Badge
11,371 badges added since 01 January 2025
ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF employs more than 26,000 Mission Partners across 171 locations; has two colleges of nursing; operates OSF Home Care Services, an extensive network of home health and hospice services; owns Pointcore, Inc., comprised of health care-related businesses; OSF HealthCare Foundation, the philanthropic arm for the organization; and OSF Ventures, which provides investment capital for promising health care innovation startups. In 2020, OSF OnCall was established as a digital health operating unit and includes a hospital-at-home program. OSF OnCall delivers care and services when, where and how patients prefer to receive them. OSF HealthCare has been recognized by Fortune as one of the most innovative companies in the country. OSF consistently earns recognition for showing dedication to the well-being of its Mission Partners: •America’s Best-in-State Employers | Forbes Magazine | 2018-2025 •150 Top Places to Work in Healthcare | Becker’s Healthcare | 2019, 2022-2025 •Best Employers for Women | Forbes Magazine | 2020 OSF HealthCare is an Equal Opportunity Employer (EOE). By engaging with this page, you acknowledge and agree to follow our social media terms of use, which you can find here: https://www.osfhealthcare.org/patients-visitors/terms-conditions/social-terms

OSF HealthCare A.I CyberSecurity Scoring

OSF HealthCare

Company Details

Linkedin ID:

osf-healthcare

Employees number:

12,123

Number of followers:

44,750

NAICS:

62

Industry Type:

Hospitals and Health Care

Homepage:

osfhealthcare.org

IP Addresses:

75

Company ID:

OSF_3380408

Scan Status:

Completed

AI scoreOSF HealthCare Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/osf-healthcare.jpeg
OSF HealthCare Hospitals and Health Care
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreOSF HealthCare Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/osf-healthcare.jpeg
OSF HealthCare Hospitals and Health Care
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

OSF HealthCare Company CyberSecurity News & History

Past Incidents
3
Attack Types
3
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
OSF HealthCareBreach8549/2025Cerner CorporationCerner Corporation
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Cybersecurity Incident at OSF HealthCare Exposes Patient Data via Former Vendor Cerner OSF HealthCare disclosed a cybersecurity incident involving its former electronic health record (EHR) vendor, Cerner, which may have exposed sensitive patient information. The breach, detected in September, stemmed from unauthorized access to legacy Cerner systems as early as January 2024. While OSF confirmed the incident did not affect its own systems or hospital operations, it impacted multiple healthcare facilities, though only patients of OSF Saint Clare Medical Center in Princeton were formally notified. Cerner, which no longer provides services to OSF, identified the breach and launched an investigation, securing the compromised systems and engaging external cybersecurity experts. Law enforcement requested a delay in notifying affected parties to avoid interfering with the probe. OSF began notifying patients in November after Cerner completed a data review, providing a list of individuals whose information may have been accessed. Exposed data includes patient names, Social Security numbers, medical record details (such as diagnoses, medications, test results, and treatment information), and physician names. As a precaution, OSF and Cerner are offering two years of complimentary credit monitoring and identity restoration services to affected patients. The incident highlights broader vulnerabilities in third-party healthcare IT systems, with Cerner confirming the breach extended beyond OSF facilities.

OSF HealthCareRansomware100510/2021NA
Rankiteo Explanation :
Attack threatening the organization's existence

Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.

OSF HealthCareData Leak85305/2021NA
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: OSF HealthCare is committed to protecting the security and privacy of patient information suffered from a data breach incident after an unauthorized party gained access to their systems. The compromised information includes Dates of birth, Social Security numbers, driver's license numbers, state or government identification numbers, codes for diagnoses and treatments, names of the treating physicians, dates of their services, hospital units, prescription information, and medical records numbers, as well as Medicare, Medicaid, or other insurance information, are all examples of patient data. Financial account information, credit or debit card information, or login credentials for an online financial account were also present in the files involved in the incident for a smaller group of patients. They took this incident seriously and took preventive steps.

