OSF HealthCare
Company Details
Linkedin ID:
osf-healthcare
Website:
Employees number:
11,973
Number of followers:
43,759
NAICS:
62
Industry Type:
Homepage:
osfhealthcare.org
IP Addresses:
75
Company ID:
OSF_3380408
Scan Status:
Completed
OSF HealthCare Company CyberSecurity Posture
osfhealthcare.org
OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF employs more than 26,000 Mission Partners across 171 locations; has two colleges of nursing; operates OSF Home Care Services, an extensive network of home health and hospice services; owns Pointcore, Inc., comprised of health care-related businesses; OSF HealthCare Foundation, the philanthropic arm for the organization; and OSF Ventures, which provides investment capital for promising health care innovation startups. In 2020, OSF OnCall was established as a digital health operating unit and includes a hospital-at-home program. OSF OnCall delivers care and services when, where and how patients prefer to receive them. OSF HealthCare has been recognized by Fortune as one of the most innovative companies in the country. OSF consistently earns recognition for showing dedication to the well-being of its Mission Partners: •America’s Best-in-State Employers | Forbes Magazine | 2018-2025 •150 Top Places to Work in Healthcare | Becker’s Healthcare | 2019, 2022-2025 •Best Employers for Women | Forbes Magazine | 2020 OSF HealthCare is an Equal Opportunity Employer (EOE).
OSF HealthCare A.I CyberSecurity Scoring
OSF HealthCare Risk Score (AI oriented)Between 700 and 749
OSF HealthCare
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
OSF HealthCare Global Score (TPRM)XXXX
OSF HealthCare
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
OSF HealthCare Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
OSF HealthCare
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: OSF HealthCare is committed to protecting the security and privacy of patient information suffered from a data breach incident after an unauthorized party gained access to their systems. The compromised information includes Dates of birth, Social Security numbers, driver's license numbers, state or government identification numbers, codes for diagnoses and treatments, names of the treating physicians, dates of their services, hospital units, prescription information, and medical records numbers, as well as Medicare, Medicaid, or other insurance information, are all examples of patient data. Financial account information, credit or debit card information, or login credentials for an online financial account were also present in the files involved in the incident for a smaller group of patients. They took this incident seriously and took preventive steps.
OSF HealthCare
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.
OSF HealthCare Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for OSF HealthCare
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for OSF HealthCare in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for OSF HealthCare in 2025.
Incident Types OSF HealthCare vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for OSF HealthCare in 2025.
Incident History — OSF HealthCare (X = Date, Y = Severity)
OSF HealthCare cyber incidents detection timeline including parent company and subsidiaries
OSF HealthCare Company Subsidiaries
OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF employs more than 26,000 Mission Partners across 171 locations; has two colleges of nursing; operates OSF Home Care Services, an extensive network of home health and hospice services; owns Pointcore, Inc., comprised of health care-related businesses; OSF HealthCare Foundation, the philanthropic arm for the organization; and OSF Ventures, which provides investment capital for promising health care innovation startups. In 2020, OSF OnCall was established as a digital health operating unit and includes a hospital-at-home program. OSF OnCall delivers care and services when, where and how patients prefer to receive them. OSF HealthCare has been recognized by Fortune as one of the most innovative companies in the country. OSF consistently earns recognition for showing dedication to the well-being of its Mission Partners: •America’s Best-in-State Employers | Forbes Magazine | 2018-2025 •150 Top Places to Work in Healthcare | Becker’s Healthcare | 2019, 2022-2025 •Best Employers for Women | Forbes Magazine | 2020 OSF HealthCare is an Equal Opportunity Employer (EOE).
Loading...
