 2026
403
DECEMBER 2025
398
NOVEMBER 2025
391
OCTOBER 2025
384
SEPTEMBER 2025
377
AUGUST 2025
520
Ransomware
01 Aug 2025 • Future Cardia
Centerwell, Humana, Oracle and Catalyst RCM: Humana warns patients of data breach that leaked SSNs, medical info
Humana and Centerwell Hit by Clop Ransomware Attack
363
CRITICAL-157
HUMORAHEACEN1774290394
Humana and Centerwell Hit by Clop Ransomware Attack in August 2025
Humana confirmed a data breach in August 2025, exposing sensitive personal and medical information of an undisclosed number of individuals. Compromised data includes names, Social Security numbers, medical billing details, claims info, provider names, Humana ID numbers, patient account numbers, and health insurance data. Subsidiary Centerwell also began notifying affected individuals this month, with Texas reporting 4,618 impacted residents.
The cybercriminal group Clop claimed responsibility for the breach, though Humana has not confirmed the attribution. The attack stemmed from a vendor’s software vulnerability, which Clop has exploited in other incidents, including a flaw in Oracle’s E-Business Suite. Humana is offering affected individuals 24 months of free credit monitoring and identity restoration services through Equifax, with an enrollment deadline of March 31, 2027.
Clop, active since 2019, specializes in zero-day exploits and often steals data without encryption, demanding ransom to prevent leaks. In 2025, the group claimed 456 attacks, with 35 confirmed, including breaches at Parexel International and Barts Health NHS Trust. The Oracle vulnerability alone accounted for 119 claims, 29 of which were verified.
The breach adds to a rising trend of ransomware attacks on U.S. healthcare entities. Comparitech recorded 31 confirmed attacks in 2025 on non-direct-care healthcare businesses, exposing data of over 196 million people. Other recent incidents include breaches at Catalyst RCM (claimed by Everest) and Resource Corporation of America (targeted by Medusa for an $800,000 ransom).
Humana, the fourth-largest U.S. health insurer, has faced prior scrutiny over fraud allegations and AI-driven Medicare claim denials. Centerwell, its subsidiary, provides pharmacy, senior care, and home health services. Both companies now face a class-action lawsuit alleging inadequate data protection.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
559
Breach
22 Jan 2025 • Future Cardia
ChristianaCare vendor Oracle Health exposed in cybersecurity incident
ChristianaCare Vendor Oracle Health Cybersecurity Incident
490
CRITICAL-69
CHR1764431992
ChristianaCare vendor Oracle Health exposed in cybersecurity incident
Show Caption Hide Caption Millions of Americans personal info hacked in data breach Millions of Social Security numbers were hacked after a massive data breach. Here's how to protect yourself.
ChristianaCare has announced that a cybersecurity incident of its third-party electronic medical records vendor Oracle Health, formerly Cerner Corp., exposed patients' information and medical records.
Delaware's largest health care provider did not release the number of affected patients, but letters are being mailed to patients whose information was involved in this incident.
The data varied by patient, but it could include names; Social Security numbers; and patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
DATA BREACH: How to protect your information after it has been compromised
"ChristianaCare’s IT systems were not impacted, and there was no disruption to ChristianaCare’s clinical operations," according to a Nov. 26 statement issued by ChristianaCare.
When did the data breach occur?
Oracle Health informed ChristianaCare in April that an unauthorized third party gained access to legacy Cerner systems as early as Jan. 22.
On Sept. 29, Oracle Health provided ChristianaCare with a list of patients whose information may have been involved in the breach.
The data breach affected multiple health care organizations across the countr
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
682
Breach
01 Jan 2025 • Future Cardia
Future Cardia: Some patients are just learning about Cerner health data breach in January • Missouri Independent
Cerner Electronic Health Records Data Breach
556
CRITICAL-126
ORA1764943612
In January, hackers gained access to a cache of Cerner electronic health records stored on a legacy network.
But some patients whose sensitive health and financial information may have been exposed are only now being notified — and many others still haven’t been told.
NKC Health, formerly North Kansas City Hospital, is one of the most recent hospitals to let patients know about a cyber incident involving Cerner, now Oracle Health. The Nov. 25 notice said the hospital had only “recently learned” of the incident, which has been unraveling for months and reportedly dates back to January.
