SAMH
Company Details
Linkedin ID:
samh
Website:
Employees number:
461
Number of followers:
17,704
NAICS:
None
Industry Type:
Homepage:
samh.org.uk
IP Addresses:
0
Company ID:
SAM_2627511
Scan Status:
In-progress
SAMH Company CyberSecurity Posture
samh.org.uk
SAMH (Scottish Action for Mental Health) is Scotland's national mental health charity. With one in four of us experiencing a mental health problem each year, the work of SAMH is crucial to Scotland's well-being. We have been working to promote mental health in Scotland since 1923. Our services are built upon our belief that people with mental health problems should be ambitious about their futures. One of the ways we do this is by supporting people into work and in partnership with employers supporting workplace wellbeing initiatives. For more information on working with us please visit www.samh.org.uk or contact us at [email protected]. Thank you.
SAMH A.I CyberSecurity Scoring
SAMH Risk Score (AI oriented)Between 750 and 799
SAMH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SAMH Global Score (TPRM)XXXX
SAMH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SAMH Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
SAMH
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: A Scottish mental health charity SAMH fell victim to a cyber security incident om March 2022. The attack affected its emails and national phone lines which disrupted many operations but the support services were running to ensure support to the affected. The SAMH along with the security experts and Police investigated the incident.
SAMH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SAMH
Incidents vs Non-profit Organization Management Industry Average (This Year)
No incidents recorded for SAMH in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for SAMH in 2025.
Incident Types SAMH vs Non-profit Organization Management Industry Avg (This Year)
No incidents recorded for SAMH in 2025.
Incident History — SAMH (X = Date, Y = Severity)
SAMH cyber incidents detection timeline including parent company and subsidiaries
SAMH Company Subsidiaries
SAMH (Scottish Action for Mental Health) is Scotland's national mental health charity. With one in four of us experiencing a mental health problem each year, the work of SAMH is crucial to Scotland's well-being. We have been working to promote mental health in Scotland since 1923. Our services are built upon our belief that people with mental health problems should be ambitious about their futures. One of the ways we do this is by supporting people into work and in partnership with employers supporting workplace wellbeing initiatives. For more information on working with us please visit www.samh.org.uk or contact us at [email protected]. Thank you.
Loading...
SAMH Similar Companies
Corpo Nacional de Escutas
Official page of CNE - Corpo Nacional de Escutas - Escutismo Católico Português - the National Scout Organization for Portuguese Catholic Scouts. CNE is a non-profit, non-political and non-governmental youth association, aimed at the integral training of young people, based on the method created
.png)
SAMH CyberSecurity News
March 23, 2022 07:00 AM
Large mental health charity hit by ‘sophisticated and criminal’ cyber attack
Police are investigating a cybersecurity attack that has disrupted communications at the Scottish Association for Mental Health (SAMH).
March 22, 2022 08:49 AM
Top Scottish charity compromised by cyber-attack as data is dumped on dark web
Police are investigating a “devastating” and sophisticated cyber-attack at the Scottish Association of Mental Health (SAMH).
March 21, 2022 07:00 AM
Glasgow mental health charity victim of 'sophisticated and criminal cybersecurity attack'
The Scottish Association of Mental Health, known locally as SAMH, are thought to have been targeted on March 18 by hackers infiltrating...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SAMH CyberSecurity History Information
Official Website of SAMH
The official website of SAMH is http://www.samh.org.uk.
SAMH’s AI-Generated Cybersecurity Score
According to Rankiteo, SAMH’s AI-generated cybersecurity score is 752, reflecting their Fair security posture.
How many security badges does SAMH’ have ?
According to Rankiteo, SAMH currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does SAMH have SOC 2 Type 1 certification ?
According to Rankiteo, SAMH is not certified under SOC 2 Type 1.
Does SAMH have SOC 2 Type 2 certification ?
According to Rankiteo, SAMH does not hold a SOC 2 Type 2 certification.
Does SAMH comply with GDPR ?
According to Rankiteo, SAMH is not listed as GDPR compliant.
Does SAMH have PCI DSS certification ?
According to Rankiteo, SAMH does not currently maintain PCI DSS compliance.
Does SAMH comply with HIPAA ?
According to Rankiteo, SAMH is not compliant with HIPAA regulations.
Does SAMH have ISO 27001 certification ?
According to Rankiteo,SAMH is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of SAMH
SAMH operates primarily in the Non-profit Organization Management industry.
Number of Employees at SAMH
SAMH employs approximately 461 people worldwide.
Subsidiaries Owned by SAMH
SAMH presently has no subsidiaries across any sectors.
SAMH’s LinkedIn Followers
SAMH’s official LinkedIn profile has approximately 17,704 followers.
NAICS Classification of SAMH
SAMH is classified under the NAICS code None, which corresponds to Others.
SAMH’s Presence on Crunchbase
No, SAMH does not have a profile on Crunchbase.
SAMH’s Presence on LinkedIn
Yes, SAMH maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/samh.
Cybersecurity Incidents Involving SAMH
As of December 17, 2025, Rankiteo reports that SAMH has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
SAMH has an estimated 5,065 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at SAMH ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does SAMH detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with security experts, and law enforcement notified with police..
Incident Details
Can you provide details on each incident ?
Title: Cyber Security Incident at SAMH
Description: A Scottish mental health charity SAMH fell victim to a cyber security incident in March 2022. The attack affected its emails and national phone lines which disrupted many operations but the support services were running to ensure support to the affected. The SAMH along with the security experts and Police investigated the incident.
Date Detected: March 2022
Type: Cyber Security Incident
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Security Incident SAM14592522
Systems Affected: emailsnational phone lines
Operational Impact: disrupted many operations
Which entities were affected by each incident ?
Incident : Cyber Security Incident SAM14592522
Entity Name: SAMH
Entity Type: Charity
Industry: Mental Health
Location: Scotland
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyber Security Incident SAM14592522
Third Party Assistance: Security Experts.
Law Enforcement Notified: Police,
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through security experts, .
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Security Experts, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on March 2022.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was emailsnational phone lines.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was security experts, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=samh' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