OSF HealthCare Similar Companies
NHS
The NHS was launched in 1948. It was born out of a long-held ideal that good healthcare should be available to all, regardless of wealth – one of the NHS's core principles. With the exception of some charges, such as prescriptions, optical services and dental services, the NHS in England remains
Omega Healthcare Management Services
Founded in 2003, Omega Healthcare Management Services® (Omega Healthcare) empowers healthcare to thrive via intelligent solutions that optimize revenue cycle operations, administrative workflows, care coordination, and clinical research on a global scale. The company works with providers, payers, li
Johns Hopkins Medicine is a governing structure for the University’s School of Medicine and the health system, coordinating their research, teaching, patient care, and related enterprises. The Johns Hopkins Hospital opened in 1889, followed four years later by the university’s School of Medicine
Guided by the needs of our patients and their families, Massachusetts General Hospital aims to deliver the very best health care in a safe, compassionate environment; to advance that care through innovative research and education; and, to improve the health and well-being of the diverse communitie
Encompass Health
Encompass Health is the largest owner and operator of rehabilitation hospitals in the United States. With a national footprint that includes 158 hospitals in 37 states and Puerto Rico, the Company provides high-quality, compassionate rehabilitative care for patients recovering from a major injury or
ELSAN
ELSAN, groupe leader de l’hospitalisation privée en France, compte aujourd’hui plus de 28 000 collaborateurs et 7500 médecins libéraux qui exercent dans les 212 établissements et centres du groupe. Ils prennent en charge plus de 4,8 millions de patients par an. Notre mission : offrir à chac
Hospital Albert Einstein
O nascimento da Sociedade Beneficente Israelita Brasileira Albert Einstein, na década de 50, resultou do compromisso da comunidade judaica em oferecer à população brasileira uma referência em qualidade da prática médica. Mas a Sociedade queria ir além da simples construção de um hospital. E assi
UnitedHealthcare
When it comes to your health, everything matters. That’s why UnitedHealthcare is helping people live healthier lives and making the health system work better for everyone. Our health plans are there for you in moments big and small, delivering a simple experience, affordable coverage, and supportive
Boston Children's Hospital
Boston Children's Hospital is a 404-bed comprehensive center for pediatric health care. As one of the largest pediatric medical centers in the United States, Boston Children's offers a complete range of health care services for children from birth through 21 years of age. (Our services can begin int
.png)
OSF HealthCare CyberSecurity News
October 27, 2025 07:00 AM
How OSF Healthcare navigates hospital at home during shutdown
The health system's hospital-at-home program is in limbo after the CMS waiver expired, with OSF having discharged all patients and...
September 30, 2025 07:00 AM
Why some health systems are betting big on home health
Some health systems are keeping home health services in house to counter rising costs associated with patients staying hospitalized too long...
August 08, 2025 07:00 AM
How OSF HealthCare gained $2.6M through its clinical AI platform
OSF HealthCare has long delivered expert neurovascular care across its 18-hospital system, headquartered in Peoria, Illinois.
July 25, 2025 07:00 AM
OSF HealthCare stacks up the wins with provider data management tech
76% of active, schedulable employed provider profiles are now well-configured, 79% of employed providers are configured with clinical...
June 27, 2025 07:00 AM
OSF Healthcare fights burnout and turnover with talent development platform
The Illinois-based health system has, among many wins, retained 2400 clinicians and staff who, by traditional patterns, it would not have...
December 05, 2024 08:00 AM
Data breaches at health care companies expose more than 15 million records
Data breaches at health care companies Common Spirit, Mass General Brigham, Centra Care, OSF Healthcare and Ascension Healthcare have...
August 16, 2024 07:00 AM
OSF HealthCare returns to its home care roots with PACE
OSF HealthCare is rethinking care for older adults nearly 150 years after the health system set down roots in Peoria, Illinois.
August 13, 2024 07:00 AM
Why U.S. health care cybersecurity laws are better at protecting a corpse's privacy than patients' lives
Two days into a cyberattack on his hospital system, Nate Couture reached the end of his cyber incident plan.
August 09, 2024 07:00 AM
OSF HealthCare mandates genAI training to create an AI-ready workforce
16-hospital health system OSF HealthCare, based in Peoria, Illinois, has put together mandatory education for all 24,000 employees.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
OSF HealthCare CyberSecurity History Information
Official Website of OSF HealthCare
The official website of OSF HealthCare is http://www.osfhealthcare.org.
OSF HealthCare’s AI-Generated Cybersecurity Score
According to Rankiteo, OSF HealthCare’s AI-generated cybersecurity score is 710, reflecting their Moderate security posture.
How many security badges does OSF HealthCare’ have ?
According to Rankiteo, OSF HealthCare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does OSF HealthCare have SOC 2 Type 1 certification ?
According to Rankiteo, OSF HealthCare is not certified under SOC 2 Type 1.
Does OSF HealthCare have SOC 2 Type 2 certification ?
According to Rankiteo, OSF HealthCare does not hold a SOC 2 Type 2 certification.
Does OSF HealthCare comply with GDPR ?
According to Rankiteo, OSF HealthCare is not listed as GDPR compliant.
Does OSF HealthCare have PCI DSS certification ?
According to Rankiteo, OSF HealthCare does not currently maintain PCI DSS compliance.
Does OSF HealthCare comply with HIPAA ?
According to Rankiteo, OSF HealthCare is not compliant with HIPAA regulations.
Does OSF HealthCare have ISO 27001 certification ?
