OSF HealthCare
Company Details
Linkedin ID:
osf-healthcare
Website:
Employees number:
12,123
Number of followers:
44,750
NAICS:
62
Industry Type:
Homepage:
osfhealthcare.org
IP Addresses:
75
Company ID:
OSF_3380408
Scan Status:
Completed
OSF HealthCare Company CyberSecurity Posture
osfhealthcare.org
OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF employs more than 26,000 Mission Partners across 171 locations; has two colleges of nursing; operates OSF Home Care Services, an extensive network of home health and hospice services; owns Pointcore, Inc., comprised of health care-related businesses; OSF HealthCare Foundation, the philanthropic arm for the organization; and OSF Ventures, which provides investment capital for promising health care innovation startups. In 2020, OSF OnCall was established as a digital health operating unit and includes a hospital-at-home program. OSF OnCall delivers care and services when, where and how patients prefer to receive them. OSF HealthCare has been recognized by Fortune as one of the most innovative companies in the country. OSF consistently earns recognition for showing dedication to the well-being of its Mission Partners: •America’s Best-in-State Employers | Forbes Magazine | 2018-2025 •150 Top Places to Work in Healthcare | Becker’s Healthcare | 2019, 2022-2025 •Best Employers for Women | Forbes Magazine | 2020 OSF HealthCare is an Equal Opportunity Employer (EOE). By engaging with this page, you acknowledge and agree to follow our social media terms of use, which you can find here: https://www.osfhealthcare.org/patients-visitors/terms-conditions/social-terms
OSF HealthCare A.I CyberSecurity Scoring
OSF HealthCare Risk Score (AI oriented)Between 650 and 699
OSF HealthCare
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
OSF HealthCare Global Score (TPRM)XXXX
OSF HealthCare
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
OSF HealthCare Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Cerner CorporationOSF HealthCare, Cerner and OSF Saint Clare Medical Center: Data breach exposes sensitive patient information across multiple OSF facilities
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Cybersecurity Incident at OSF HealthCare Exposes Patient Data via Former Vendor Cerner OSF HealthCare disclosed a cybersecurity incident involving its former electronic health record (EHR) vendor, Cerner, which may have exposed sensitive patient information. The breach, detected in September, stemmed from unauthorized access to legacy Cerner systems as early as January 2024. While OSF confirmed the incident did not affect its own systems or hospital operations, it impacted multiple healthcare facilities, though only patients of OSF Saint Clare Medical Center in Princeton were formally notified. Cerner, which no longer provides services to OSF, identified the breach and launched an investigation, securing the compromised systems and engaging external cybersecurity experts. Law enforcement requested a delay in notifying affected parties to avoid interfering with the probe. OSF began notifying patients in November after Cerner completed a data review, providing a list of individuals whose information may have been accessed. Exposed data includes patient names, Social Security numbers, medical record details (such as diagnoses, medications, test results, and treatment information), and physician names. As a precaution, OSF and Cerner are offering two years of complimentary credit monitoring and identity restoration services to affected patients. The incident highlights broader vulnerabilities in third-party healthcare IT systems, with Cerner confirming the breach extended beyond OSF facilities.
OSF HealthCare
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.
OSF HealthCare
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: OSF HealthCare is committed to protecting the security and privacy of patient information suffered from a data breach incident after an unauthorized party gained access to their systems. The compromised information includes Dates of birth, Social Security numbers, driver's license numbers, state or government identification numbers, codes for diagnoses and treatments, names of the treating physicians, dates of their services, hospital units, prescription information, and medical records numbers, as well as Medicare, Medicaid, or other insurance information, are all examples of patient data. Financial account information, credit or debit card information, or login credentials for an online financial account were also present in the files involved in the incident for a smaller group of patients. They took this incident seriously and took preventive steps.
OSF HealthCare Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for OSF HealthCare
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for OSF HealthCare in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for OSF HealthCare in 2026.
Incident Types OSF HealthCare vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for OSF HealthCare in 2026.
Incident History — OSF HealthCare (X = Date, Y = Severity)
OSF HealthCare cyber incidents detection timeline including parent company and subsidiaries
OSF HealthCare Company Subsidiaries
OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF employs more than 26,000 Mission Partners across 171 locations; has two colleges of nursing; operates OSF Home Care Services, an extensive network of home health and hospice services; owns Pointcore, Inc., comprised of health care-related businesses; OSF HealthCare Foundation, the philanthropic arm for the organization; and OSF Ventures, which provides investment capital for promising health care innovation startups. In 2020, OSF OnCall was established as a digital health operating unit and includes a hospital-at-home program. OSF OnCall delivers care and services when, where and how patients prefer to receive them. OSF HealthCare has been recognized by Fortune as one of the most innovative companies in the country. OSF consistently earns recognition for showing dedication to the well-being of its Mission Partners: •America’s Best-in-State Employers | Forbes Magazine | 2018-2025 •150 Top Places to Work in Healthcare | Becker’s Healthcare | 2019, 2022-2025 •Best Employers for Women | Forbes Magazine | 2020 OSF HealthCare is an Equal Opportunity Employer (EOE). By engaging with this page, you acknowledge and agree to follow our social media terms of use, which you can find here: https://www.osfhealthcare.org/patients-visitors/terms-conditions/social-terms
Loading...