OSF HealthCare, Cerner and OSF Saint Clare Medical Center: Data breach exposes sensitive patient information across multiple OSF facilities
Breach
Severity: 85
Impact: 4
Seen: 9/2025
Blog:
Supply Chain Source: Cerner CorporationCerner Corporation
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Cybersecurity Incident at OSF HealthCare Exposes Patient Data via Former Vendor Cerner OSF HealthCare disclosed a cybersecurity incident involving its former electronic health record (EHR) vendor, Cerner, which may have exposed sensitive patient information. The breach, detected in September, stemmed from unauthorized access to legacy Cerner systems as early as January 2024. While OSF confirmed the incident did not affect its own systems or hospital operations, it impacted multiple healthcare facilities, though only patients of OSF Saint Clare Medical Center in Princeton were formally notified. Cerner, which no longer provides services to OSF, identified the breach and launched an investigation, securing the compromised systems and engaging external cybersecurity experts. Law enforcement requested a delay in notifying affected parties to avoid interfering with the probe. OSF began notifying patients in November after Cerner completed a data review, providing a list of individuals whose information may have been accessed. Exposed data includes patient names, Social Security numbers, medical record details (such as diagnoses, medications, test results, and treatment information), and physician names. As a precaution, OSF and Cerner are offering two years of complimentary credit monitoring and identity restoration services to affected patients. The incident highlights broader vulnerabilities in third-party healthcare IT systems, with Cerner confirming the breach extended beyond OSF facilities.

OSF HealthCare
Ransomware
Severity: 100
Impact: 5
Seen: 10/2021
Blog:
Supply Chain Source: NA
Rankiteo Explanation
Attack threatening the organization's existence

Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.

OSF HealthCare
Data Leak
Severity: 85
Impact: 3
Seen: 05/2021
Blog:
Supply Chain Source: NA
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: OSF HealthCare is committed to protecting the security and privacy of patient information suffered from a data breach incident after an unauthorized party gained access to their systems. The compromised information includes Dates of birth, Social Security numbers, driver's license numbers, state or government identification numbers, codes for diagnoses and treatments, names of the treating physicians, dates of their services, hospital units, prescription information, and medical records numbers, as well as Medicare, Medicaid, or other insurance information, are all examples of patient data. Financial account information, credit or debit card information, or login credentials for an online financial account were also present in the files involved in the incident for a smaller group of patients. They took this incident seriously and took preventive steps.

Ailogo

OSF HealthCare Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for OSF HealthCare

Incidents vs Hospitals and Health Care Industry Average (This Year)

No incidents recorded for OSF HealthCare in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for OSF HealthCare in 2026.

Incident Types OSF HealthCare vs Hospitals and Health Care Industry Avg (This Year)

No incidents recorded for OSF HealthCare in 2026.

Incident History — OSF HealthCare (X = Date, Y = Severity)

OSF HealthCare cyber incidents detection timeline including parent company and subsidiaries

OSF HealthCare Company Subsidiaries

SubsidiaryImage

OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF employs more than 26,000 Mission Partners across 171 locations; has two colleges of nursing; operates OSF Home Care Services, an extensive network of home health and hospice services; owns Pointcore, Inc., comprised of health care-related businesses; OSF HealthCare Foundation, the philanthropic arm for the organization; and OSF Ventures, which provides investment capital for promising health care innovation startups. In 2020, OSF OnCall was established as a digital health operating unit and includes a hospital-at-home program. OSF OnCall delivers care and services when, where and how patients prefer to receive them. OSF HealthCare has been recognized by Fortune as one of the most innovative companies in the country. OSF consistently earns recognition for showing dedication to the well-being of its Mission Partners: •America’s Best-in-State Employers | Forbes Magazine | 2018-2025 •150 Top Places to Work in Healthcare | Becker’s Healthcare | 2019, 2022-2025 •Best Employers for Women | Forbes Magazine | 2020 OSF HealthCare is an Equal Opportunity Employer (EOE). By engaging with this page, you acknowledge and agree to follow our social media terms of use, which you can find here: https://www.osfhealthcare.org/patients-visitors/terms-conditions/social-terms

Loading...
similarCompanies

OSF HealthCare Similar Companies

Beth Israel Deaconess Medical Center

Beth Israel Deaconess Medical Center (BIDMC) is part of Beth Israel Lahey Health, a new health care system that brings together academic medical centers and teaching hospitals, community and specialty hospitals, more than 4,000 physicians and 35,000 employees in a shared mission to expand access to

Mediclinic

Mediclinic Southern Africa is a private hospital group operating in South Africa and Namibia focused on providing acute care, specialist-orientated, multi-disciplinary hospital services and related service offerings. We place science at the heart of our care process by striving to provide evidence-b

R1 RCM

R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise

Vanderbilt University Medical Center

From specializing in transplants and pediatric cancer to solving undiagnosed diseases, we know solving the most complex problems prepares us to solve any problem. We are committed to excellence in patient care, research, and medical education and training. We thrive on challenges, embrace collaborat