About a dozen hospitals across the country, including Mosaic Life Care in St. Joseph, Missouri, have sent similar notices to patients. Oracle has not publicly disclosed the number of hospitals involved or how many patients may have been affected.
But Elena A. Belov, a lawyer representing victims of the data breach in a federal class action lawsuit filed in the Western District of Missouri, said she has been told by Oracle’s attorneys that 80 hospitals’ patient records may have been involved. And that could amount to millions of victims.
“This is one of the most massive breaches in the health care industry in the last couple of years,” said Belov, who practices with the Almeida Law Group. “We still don’t know the entire universe. The list of affected hospitals has not been made public.”
Oracle Health, which acquired North Kansas City-based Cerner for $28 billion in 2022, did not reply to re
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2024
666
Breach
01 Feb 2024 • Future Cardia
Oracle Health, BST & Co. CPAs LLP and Change Healthcare: HIPAA at 21 Years of Compliance: Why the Security Rule May Be Entering a More Prescriptive Era
HIPAA Security Rule Compliance Gaps and Enforcement Trends (2024-2026)
459
CRITICAL-207
CHABSTORA1777538345
HIPAA Security Rule at 21: Key Lessons from Two Decades of Enforcement and Evolving Threats
April 2026 marks 21 years since the HIPAA Security Rule’s compliance deadline, a milestone coinciding with rising cyberthreats, regulatory scrutiny, and the first major modernization effort in over two decades. As healthcare remains the most targeted industry for privacy and security incidents accounting for the highest percentage of breaches in BakerHostetler’s 2026 Data Security Incident Response Report (DSIR) the rule’s enduring relevance is underscored by persistent compliance gaps and escalating enforcement.
### Core Challenges and Enforcement Trends
The Office for Civil Rights (OCR) has intensified its focus on security risk analysis, a foundational requirement frequently cited in investigations. A recent settlement with business associate BST & Co. CPAs LLP which failed to conduct a proper risk analysis before a ransomware attack resulted in a $175,000 penalty and a two-year corrective action plan. OCR’s Risk Analysis Initiative has led to increased penalties for organizations lacking thorough, enterprise-wide assessments.
Business associates have emerged as a critical vulnerability, responsible for 35% of healthcare incidents in 2025. High-profile breaches, including the Change Healthcare ransomware attack (exposing 192.7 million records) and incidents at Conduent, Episource, and Oracle Health, highlight the risks of third-party access. OCR’s enforcement against business associates surged in 2025, with seven resolution agreements issued between November 2024 and December 2025.
### Operational and Technical Gaps
Despite advances in cybersecurity tools, human error and workforce behavior remain leading causes of breaches. Phishing accounted for 30% of incidents in 2025, while social engineering and unintended disclosures contributed another 16%. OCR’s emphasis on ongoing, role-specific training reflects the need to address evolving threats, including AI-driven attacks that enhance phishing and social engineering tactics.
Encryption has effectively become a baseline expectation, with OCR settlements frequently citing unencrypted devices as a factor in breach severity. Meanwhile, incident response plans must be operational organizations with tested protocols contained breaches faster (average zero days from discovery to containment) and reduced notification timelines (average 59 days from discovery to reporting).
### Regulatory and Operational Pressures
The 2025 healthcare cybersecurity landscape was defined by heightened scrutiny, with state attorneys general (AGs) launching parallel investigations alongside OCR. Ransomware attacks disrupted patient care, with an average 12.7-day restoration period and ransom demands exceeding $18 million (though average payments were $1.15 million). The DSIR notes that dwell time the period between compromise and detection has shortened, forcing organizations to prioritize rapid detection and response over prevention alone.
### The Path Forward
As the Security Rule undergoes potential modernization, healthcare organizations face three critical priorities:
1. Risk Analysis and Management – Conducting comprehensive, enterprise-wide assessments and translating findings into actionable safeguards.
2. Vendor Oversight – Treating business associate risk as enterprise risk, with rigorous due diligence and contractual controls.
3. Operational Resilience – Ensuring incident response plans, workforce training, and encryption practices are tested, documented, and defensible.