OSF HealthCare Similar Companies
Beth Israel Deaconess Medical Center (BIDMC) is part of Beth Israel Lahey Health, a new health care system that brings together academic medical centers and teaching hospitals, community and specialty hospitals, more than 4,000 physicians and 35,000 employees in a shared mission to expand access to
Mediclinic
Mediclinic Southern Africa is a private hospital group operating in South Africa and Namibia focused on providing acute care, specialist-orientated, multi-disciplinary hospital services and related service offerings. We place science at the heart of our care process by striving to provide evidence-b
R1 RCM
R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise
From specializing in transplants and pediatric cancer to solving undiagnosed diseases, we know solving the most complex problems prepares us to solve any problem. We are committed to excellence in patient care, research, and medical education and training. We thrive on challenges, embrace collaborat
Penn Medicine is a world leader in academic medicine, setting the standard for cutting-edge research, compassionate patient care, and the education of future health care professionals. From founding the nation’s first hospital and medical school to pioneering Nobel Prize-winning mRNA vaccines and li
Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine. The Hospital has fostered medical discoveries and innovations that have improved pediatri
Aster DM Healthcare
From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl
Cardinal Health
Cardinal Health is a distributor of pharmaceuticals and specialty products; a supplier of home-health and direct-to-patient products and services; an operator of nuclear pharmacies and manufacturing facilities; a provider of performance and data solutions; and a global manufacturer and distributor o
UAB Medicine
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you ar
.png)
OSF HealthCare CyberSecurity News
January 19, 2026 10:12 PM
OSF HealthCare names Sister M. Mikela Meidl as next president
Sister M. Mikela Meidl will be the next president of OSF HealthCare, as part of the transition that includes CEO Bob Sehring's retirement in...
January 19, 2026 09:47 PM
OSF HealthCare announces new president
OSF HealthCare has appointed a new president. According to a release from OSF HealthCare, Sister M. Mikela Meidl replaces current president...
January 02, 2026 08:00 AM
OSF HealthCare Foundation president to retire in April
Tom Hammerton, the president of OSF HealthCare Foundation and chief development officer for OSF HealthCare, will be retiring on April 3,...
January 01, 2026 08:00 AM
OSF HealthCare Saint Francis welcomes 2026’s Baby New Year
OSF HealthCare Saint Francis Medical Center in Peoria welcomed its first babies of 2026, including two baby boys named Emmett and Atlas,...
December 30, 2025 08:00 AM
80 Hospitals May Have Been Affected by the Oracle Health Data Breach
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert about the recently confirmed Oracle data breach.
December 24, 2025 08:00 AM
Data breach exposes sensitive patient information across multiple OSF facilities
OSF Saint Clare Medical Center in Princeton recently notified patients that some of their personal and medical information may have been...
December 24, 2025 08:00 AM
Leadership plan in place for OSF HealthCare
With the recent resignation of Lisa DeKezel, president of OSF HealthCare St. Mary Medical Center in Galesburg and OSF HealthCare Holy Family...
December 03, 2025 10:30 AM
Tata Elxsi, UIUC & OSF HealthCare Team Up to Expand Rural Healthcare Access in the U.S.
"Tata Elxsi, UIUC, and OSF HealthCare join forces to boost rural healthcare access in the U.S. through innovative healthcare technologies such as AI and...
December 02, 2025 08:00 AM
How OSF HealthCare is using RPM to serve maternity deserts
Brandi Clark is vice president for digital care at OSF OnCall, the virtual urgent care service of Peoria, Illinois-based OSF HealthCare.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
OSF HealthCare CyberSecurity History Information
Official Website of OSF HealthCare
The official website of OSF HealthCare is http://www.osfhealthcare.org.
OSF HealthCare’s AI-Generated Cybersecurity Score
According to Rankiteo, OSF HealthCare’s AI-generated cybersecurity score is 664, reflecting their Weak security posture.
How many security badges does OSF HealthCare’ have ?
According to Rankiteo, OSF HealthCare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has OSF HealthCare been affected by any supply chain cyber incidents ?
According to Rankiteo, OSF HealthCare has been affected by a supply chain cyber incident involving Cerner Corporation, with the incident ID OSFCEROSF1766606283.
Does OSF HealthCare have SOC 2 Type 1 certification ?
According to Rankiteo, OSF HealthCare is not certified under SOC 2 Type 1.