Penn Medicine, University of Pennsylvania Health System

Penn Medicine is a world leader in academic medicine, setting the standard for cutting-edge research, compassionate patient care, and the education of future health care professionals. From founding the nation’s first hospital and medical school to pioneering Nobel Prize-winning mRNA vaccines and li

Children's Hospital of Philadelphia

Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine. The Hospital has fostered medical discoveries and innovations that have improved pediatri

Aster DM Healthcare

From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl

Cardinal Health

Cardinal Health is a distributor of pharmaceuticals and specialty products; a supplier of home-health and direct-to-patient products and services; an operator of nuclear pharmacies and manufacturing facilities; a provider of performance and data solutions; and a global manufacturer and distributor o

UAB Medicine

As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you ar

newsone

OSF HealthCare CyberSecurity News

January 19, 2026 10:12 PM
OSF HealthCare names Sister M. Mikela Meidl as next president

Sister M. Mikela Meidl will be the next president of OSF HealthCare, as part of the transition that includes CEO Bob Sehring's retirement in...

January 19, 2026 09:47 PM
OSF HealthCare announces new president

OSF HealthCare has appointed a new president. According to a release from OSF HealthCare, Sister M. Mikela Meidl replaces current president...

January 02, 2026 08:00 AM
OSF HealthCare Foundation president to retire in April

Tom Hammerton, the president of OSF HealthCare Foundation and chief development officer for OSF HealthCare, will be retiring on April 3,...

January 01, 2026 08:00 AM
OSF HealthCare Saint Francis welcomes 2026’s Baby New Year

OSF HealthCare Saint Francis Medical Center in Peoria welcomed its first babies of 2026, including two baby boys named Emmett and Atlas,...

December 30, 2025 08:00 AM
80 Hospitals May Have Been Affected by the Oracle Health Data Breach

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert about the recently confirmed Oracle data breach.

December 24, 2025 08:00 AM
Data breach exposes sensitive patient information across multiple OSF facilities

OSF Saint Clare Medical Center in Princeton recently notified patients that some of their personal and medical information may have been...

December 24, 2025 08:00 AM
Leadership plan in place for OSF HealthCare

With the recent resignation of Lisa DeKezel, president of OSF HealthCare St. Mary Medical Center in Galesburg and OSF HealthCare Holy Family...

December 03, 2025 10:30 AM
Tata Elxsi, UIUC & OSF HealthCare Team Up to Expand Rural Healthcare Access in the U.S.

"Tata Elxsi, UIUC, and OSF HealthCare join forces to boost rural healthcare access in the U.S. through innovative healthcare technologies such as AI and...

December 02, 2025 08:00 AM
How OSF HealthCare is using RPM to serve maternity deserts

Brandi Clark is vice president for digital care at OSF OnCall, the virtual urgent care service of Peoria, Illinois-based OSF HealthCare.

faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

OSF HealthCare CyberSecurity History Information

Official Website of OSF HealthCare

The official website of OSF HealthCare is http://www.osfhealthcare.org.

OSF HealthCare’s AI-Generated Cybersecurity Score

According to Rankiteo, OSF HealthCare’s AI-generated cybersecurity score is 664, reflecting their Weak security posture.

How many security badges does OSF HealthCare’ have ?

According to Rankiteo, OSF HealthCare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has OSF HealthCare been affected by any supply chain cyber incidents ?

According to Rankiteo, OSF HealthCare has been affected by a supply chain cyber incident involving Cerner Corporation, with the incident ID OSFCEROSF1766606283.

Does OSF HealthCare have SOC 2 Type 1 certification ?

According to Rankiteo, OSF HealthCare is not certified under SOC 2 Type 1.

Does OSF HealthCare have SOC 2 Type 2 certification ?

According to Rankiteo, OSF HealthCare does not hold a SOC 2 Type 2 certification.

Does OSF HealthCare comply with GDPR ?

According to Rankiteo, OSF HealthCare is not listed as GDPR compliant.

Does OSF HealthCare have PCI DSS certification ?

According to Rankiteo, OSF HealthCare does not currently maintain PCI DSS compliance.

Does OSF HealthCare comply with HIPAA ?

According to Rankiteo, OSF HealthCare is not compliant with HIPAA regulations.

Does OSF HealthCare have ISO 27001 certification ?

According to Rankiteo,OSF HealthCare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of OSF HealthCare

OSF HealthCare operates primarily in the Hospitals and Health Care industry.

Number of Employees at OSF HealthCare

OSF HealthCare employs approximately 12,123 people worldwide.

