R1 RCM
Company Details
Linkedin ID:
r1-rcm
Website:
Employees number:
21,760
Number of followers:
328,585
NAICS:
62
Industry Type:
Homepage:
r1rcm.com
IP Addresses:
0
Company ID:
R1 _3333044
Scan Status:
In-progress
R1 RCM Company CyberSecurity Posture
r1rcm.com
R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise to strengthen the entire revenue cycle. With more than 20 years of experience, R1 partners with 1,000 providers, including 95 of the top 100 U.S. health systems, and handles over 270 million payer transactions annually. This scale provides unmatched operational insight to help healthcare organizations unlock greater long-term value. To learn more, visit: https://www.r1rcm.com.
R1 RCM A.I CyberSecurity Scoring
R1 RCM Risk Score (AI oriented)Between 750 and 799
R1 RCM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
R1 RCM Global Score (TPRM)XXXX
R1 RCM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
R1 RCM Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
R1 RCM
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: R1 RCM Inc., one of the nation’s largest medical debt collection companies, had been hit by a ransomware attack. R1 RCM had to take down its systems. Compromised information included patient registration, insurance, and benefits verification, medical treatment documentation, and bill preparation and collection from patients. The company has access to a wealth of personal, financial, and medical information on tens of millions of patients, including names, dates of birth, Social Security numbers, billing information, and medical diagnostic data.
R1 RCM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for R1 RCM
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for R1 RCM in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for R1 RCM in 2026.
Incident Types R1 RCM vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for R1 RCM in 2026.
Incident History — R1 RCM (X = Date, Y = Severity)
R1 RCM cyber incidents detection timeline including parent company and subsidiaries
R1 RCM Company Subsidiaries
R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise to strengthen the entire revenue cycle. With more than 20 years of experience, R1 partners with 1,000 providers, including 95 of the top 100 U.S. health systems, and handles over 270 million payer transactions annually. This scale provides unmatched operational insight to help healthcare organizations unlock greater long-term value. To learn more, visit: https://www.r1rcm.com.
Loading...
R1 RCM Similar Companies
American Medical Response
American Medical Response, America’s leading provider of medical transportation, has a single mission: making a difference by caring for people in need. AMR solutions include 911 emergency, interfacility transportation, event medical, advanced & basic life support transports and federal disaster res
Michigan Medicine
Michigan Medicine, based in Ann Arbor, Michigan, is part of one of the world’s leading universities. Michigan Medicine is a premier, highly ranked academic medical center and award-winning health care system with state-of-the-art facilities. Our vision is to create the future of health care throu
Every day millions of people feel the impact of our intelligent devices, advanced analytics and artificial intelligence. As a leading global medical technology and digital solutions innovator, GE HealthCare enables clinicians to make faster, more informed decisions through intelligent devices, data
University Hospitals Connor Integrative Health Network
Integrative Medicine (IM) is an approach to healthcare that takes into account the whole person addressing the full range of physical, emotional, mental, social, spiritual, and environmental influences that affect an individual’s health. IM is informed by evidence, makes use of all appropriate thera
RHÖN-KLINIKUM AG
Die RHÖN‐KLINIKUM AG ist einer der größten Gesundheitsdienstleister in Deutschland. Die Kliniken bieten exzellente Medizin mit direkter Anbindung zu Universitäten und Forschungseinrichtungen. An den fünf Standorten Campus Bad Neustadt, Klinikum Frankfurt (Oder), Universitätsklinikum Gießen und Unive
Henry Ford Health
*Job seekers: please be aware of fraudulent job postings and phishing scams via LinkedIn. Henry Ford Health only contacts applicants through our human resources department and via a corporate email address. Here are some tips to be aware of: http://ow.ly/Kc0o50EKory Serving communities across Mic
Cardinal Health
Cardinal Health is a distributor of pharmaceuticals and specialty products; a supplier of home-health and direct-to-patient products and services; an operator of nuclear pharmacies and manufacturing facilities; a provider of performance and data solutions; and a global manufacturer and distributor o
Beginning with a single community in 1981, Sunrise Senior Living has grown to more than 270 communities throughout the U.S. and Canada. Each of our communities continues the mission laid out by founders Paul and Terry Klaassen more than 40 years ago: to champion quality of life for all seniors. Jo
Beth Israel Lahey Health
Beth Israel Lahey Health is a new, integrated system providing patients with better care wherever they are. Care informed by world-class research and education. We are doctors and nurses, technicians and social workers, innovators and educators, and so many others. All with a shared vision for what
.png)
R1 RCM CyberSecurity News
September 12, 2025 07:00 AM
R1 RCM & Dignity Health to Pay $675,000 to Settle Data Breach Lawsuit
A $675000 settlement has been agreed upon to resolve a class action data breach lawsuit against R1 RCM Inc., a revenue cycle management...
June 02, 2025 07:00 AM
Cybersecurity firm continues real estate growth, buys Sunnyvale building at a discount
Fortinet expands real estate, buying two Sunnyvale offices at a discount as part of its global property acquisition strategy.
