PHS
Company Details
Linkedin ID:
presbyterian-healthcare-services
Website:
Employees number:
6,623
Number of followers:
36,551
NAICS:
62
Industry Type:
Homepage:
phs.org
IP Addresses:
0
Company ID:
PRE_8639274
Scan Status:
In-progress
Presbyterian Healthcare Services Company CyberSecurity Posture
phs.org
Presbyterian Healthcare Services exists to improve the health of patients, members and the communities we serve. We are a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state’s largest private employer with nearly 14,000 employees – including more than 1,600 providers and nearly 4,700 nurses. Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Turquoise Care) and Commercial health plans.
Presbyterian Healthcare Services A.I CyberSecurity Scoring
PHS Risk Score (AI oriented)Between 700 and 749
PHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PHS Global Score (TPRM)XXXX
PHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PHS Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Presbyterian Healthcare Services
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving Presbyterian Healthcare Services on August 2, 2019. The breach, which occurred on May 9, 2019, involved unauthorized access to employee email accounts potentially exposing patient names, social security numbers, and health information.
Presbyterian Healthcare Services
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to around 183,000 patients and health plan members. The breach allowed access to names, dates of birth, Social Security numbers and other types of information. It happened after a Presbyterian employee responded to a “phishing” scam designed to gain access to private information. The health care provider doesn’t believe any of the information has been used in any way.
PHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Presbyterian Healthcare Services in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Presbyterian Healthcare Services in 2025.
Incident Types PHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Presbyterian Healthcare Services in 2025.
Incident History — PHS (X = Date, Y = Severity)
PHS cyber incidents detection timeline including parent company and subsidiaries
PHS Company Subsidiaries
Presbyterian Healthcare Services exists to improve the health of patients, members and the communities we serve. We are a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state’s largest private employer with nearly 14,000 employees – including more than 1,600 providers and nearly 4,700 nurses. Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Turquoise Care) and Commercial health plans.
Loading...
PHS Similar Companies
NHG Health
NHG Health is a leading public healthcare provider in Singapore recognised for its quality clinical care and its commitment in enabling healthier lives through preventive health, innovative solutions and person-centred programmes tailored to every life stage. Our integrated health system, which span
Mediclinic
Mediclinic Southern Africa is a private hospital group operating in South Africa and Namibia focused on providing acute care, specialist-orientated, multi-disciplinary hospital services and related service offerings. We place science at the heart of our care process by striving to provide evidence-b
Nova Scotia Health Authority
We are Nova Scotia Health. We are rural and urban. We are in hospitals, health centres and community. We serve individuals and communities from Yarmouth to Cape Breton, from Amherst to Halifax, and everything in between. We are researchers and learners, looking for new ways to prevent and treat dis
A Dasa é a maior rede de saúde integrada do Brasil. Faz parte da vida de mais de 20 milhões de pessoas por ano, com alta tecnologia, experiência intuitiva e atitude à frente do tempo. Com mais de 50 mil colaboradores e 250 mil médicos parceiros, existe para ser a saúde que as pessoas desejam e que
Hospital Authority
The Hospital Authority (HA) is a statutory body established under the Hospital Authority Ordinance in 1990. We have been responsible for managing Hong Kong's public hospitals services since December 1991. We are accountable to the Hong Kong Special Administrative Region Government through the Secret
Cardinal Health is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities. With more than 50 years in business, operations in more than 30 countries and approximately 48,00
Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine. The Hospital has fostered medical discoveries and innovations that have improved pediatri
Inova Health
We are Inova, Northern Virginia and the Washington, DC, metropolitan area’s leading nonprofit healthcare provider. With expertise and compassion, we partner with our patients to help them stay healthy. We treat illness, heal injury and look at a patient’s whole health to help them flourish. Through
UC San Diego Health
UC San Diego Health and Health Sciences has been caring for the community and producing physicians for more than 50 years. In 1966, we established our first medical center. Two years later, in 1968, UC San Diego School of Medicine opened for business. Today, UC San Diego Health is the only academic
.png)
PHS CyberSecurity News
November 05, 2025 08:00 AM
This Week’s Health IT Jobs – November 5, 2025
It can be very overwhelming scrolling through job board after job board in search of a position that fits your wants and needs.
October 26, 2025 07:00 AM
Healthcare Data Breach Statistics
The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS)...
June 01, 2025 07:00 AM
Albuquerque Cybersecurity Job Market: Trends and Growth Areas for 2025
Explore the 2025 Albuquerque cybersecurity job market trends, growth areas, education, employers, and career opportunities in New Mexico.
June 01, 2025 07:00 AM
Ranking the Top 10 High-Paying Tech Jobs in Albuquerque in 2025
Albuquerque's tech job market in 2025 is booming with over 1,400 openings, average salaries at $128,883, and top roles like AI specialists,...
April 23, 2025 07:00 AM
Blue Shield of California exposed health data of 4.7M members to Google
Blue Shield of California shared members' private health information with Google for nearly three years, the insurance giant revealed earlier this month.
March 06, 2025 08:00 AM
HIMSS25: Healthcare Needs More Cybersecurity Support in Staffing and Partnerships
After another turbulent year in healthcare cybersecurity, many organizations expect to increase their budgets to strengthen their defenses.
February 27, 2025 08:00 AM
Healthcare Security $65 Billion Market
Ransomware attacks on healthcare organizations are predicted to quadruple by 2020 - Herjavec Group collaborated with Cybersecurity Ventures...
November 13, 2024 08:00 AM
300,000 Patients Impacted By Data Breach
The law firm Thompson Coburn LLP and its client, Presbyterian Healthcare Services (PHS), have become the focus of a class-action lawsuit...