Subsidiaries Owned by OSF HealthCare

OSF HealthCare presently has no subsidiaries across any sectors.

OSF HealthCare’s LinkedIn Followers

OSF HealthCare’s official LinkedIn profile has approximately 44,750 followers.

NAICS Classification of OSF HealthCare

OSF HealthCare is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.

OSF HealthCare’s Presence on Crunchbase

No, OSF HealthCare does not have a profile on Crunchbase.

OSF HealthCare’s Presence on LinkedIn

Yes, OSF HealthCare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/osf-healthcare.

Cybersecurity Incidents Involving OSF HealthCare

As of January 22, 2026, Rankiteo reports that OSF HealthCare has experienced 3 cybersecurity incidents.

Number of Peer and Competitor Companies

OSF HealthCare has an estimated 31,593 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at OSF HealthCare ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach, Ransomware and Data Leak.

How does OSF HealthCare detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian, and remediation measures with complimentary credit monitoring and identity protection services, and incident response plan activated with yes (by cerner), and third party assistance with external cybersecurity specialists, and law enforcement notified with yes, and containment measures with secured affected systems, and communication strategy with delayed patient notification at the request of investigators..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

Title: Data Exfiltration at OSF Healthcare

Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.

Type: Data Breach

Threat Actor: Xing Team

Incident : Data Breach

Title: OSF HealthCare Data Breach

Description: OSF HealthCare suffered from a data breach incident after an unauthorized party gained access to their systems.

Type: Data Breach

Incident : Data Breach

Title: OSF Healthcare Patient Data Breach via Former Vendor Cerner

Description: OSF confirmed that patients' personal and medical information may have been exposed in a breach involving its former electronic health record software vendor, Cerner. An unauthorized third party gained access to legacy Cerner systems, potentially compromising patient data from multiple OSF facilities.

Date Detected: 2023-09

Date Resolved: 2023-11

Type: Data Breach

Attack Vector: Unauthorized third-party access

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Legacy Cerner systems.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach OSF22412822

Data Compromised: Patient names, Contact information, Dates of birth, Social security numbers, Driver’s license numbers, State or government identification numbers, Treatment and diagnosis information and codes, Physician names, Dates of service, Hospital units, Prescription information, Medical record numbers, Medicare, Medicaid or other health insurance information

Incident : Data Breach OSF19491222

Data Compromised: Dates of birth, Social security numbers, Driver's license numbers, State or government identification numbers, Codes for diagnoses and treatments, Names of the treating physicians, Dates of their services, Hospital units, Prescription information, Medical records numbers, Medicare, medicaid, or other insurance information, Financial account information, Credit or debit card information, Login credentials for an online financial account

Incident : Data Breach OSFCEROSF1766606283

Data Compromised: Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images, and details related to care and treatment

Systems Affected: Legacy Cerner systems

Operational Impact: No impact on hospital operations

Identity Theft Risk: High (due to exposure of SSNs and medical records)

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Names, Contact Information, Dates Of Birth, Social Security Numbers, Driver’S License Numbers, State Or Government Identification Numbers, Treatment And Diagnosis Information And Codes, Physician Names, Dates Of Service, Hospital Units, Prescription Information, Medical Record Numbers, Medicare, Medicaid Or Other Health Insurance Information, , Personal Information, Medical Information, Financial Information, , Personal Identifiable Information (Pii), Protected Health Information (Phi) and .

Which entities were affected by each incident ?

Incident : Data Breach OSF22412822

Entity Name: OSF Healthcare

Entity Type: Healthcare

Industry: Healthcare

Location: Illinois

Customers Affected: 53907

Incident : Data Breach OSF19491222

Entity Name: OSF HealthCare

Entity Type: Healthcare

Industry: Healthcare

Incident : Data Breach OSFCEROSF1766606283

Entity Name: OSF Saint Clare Medical Center

Entity Type: Hospital

Industry: Healthcare

Location: Princeton

Customers Affected: Patients of OSF Saint Clare Medical Center and other OSF facilities

Incident : Data Breach OSFCEROSF1766606283

Entity Name: Cerner

Entity Type: Electronic Health Record Vendor

Industry: Healthcare IT

Customers Affected: Multiple healthcare facilities

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach OSF22412822

Third Party Assistance: Experian

Remediation Measures: Complimentary credit monitoring and identity protection services

Incident : Data Breach OSFCEROSF1766606283

Incident Response Plan Activated: Yes (by Cerner)

Third Party Assistance: External cybersecurity specialists

Law Enforcement Notified: Yes

Containment Measures: Secured affected systems

Communication Strategy: Delayed patient notification at the request of investigators

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes (by Cerner).