Does OSF HealthCare have SOC 2 Type 2 certification ?
According to Rankiteo, OSF HealthCare does not hold a SOC 2 Type 2 certification.
Does OSF HealthCare comply with GDPR ?
According to Rankiteo, OSF HealthCare is not listed as GDPR compliant.
Does OSF HealthCare have PCI DSS certification ?
According to Rankiteo, OSF HealthCare does not currently maintain PCI DSS compliance.
Does OSF HealthCare comply with HIPAA ?
According to Rankiteo, OSF HealthCare is not compliant with HIPAA regulations.
Does OSF HealthCare have ISO 27001 certification ?
According to Rankiteo,OSF HealthCare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of OSF HealthCare
OSF HealthCare operates primarily in the Hospitals and Health Care industry.
Number of Employees at OSF HealthCare
OSF HealthCare employs approximately 12,123 people worldwide.
Subsidiaries Owned by OSF HealthCare
OSF HealthCare presently has no subsidiaries across any sectors.
OSF HealthCare’s LinkedIn Followers
OSF HealthCare’s official LinkedIn profile has approximately 44,750 followers.
NAICS Classification of OSF HealthCare
OSF HealthCare is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
OSF HealthCare’s Presence on Crunchbase
No, OSF HealthCare does not have a profile on Crunchbase.
OSF HealthCare’s Presence on LinkedIn
Yes, OSF HealthCare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/osf-healthcare.
Cybersecurity Incidents Involving OSF HealthCare
As of January 22, 2026, Rankiteo reports that OSF HealthCare has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
OSF HealthCare has an estimated 31,593 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at OSF HealthCare ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Ransomware and Data Leak.
How does OSF HealthCare detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian, and remediation measures with complimentary credit monitoring and identity protection services, and incident response plan activated with yes (by cerner), and third party assistance with external cybersecurity specialists, and law enforcement notified with yes, and containment measures with secured affected systems, and communication strategy with delayed patient notification at the request of investigators..
Incident Details
Can you provide details on each incident ?
Title: Data Exfiltration at OSF Healthcare
Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.
Type: Data Breach
Threat Actor: Xing Team
Title: OSF HealthCare Data Breach
Description: OSF HealthCare suffered from a data breach incident after an unauthorized party gained access to their systems.
Type: Data Breach
Title: OSF Healthcare Patient Data Breach via Former Vendor Cerner
Description: OSF confirmed that patients' personal and medical information may have been exposed in a breach involving its former electronic health record software vendor, Cerner. An unauthorized third party gained access to legacy Cerner systems, potentially compromising patient data from multiple OSF facilities.
Date Detected: 2023-09
Date Resolved: 2023-11
Type: Data Breach
Attack Vector: Unauthorized third-party access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Legacy Cerner systems.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach OSF22412822
Data Compromised: Patient names, Contact information, Dates of birth, Social security numbers, Driver’s license numbers, State or government identification numbers, Treatment and diagnosis information and codes, Physician names, Dates of service, Hospital units, Prescription information, Medical record numbers, Medicare, Medicaid or other health insurance information
Incident : Data Breach OSF19491222
Data Compromised: Dates of birth, Social security numbers, Driver's license numbers, State or government identification numbers, Codes for diagnoses and treatments, Names of the treating physicians, Dates of their services, Hospital units, Prescription information, Medical records numbers, Medicare, medicaid, or other insurance information, Financial account information, Credit or debit card information, Login credentials for an online financial account
Incident : Data Breach OSFCEROSF1766606283
Data Compromised: Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images, and details related to care and treatment
Systems Affected: Legacy Cerner systems
Operational Impact: No impact on hospital operations
Identity Theft Risk: High (due to exposure of SSNs and medical records)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Names, Contact Information, Dates Of Birth, Social Security Numbers, Driver’S License Numbers, State Or Government Identification Numbers, Treatment And Diagnosis Information And Codes, Physician Names, Dates Of Service, Hospital Units, Prescription Information, Medical Record Numbers, Medicare, Medicaid Or Other Health Insurance Information, , Personal Information, Medical Information, Financial Information, , Personal Identifiable Information (Pii), Protected Health Information (Phi) and .
Which entities were affected by each incident ?