January 27, 2025 08:00 AM
U.S. Revenue Cycle Management Market Report 2025: A $272.78
Dublin, Jan. 27, 2025 (GLOBE NEWSWIRE) -- The.
January 23, 2025 08:00 AM
Healthcare IT Faces Disruption and Innovation Challenges as GOP Budget Cuts Loom: Insights From Black Book Weekly Survey
As Federal Budget Cuts Threaten Healthcare Systems, RCM Vendors and Providers Strategize for Resilience.
August 01, 2024 07:00 AM
R1 RCM to Be Acquired by TowerBrook and CD&R for $8.9B
R1 RCM was acquired by investment funds affiliated with TowerBrook Capital Partners and Clayton, Dubilier & Rice (CD&R) for $8.9B in...
August 01, 2024 07:00 AM
R1 RCM to Go Private in Deal With TowerBrook, CD&R
R1 RCM has agreed to be taken private in a deal that values the healthcare revenue-cycle-management company at about $8.9 billion.
July 02, 2024 07:00 AM
New Mountain Goes Solo in Pursuit of R1 RCM Buyout
Private-equity firm New Mountain Capital plans to pursue a buyout of R1 RCM after failing to reach an agreement on a joint takeover of the revenue-cycle-...
March 19, 2024 07:00 AM
R1 RCM Tells Two Top Holders to End Buyout Talks
R1 RCM has told its two biggest shareholders to end talks on a buyout of the healthcare revenue-cycle-management provider.
February 27, 2024 08:00 AM
Change Healthcare clicked the wrong link
Good morning,. I hope everyone is having a great time at ViVE! I couldn't make it this year, but you guys better be Vive'ing in my stead.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
R1 RCM CyberSecurity History Information
Official Website of R1 RCM
The official website of R1 RCM is http://www.r1rcm.com.
R1 RCM’s AI-Generated Cybersecurity Score
According to Rankiteo, R1 RCM’s AI-generated cybersecurity score is 766, reflecting their Fair security posture.
How many security badges does R1 RCM’ have ?
According to Rankiteo, R1 RCM currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has R1 RCM been affected by any supply chain cyber incidents ?
According to Rankiteo, R1 RCM has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does R1 RCM have SOC 2 Type 1 certification ?
According to Rankiteo, R1 RCM is not certified under SOC 2 Type 1.
Does R1 RCM have SOC 2 Type 2 certification ?
According to Rankiteo, R1 RCM does not hold a SOC 2 Type 2 certification.
Does R1 RCM comply with GDPR ?
According to Rankiteo, R1 RCM is not listed as GDPR compliant.
Does R1 RCM have PCI DSS certification ?
According to Rankiteo, R1 RCM does not currently maintain PCI DSS compliance.
Does R1 RCM comply with HIPAA ?
According to Rankiteo, R1 RCM is not compliant with HIPAA regulations.
Does R1 RCM have ISO 27001 certification ?
According to Rankiteo,R1 RCM is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of R1 RCM
R1 RCM operates primarily in the Hospitals and Health Care industry.
Number of Employees at R1 RCM
R1 RCM employs approximately 21,760 people worldwide.
Subsidiaries Owned by R1 RCM
R1 RCM presently has no subsidiaries across any sectors.
R1 RCM’s LinkedIn Followers
R1 RCM’s official LinkedIn profile has approximately 328,585 followers.
NAICS Classification of R1 RCM
R1 RCM is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
R1 RCM’s Presence on Crunchbase
No, R1 RCM does not have a profile on Crunchbase.
R1 RCM’s Presence on LinkedIn
Yes, R1 RCM maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/r1-rcm.
Cybersecurity Incidents Involving R1 RCM
As of January 21, 2026, Rankiteo reports that R1 RCM has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
R1 RCM has an estimated 31,578 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at R1 RCM ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on R1 RCM Inc.
Description: R1 RCM Inc., one of the nation’s largest medical debt collection companies, had been hit by a ransomware attack. The company had to take down its systems. Compromised information included patient registration, insurance, and benefits verification, medical treatment documentation, and bill preparation and collection from patients. The company has access to a wealth of personal, financial, and medical information on tens of millions of patients, including names, dates of birth, Social Security numbers, billing information, and medical diagnostic data.
Type: Ransomware Attack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware Attack R1R145229123
Data Compromised: Patient registration, Insurance, Benefits verification, Medical treatment documentation, Bill preparation and collection
Downtime: The company had to take down its systems
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal, Financial, Medical and .
Which entities were affected by each incident ?
Incident : Ransomware Attack R1R145229123
Entity Name: R1 RCM Inc.
Entity Type: Medical Debt Collection Company
Industry: Healthcare
Size: Large
Customers Affected: tens of millions of patients
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack R1R145229123
Type of Data Compromised: Personal, Financial, Medical
Sensitivity of Data: High
Personally Identifiable Information: namesdates of birthSocial Security numbersbilling informationmedical diagnostic data
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient registration, insurance, benefits verification, medical treatment documentation, bill preparation and collection and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were medical treatment documentation, patient registration, bill preparation and collection, insurance and benefits verification.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=r1-rcm' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