November 12, 2024 08:00 AM
Over 300K Presbyterian Healthcare patients hit by third-party breach
New Mexico-based nonprofit Presbyterian Healthcare Services had 305,088 patients' protected health information stolen after its law firm...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PHS CyberSecurity History Information
Official Website of Presbyterian Healthcare Services
The official website of Presbyterian Healthcare Services is http://www.phs.org/careers.
Presbyterian Healthcare Services’s AI-Generated Cybersecurity Score
According to Rankiteo, Presbyterian Healthcare Services’s AI-generated cybersecurity score is 740, reflecting their Moderate security posture.
How many security badges does Presbyterian Healthcare Services’ have ?
According to Rankiteo, Presbyterian Healthcare Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Presbyterian Healthcare Services have SOC 2 Type 1 certification ?
According to Rankiteo, Presbyterian Healthcare Services is not certified under SOC 2 Type 1.
Does Presbyterian Healthcare Services have SOC 2 Type 2 certification ?
According to Rankiteo, Presbyterian Healthcare Services does not hold a SOC 2 Type 2 certification.
Does Presbyterian Healthcare Services comply with GDPR ?
According to Rankiteo, Presbyterian Healthcare Services is not listed as GDPR compliant.
Does Presbyterian Healthcare Services have PCI DSS certification ?
According to Rankiteo, Presbyterian Healthcare Services does not currently maintain PCI DSS compliance.
Does Presbyterian Healthcare Services comply with HIPAA ?
According to Rankiteo, Presbyterian Healthcare Services is not compliant with HIPAA regulations.
Does Presbyterian Healthcare Services have ISO 27001 certification ?
According to Rankiteo,Presbyterian Healthcare Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Presbyterian Healthcare Services
Presbyterian Healthcare Services operates primarily in the Hospitals and Health Care industry.
Number of Employees at Presbyterian Healthcare Services
Presbyterian Healthcare Services employs approximately 6,623 people worldwide.
Subsidiaries Owned by Presbyterian Healthcare Services
Presbyterian Healthcare Services presently has no subsidiaries across any sectors.
Presbyterian Healthcare Services’s LinkedIn Followers
Presbyterian Healthcare Services’s official LinkedIn profile has approximately 36,551 followers.
NAICS Classification of Presbyterian Healthcare Services
Presbyterian Healthcare Services is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Presbyterian Healthcare Services’s Presence on Crunchbase
No, Presbyterian Healthcare Services does not have a profile on Crunchbase.
Presbyterian Healthcare Services’s Presence on LinkedIn
Yes, Presbyterian Healthcare Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/presbyterian-healthcare-services.
Cybersecurity Incidents Involving Presbyterian Healthcare Services
As of December 21, 2025, Rankiteo reports that Presbyterian Healthcare Services has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Presbyterian Healthcare Services has an estimated 31,363 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Presbyterian Healthcare Services ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
Incident Details
Can you provide details on each incident ?
Title: Presbyterian Healthcare Services Data Breach
Description: Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to around 183,000 patients and health plan members. The breach allowed access to names, dates of birth, Social Security numbers and other types of information. It happened after a Presbyterian employee responded to a 'phishing' scam designed to gain access to private information. The health care provider doesn’t believe any of the information has been used in any way.
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Human
Motivation: Unauthorized Access
Title: Data Breach at Presbyterian Healthcare Services
Description: Unauthorized access to employee email accounts potentially exposing patient names, social security numbers, and health information.
Date Detected: 2019-05-09
Date Publicly Disclosed: 2019-08-02
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach PRE1559423
Data Compromised: Names, Dates of birth, Social security numbers, Other types of information
Incident : Data Breach PRE532072925
Data Compromised: Patient names, Social security numbers, Health information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Dates Of Birth, Social Security Numbers, Other Types Of Information, , Patient Names, Social Security Numbers, Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach PRE1559423
Entity Name: Presbyterian Healthcare Services
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 183000
Incident : Data Breach PRE532072925
Entity Name: Presbyterian Healthcare Services
Entity Type: Healthcare
Industry: Healthcare
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach PRE1559423
Type of Data Compromised: Names, Dates of birth, Social security numbers, Other types of information
Number of Records Exposed: 183000
Sensitivity of Data: High
Incident : Data Breach PRE532072925
Type of Data Compromised: Patient names, Social security numbers, Health information
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach PRE532072925
Source: California Office of the Attorney General
Date Accessed: 2019-08-02
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-08-02.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach PRE1559423
Entry Point: Phishing Email
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach PRE1559423
Root Causes: Employee responded to a phishing scam
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-05-09.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2019-08-02.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Dates of Birth, Social Security numbers, Other types of information, , Patient names, Social security numbers, Health information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Patient names, Names, Health information, Social security numbers, Other types of information, Social Security numbers and Dates of Birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 183.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing Email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.
Risk Information
cvss3
Base: 7.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L104
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L94
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3420841%40ajax-search-for-woocommerce%2Ftrunk&old=3398612%40ajax-search-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=#file136
- https://wordpress.org/plugins/ajax-search-for-woocommerce
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8149103e-105d-401d-8a15-b07d131baaac?source=cve
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/class-functions.php#L41
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-ajax-common.php#L61
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L205
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L2795
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/templates/members.php#L26
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3421362%40ultimate-member%2Ftrunk&old=3408617%40ultimate-member%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/61337d2d-d15a-45f2-b730-fc034eb3cd31?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=presbyterian-healthcare-services' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