According to Rankiteo,OSF HealthCare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of OSF HealthCare
OSF HealthCare operates primarily in the Hospitals and Health Care industry.
Number of Employees at OSF HealthCare
OSF HealthCare employs approximately 11,973 people worldwide.
Subsidiaries Owned by OSF HealthCare
OSF HealthCare presently has no subsidiaries across any sectors.
OSF HealthCare’s LinkedIn Followers
OSF HealthCare’s official LinkedIn profile has approximately 43,759 followers.
NAICS Classification of OSF HealthCare
OSF HealthCare is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
OSF HealthCare’s Presence on Crunchbase
No, OSF HealthCare does not have a profile on Crunchbase.
OSF HealthCare’s Presence on LinkedIn
Yes, OSF HealthCare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/osf-healthcare.
Cybersecurity Incidents Involving OSF HealthCare
As of November 27, 2025, Rankiteo reports that OSF HealthCare has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
OSF HealthCare has an estimated 29,962 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at OSF HealthCare ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Data Leak.
How does OSF HealthCare detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian, and remediation measures with complimentary credit monitoring and identity protection services..
Incident Details
Can you provide details on each incident ?
Title: Data Exfiltration at OSF Healthcare
Description: OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team. Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients. The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.
Type: Data Breach
Threat Actor: Xing Team
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach OSF22412822
Data Compromised: Patient names, Contact information, Dates of birth, Social security numbers, Driver’s license numbers, State or government identification numbers, Treatment and diagnosis information and codes, Physician names, Dates of service, Hospital units, Prescription information, Medical record numbers, Medicare, Medicaid or other health insurance information
Incident : Data Breach OSF19491222
Data Compromised: Dates of birth, Social security numbers, Driver's license numbers, State or government identification numbers, Codes for diagnoses and treatments, Names of the treating physicians, Dates of their services, Hospital units, Prescription information, Medical records numbers, Medicare, medicaid, or other insurance information, Financial account information, Credit or debit card information, Login credentials for an online financial account
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Names, Contact Information, Dates Of Birth, Social Security Numbers, Driver’S License Numbers, State Or Government Identification Numbers, Treatment And Diagnosis Information And Codes, Physician Names, Dates Of Service, Hospital Units, Prescription Information, Medical Record Numbers, Medicare, Medicaid Or Other Health Insurance Information, , Personal Information, Medical Information, Financial Information and .
Which entities were affected by each incident ?
Incident : Data Breach OSF22412822
Entity Name: OSF Healthcare
Entity Type: Healthcare
Industry: Healthcare
Location: Illinois
Customers Affected: 53907
Incident : Data Breach OSF19491222
Entity Name: OSF HealthCare
Entity Type: Healthcare
Industry: Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach OSF22412822
Third Party Assistance: Experian
Remediation Measures: Complimentary credit monitoring and identity protection services
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach OSF22412822
Type of Data Compromised: Patient names, Contact information, Dates of birth, Social security numbers, Driver’s license numbers, State or government identification numbers, Treatment and diagnosis information and codes, Physician names, Dates of service, Hospital units, Prescription information, Medical record numbers, Medicare, Medicaid or other health insurance information
Number of Records Exposed: 53907
Sensitivity of Data: High
Incident : Data Breach OSF19491222
Type of Data Compromised: Personal information, Medical information, Financial information
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Complimentary credit monitoring and identity protection services, .
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Xing Team.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient names, contact information, dates of birth, Social Security numbers, driver’s license numbers, state or government identification numbers, treatment and diagnosis information and codes, physician names, dates of service, hospital units, prescription information, medical record numbers, Medicare, Medicaid or other health insurance information, , Dates of birth, Social Security numbers, Driver's license numbers, State or government identification numbers, Codes for diagnoses and treatments, Names of the treating physicians, Dates of their services, Hospital units, Prescription information, Medical records numbers, Medicare, Medicaid, or other insurance information, Financial account information, Credit or debit card information, Login credentials for an online financial account and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were hospital units, patient names, medical record numbers, Login credentials for an online financial account, Social Security numbers, prescription information, Hospital units, state or government identification numbers, Prescription information, Medical records numbers, dates of service, Names of the treating physicians, treatment and diagnosis information and codes, dates of birth, Medicaid or other health insurance information, Financial account information, physician names, Medicare, State or government identification numbers, Medicare, Medicaid, or other insurance information, Dates of their services, driver’s license numbers, Driver's license numbers, Dates of birth, Credit or debit card information, Codes for diagnoses and treatments and contact information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 546.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=osf-healthcare' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