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through Experian, External cybersecurity specialists.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach OSF22412822

Type of Data Compromised: Patient names, Contact information, Dates of birth, Social security numbers, Driver’s license numbers, State or government identification numbers, Treatment and diagnosis information and codes, Physician names, Dates of service, Hospital units, Prescription information, Medical record numbers, Medicare, Medicaid or other health insurance information

Number of Records Exposed: 53907

Sensitivity of Data: High

Incident : Data Breach OSF19491222

Type of Data Compromised: Personal information, Medical information, Financial information

Sensitivity of Data: High

Incident : Data Breach OSFCEROSF1766606283

Type of Data Compromised: Personal identifiable information (pii), Protected health information (phi)

Sensitivity of Data: High

Personally Identifiable Information: Names, Social Security numbers, medical record numbers, diagnoses, medications, test results, images, and treatment details

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Complimentary credit monitoring and identity protection services, .

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured affected systems.

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach OSFCEROSF1766606283

Regulations Violated: HIPAA,

Lessons Learned and Recommendations

What recommendations were made to prevent future incidents ?

Incident : Data Breach OSFCEROSF1766606283

Recommendations: Offer complimentary credit monitoring and identity restoration services to affected patients

What recommendations has the company implemented to improve cybersecurity ?

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Offer complimentary credit monitoring and identity restoration services to affected patients.

References

Where can I find more information about each incident ?

Incident : Data Breach OSFCEROSF1766606283

Source: Shaw Local News Network

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Shaw Local News Network.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach OSFCEROSF1766606283

Investigation Status: Completed (data review finalized in November 2023)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Delayed patient notification at the request of investigators.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach OSFCEROSF1766606283

Customer Advisories: Notification letters sent to affected patients

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification letters sent to affected patients.

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach OSFCEROSF1766606283

Entry Point: Legacy Cerner systems

Reconnaissance Period: As early as January 2023

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach OSFCEROSF1766606283

Root Causes: Unauthorized third-party access to legacy systems

Corrective Actions: OSF no longer uses Cerner’s services

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian, External cybersecurity specialists.

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: OSF no longer uses Cerner’s services.

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an Xing Team.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2023-09.

What was the most recent incident resolved ?

Most Recent Incident Resolved: The most recent incident resolved was on 2023-11.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were patient names, contact information, dates of birth, Social Security numbers, driver’s license numbers, state or government identification numbers, treatment and diagnosis information and codes, physician names, dates of service, hospital units, prescription information, medical record numbers, Medicare, Medicaid or other health insurance information, , Dates of birth, Social Security numbers, Driver's license numbers, State or government identification numbers, Codes for diagnoses and treatments, Names of the treating physicians, Dates of their services, Hospital units, Prescription information, Medical records numbers, Medicare, Medicaid, or other insurance information, Financial account information, Credit or debit card information, Login credentials for an online financial account, , Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images and and details related to care and treatment.

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian, External cybersecurity specialists.

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Secured affected systems.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were dates of service, Medical records numbers, treatment and diagnosis information and codes, Social Security numbers, dates of birth, Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images, and details related to care and treatment, Dates of their services, Login credentials for an online financial account, Financial account information, contact information, Hospital units, hospital units, Codes for diagnoses and treatments, Dates of birth, Medicare, Medicaid, or other insurance information, prescription information, Driver's license numbers, medical record numbers, Medicare, Medicaid or other health insurance information, Prescription information, State or government identification numbers, Credit or debit card information, state or government identification numbers, patient names, Names of the treating physicians, driver’s license numbers and physician names.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 546.0.

Lessons Learned and Recommendations

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Offer complimentary credit monitoring and identity restoration services to affected patients.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident is Shaw Local News Network.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (data review finalized in November 2023).

Stakeholder and Customer Advisories

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued was an Notification letters sent to affected patients.

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Legacy Cerner systems.

What was the most recent reconnaissance period for an incident ?

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was As early as January 2023.

cve

Latest Global CVEs (Not Company-Specific)

Description

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.

Risk Information
cvss3
Base: 3.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Description

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.

Risk Information
cvss3
Base: 6.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.

Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
Description

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.

Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.

Risk Information
cvss3
Base: 5.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=osf-healthcare' -H 'apikey: YOUR_API_KEY_HERE'

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
Users Love Us Badge