The past 21 years have demonstrated that compliance is not a one-time project but an ongoing process one that demands adaptability as threats, technology, and regulatory expectations evolve. With enforcement expectations rising, organizations that invest in governance, documentation, and proactive risk management will be best positioned to navigate the next phase of HIPAA’s evolution.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2022
757
Breach
16 Jun 2022 • Future Cardia
Oracle Health: Months after hackers broke into Cerner’s network, some patients don’t know their health data was stolen
Massive Cerner/Oracle Health Data Breach Exposes Millions of Patient Records
626
CRITICAL-131
ORA1769175038
Massive Cerner/Oracle Health Data Breach Exposes Millions of Patient Records
In January, hackers breached a legacy network containing electronic health records (EHR) managed by Cerner now part of Oracle Health exposing sensitive patient data across multiple U.S. hospitals. The incident, which remained undisclosed to the public for months, has only recently prompted notifications to affected individuals, with many still unaware of the breach.
Key Details of the Breach
- When & How: The intrusion occurred in January, targeting Cerner’s outdated network before its data was migrated to Oracle’s cloud infrastructure. Oracle Health, which acquired Cerner in a $28 billion deal in 2022, has not publicly commented on the scope or cause of the breach.
- Who’s Affected: At least 80 hospitals may have been impacted, potentially exposing millions of patient records, according to Elena A. Belov, an attorney representing victims in a federal class-action lawsuit. Confirmed affected providers include NKC Health (formerly North Kansas City Hospital) and Mosaic Life Care in Missouri, though Oracle has not released a full list of compromised facilities.
- What Was Exposed: Compromised data likely includes Social Security numbers, financial details, medical histories, diagnoses, and medications posing risks of identity theft, medical fraud, and even life-threatening errors if records are altered.
- Delayed Notifications: Oracle only began informing healthcare clients this summer, with some hospitals, like NKC Health, notifying patients as late as November. Oracle reportedly delayed disclosures at the request of law enforcement, citing concerns it could hinder investigations. The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) acknowledged the breach in March and April, respectively, with CISA issuing a security alert about potential risks to organizations and individuals.
Industry-Wide Vulnerabilities
The breach underscores persistent cybersecurity gaps in healthcare, an industry that reported 493 data compromises in the first 11 months of 2025 alone affecting over 34 million victims. While financial services now lead in breach frequency, healthcare remains a prime target due to its fragmented ecosystem, which includes small clinics, large hospital networks, pharmacies, and insurers. Attackers often exploit weak links, such as a single compromised login, to access vast troves of sensitive data.
Ransomware and High-Stakes Consequences
Healthcare breaches carry unique risks. Unlike other sectors, hospitals often face immediate operational disruptions, with patient lives at stake if critical data like medication records or lab results is locked or corrupted. As a result, an estimated one-third of healthcare organizations pay ransoms to restore access, despite declining average payments (down to $376,940 in Q3 2025). Experts warn that stolen health data can lead to "deadly outcomes," including misdiagnoses or delayed treatments if records are tampered with.
Ongoing Fallout
Oracle has yet to disclose the total number of affected patients or hospitals, leaving victims in the dark about potential exposure. Legal and cybersecurity experts criticize the lack of transparency, noting that delayed notifications deprive individuals of time to mitigate risks, such as freezing credit or monitoring for fraud. The breach ranks among the largest in recent healthcare history, highlighting systemic failures in securing legacy systems and responding to cyber threats.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Future Cardia ??
What was Future Cardia's A.I Rankiteo Cyber Score in June 2026 ??
What was Future Cardia's A.I Rankiteo Cyber Score in May 2026 ??
What was Future Cardia's A.I Rankiteo Cyber Score in April 2026 ??
What was Future Cardia's A.I Rankiteo Cyber Score in March 2026 ??
What was Future Cardia's A.I Rankiteo Cyber Score in February 2026 ??
What was Future Cardia's A.I Rankiteo Cyber Score in January 2026 ??
What was Future Cardia's A.I Rankiteo Cyber Score in December 2025 ??
What was Future Cardia's A.I Rankiteo Cyber Score in November 2025 ??
What was Future Cardia's A.I Rankiteo Cyber Score in October 2025 ??
What was Future Cardia's A.I Rankiteo Cyber Score in September 2025 ??
What was Future Cardia's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Future Cardia's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Future Cardia ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Future Cardia's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?