Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Outset Medical, Inc.

Outset Medical, Inc. Vendor Cyber Rating & Cyber Score

outsetmedical.com

Outset Medical is changing dialysis – one of the largest, most expensive, and stagnant areas of healthcare. Headquartered in San Jose, California, Outset operates across the United States and manufactures in North America. Our team is innovative, talented, and growing quickly. We are focused on creating change, driving widespread adoption of new technology, and delivering on the promise of an improved experience for patients and lower cost of care for healthcare providers. We are fueled by the opportunity to give people their lives back. When we succeed, patients will be able to fit dialysis into their life instead of fitting their life around dialysis. They will ultimately determine when, where, and how they dialyze.


OMI A.I CyberSecurity Scoring

OMI
Company Information
Website:http://www.outsetmedical.com
Employees number:576
Number of followers:40,040
NAICS:3391
Industry Type:Medical Equipment Manufacturing
Homepage:outsetmedical.com
OMI Risk Score (AI oriented)
Between 650 and 699
logo
OMIMedical Equipment Manufacturing
Updated:
01/05/2026
693/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
OMI Global Score (TPRM)
xxxx
logo
OMIMedical Equipment Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

OMI
OMIWeak
Current Score
693B (WEAK)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
696Before Incident
JUNE 2026
696Before Incident
MAY 2026
693Before Incident
APRIL 2026
755Before Incident
MARCH 2026
692Before Incident
FEBRUARY 2026
691Before Incident
JANUARY 2026
690Before Incident
DECEMBER 2025
689Before Incident
NOVEMBER 2025
688Before Incident
OCTOBER 2025
686Before Incident
SEPTEMBER 2025
685Before Incident
AUGUST 2025
684Before Incident
OCTOBER 2023
755Before Incident
Breach
18 Oct 2023OMI
Reid Health, UMass Memorial Health, Michigan Medicine and Epic Systems Corp.: 'Sham' network accessed 300,000 medical records, including Michigan's

Massive Medical Records Breach Exposes 300,000 Patients, Including Michigan Medicine Patients

647After Incident
CRITICAL-108
OUTEPIMICUMA1777660615
Massive Medical Records Breach Exposes 300,000 Patients, Including Michigan Medicine Patients A sophisticated cyber scheme has compromised nearly 300,000 medical records, including those of 551 Michigan Medicine patients, after a network of fraudulent entities posed as legitimate healthcare providers to access sensitive data. The breach, which occurred between October 18, 2023, and November 12, 2025, was uncovered when Epic Systems Corp. the vendor behind Michigan Medicine’s electronic health records detected unusual activity from third-party companies exploiting a health information exchange. The exposed data included demographic details (names, addresses, dates of birth), clinical information (diagnoses, medications, test results), and health insurance records, though Social Security numbers were not accessed. The breach stemmed from a coordinated effort by entities like Mammoth, RavillaMed, and GuardDog Telehealth, which allegedly used fake websites, shell companies, and fraudulent National Provider Identification (NPI) numbers to deceive healthcare systems into releasing records. Epic filed a lawsuit on January 13, 2026, in the U.S. District Court for the Central District of California, accusing Health Gorilla Inc. a health information network of enabling the scheme. The complaint alleges that Health Gorilla’s network monetized patient data without consent, including selling it to lawyers for class-action recruitment, and inserted false entries into medical records to mask their activities. The lawsuit compares the operation to a Hydra, with new fraudulent entities emerging as others are exposed. Michigan Medicine, along with Trinity Health, Reid Health, UMass Memorial Health, and OCHIN, joined the legal action. An internal review conducted March 12–25, 2026, confirmed unauthorized access to patient records, though the health system assessed the risk of identity or medical theft as low due to the absence of financial or Social Security data. Michigan Medicine has since reported the incident to regulators, is monitoring the lawsuit, and has notified affected patients, advising them to review insurance statements for suspicious activity. Health Gorilla denies the allegations, calling Epic’s lawsuit "misleading and unfounded" and stating it suspended connections with the implicated entities upon discovery. CEO Bob Watson criticized Epic’s response as irresponsible, vowing to defend against the claims. The breach highlights vulnerabilities in health information exchanges, with Epic reporting that additional records from other U.S. providers, including the Department of Veterans Affairs, may have been compromised. The full scope of the incident remains under investigation.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain (monetization of patient data, potential sale to lawyers for class-action recruitment)
IMPACT
Data Compromised: 300,000 medical recordsMichigan Medicine’s electronic health records (Epic Systems)Health Gorilla’s health information networkOperational Impact: Unauthorized access to patient records, potential legal and regulatory consequencesBrand Reputation Impact: High (public lawsuit, patient notifications, regulatory scrutiny)Legal Liabilities: Lawsuit filed by Epic Systems and affected healthcare providersIdentity Theft Risk: Low (Social Security numbers not accessed)
DATA BREACH
Demographic details (names, addresses, dates of birth)Clinical information (diagnoses, medications, test results)Health insurance recordsNumber Of Records Exposed: 300,000Sensitivity Of Data: High (medical and personal health information)Data Exfiltration: Yes (potential sale to lawyers for class-action recruitment)Personally Identifiable Information: Yes (names, addresses, dates of birth, health information)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for OMI ?
?
What was OMI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was OMI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was OMI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was OMI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was OMI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was OMI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was OMI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was OMI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was OMI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was OMI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was OMI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on OMI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with OMI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view OMI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?