Incident : Data Breach OSF22412822
Entity Name: OSF Healthcare
Entity Type: Healthcare
Industry: Healthcare
Location: Illinois
Customers Affected: 53907
Incident : Data Breach OSF19491222
Entity Name: OSF HealthCare
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach OSFCEROSF1766606283
Entity Name: OSF Saint Clare Medical Center
Entity Type: Hospital
Industry: Healthcare
Location: Princeton
Customers Affected: Patients of OSF Saint Clare Medical Center and other OSF facilities
Incident : Data Breach OSFCEROSF1766606283
Entity Name: Cerner
Entity Type: Electronic Health Record Vendor
Industry: Healthcare IT
Customers Affected: Multiple healthcare facilities
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach OSF22412822
Third Party Assistance: Experian
Remediation Measures: Complimentary credit monitoring and identity protection services
Incident : Data Breach OSFCEROSF1766606283
Incident Response Plan Activated: Yes (by Cerner)
Third Party Assistance: External cybersecurity specialists
Law Enforcement Notified: Yes
Containment Measures: Secured affected systems
Communication Strategy: Delayed patient notification at the request of investigators
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (by Cerner).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian, External cybersecurity specialists.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach OSF22412822
Type of Data Compromised: Patient names, Contact information, Dates of birth, Social security numbers, Driver’s license numbers, State or government identification numbers, Treatment and diagnosis information and codes, Physician names, Dates of service, Hospital units, Prescription information, Medical record numbers, Medicare, Medicaid or other health insurance information
Number of Records Exposed: 53907
Sensitivity of Data: High
Incident : Data Breach OSF19491222
Type of Data Compromised: Personal information, Medical information, Financial information
Sensitivity of Data: High
Incident : Data Breach OSFCEROSF1766606283
Type of Data Compromised: Personal identifiable information (pii), Protected health information (phi)
Sensitivity of Data: High
Personally Identifiable Information: Names, Social Security numbers, medical record numbers, diagnoses, medications, test results, images, and treatment details
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Complimentary credit monitoring and identity protection services, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured affected systems.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach OSFCEROSF1766606283
Regulations Violated: HIPAA,
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach OSFCEROSF1766606283
Recommendations: Offer complimentary credit monitoring and identity restoration services to affected patients
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Offer complimentary credit monitoring and identity restoration services to affected patients.
References
Where can I find more information about each incident ?
Incident : Data Breach OSFCEROSF1766606283
Source: Shaw Local News Network
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Shaw Local News Network.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach OSFCEROSF1766606283
Investigation Status: Completed (data review finalized in November 2023)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Delayed patient notification at the request of investigators.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach OSFCEROSF1766606283
Customer Advisories: Notification letters sent to affected patients
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification letters sent to affected patients.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach OSFCEROSF1766606283
Entry Point: Legacy Cerner systems
Reconnaissance Period: As early as January 2023
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach OSFCEROSF1766606283
Root Causes: Unauthorized third-party access to legacy systems
Corrective Actions: OSF no longer uses Cerner’s services
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian, External cybersecurity specialists.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: OSF no longer uses Cerner’s services.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Xing Team.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-09.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2023-11.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient names, contact information, dates of birth, Social Security numbers, driver’s license numbers, state or government identification numbers, treatment and diagnosis information and codes, physician names, dates of service, hospital units, prescription information, medical record numbers, Medicare, Medicaid or other health insurance information, , Dates of birth, Social Security numbers, Driver's license numbers, State or government identification numbers, Codes for diagnoses and treatments, Names of the treating physicians, Dates of their services, Hospital units, Prescription information, Medical records numbers, Medicare, Medicaid, or other insurance information, Financial account information, Credit or debit card information, Login credentials for an online financial account, , Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images and and details related to care and treatment.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian, External cybersecurity specialists.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Secured affected systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were dates of service, Medical records numbers, treatment and diagnosis information and codes, Social Security numbers, dates of birth, Patient names, Social Security numbers, medical record numbers, physicians, diagnoses, medications, test results, images, and details related to care and treatment, Dates of their services, Login credentials for an online financial account, Financial account information, contact information, Hospital units, hospital units, Codes for diagnoses and treatments, Dates of birth, Medicare, Medicaid, or other insurance information, prescription information, Driver's license numbers, medical record numbers, Medicare, Medicaid or other health insurance information, Prescription information, State or government identification numbers, Credit or debit card information, state or government identification numbers, patient names, Names of the treating physicians, driver’s license numbers and physician names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 546.0.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Offer complimentary credit monitoring and identity restoration services to affected patients.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Shaw Local News Network.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (data review finalized in November 2023).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notification letters sent to affected patients.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Legacy Cerner systems.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was As early as January 2023.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.
Risk Information
cvss3
Base: 3.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Description
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.
Risk Information
cvss3
Base: 6.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description
Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
Description
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.
Risk Information
cvss3
Base: 5.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References
- https://github.com/controlplaneio-fluxcd/flux-operator/commit/084540424f6de8ba5d88fb1fd1e8472ba29afd7e
- https://github.com/controlplaneio-fluxcd/flux-operator/pull/610
- https://github.com/controlplaneio-fluxcd/flux-operator/releases/tag/v0.40.0
- https://github.com/controlplaneio-fluxcd/flux-operator/security/advisories/GHSA-4xh5-jcj2-ch8q
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=osf-healthcare' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
