SAH
Company Details
Linkedin ID:
st.-agnes-hospital
Employees number:
1,254
Number of followers:
3,414
NAICS:
62
Industry Type:
Homepage:
ascension.org
IP Addresses:
0
Company ID:
SAI_1500315
Scan Status:
In-progress
Saint Agnes Hospital Company CyberSecurity Posture
ascension.org
For more than 150 years, Ascension Saint Agnes has been dedicated to the art of healing by providing exceptional care to the greater Baltimore area. Built on a strong foundation of excellent medical care and compassion, Ascension Saint Agnes and the physicians who practice here are committed to providing the best care for our patients for many years to come. Ascension Saint Agnes is a 251-bed, full-service teaching hospital with residency programs in a number of medical and surgical specialties. Ascension Saint Agnes is a part of Ascension, a faith-based healthcare organization dedicated to transformation through innovation across the continuum of care. As one of the leading non-profit and Catholic health systems in the U.S., Ascension is committed to delivering compassionate, personalized care to all, with special attention to persons living in poverty and those most vulnerable.
Saint Agnes Hospital A.I CyberSecurity Scoring
SAH Risk Score (AI oriented)Between 750 and 799
SAH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SAH Global Score (TPRM)XXXX
SAH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SAH Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Saint Agnes Medical Center
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On May 2, 2016, Saint Agnes Medical Center fell victim to a **Business Email Compromise (BEC) attack**, leading to a significant **data breach** that exposed sensitive employee information. The incident compromised **W-2 tax forms** of **2,812 employees**, including highly confidential details such as **names, home addresses, salaries, tax withholding data, and Social Security Numbers (SSNs)**. The breach stemmed from a targeted phishing scam, where attackers impersonated a legitimate entity to deceive employees into disclosing payroll-related credentials or redirecting sensitive data. Such exposures pose severe risks, including **identity theft, financial fraud, and long-term reputational harm** to both the affected individuals and the organization. The breach underscored vulnerabilities in email security protocols and the critical need for robust **employee training, multi-factor authentication (MFA), and fraud detection mechanisms** to mitigate similar threats in healthcare institutions, where safeguarding personnel data is paramount.
SAH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SAH
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Saint Agnes Hospital in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Saint Agnes Hospital in 2025.
Incident Types SAH vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Saint Agnes Hospital in 2025.
Incident History — SAH (X = Date, Y = Severity)
SAH cyber incidents detection timeline including parent company and subsidiaries
SAH Company Subsidiaries
For more than 150 years, Ascension Saint Agnes has been dedicated to the art of healing by providing exceptional care to the greater Baltimore area. Built on a strong foundation of excellent medical care and compassion, Ascension Saint Agnes and the physicians who practice here are committed to providing the best care for our patients for many years to come. Ascension Saint Agnes is a 251-bed, full-service teaching hospital with residency programs in a number of medical and surgical specialties. Ascension Saint Agnes is a part of Ascension, a faith-based healthcare organization dedicated to transformation through innovation across the continuum of care. As one of the leading non-profit and Catholic health systems in the U.S., Ascension is committed to delivering compassionate, personalized care to all, with special attention to persons living in poverty and those most vulnerable.
Loading...
SAH Similar Companies
Houston Methodist
Houston Methodist is one of the nation’s leading health systems and academic medical centers. The health system consists of eight hospitals: Houston Methodist Hospital, its flagship academic hospital in the Texas Medical Center, seven community hospitals and one long-term acute care hospital through
NewYork-Presbyterian Hospital
At NewYork-Presbyterian, we put patients first. It’s the kind of work that requires an unwavering commitment to excellence and a steady spirit of professionalism. And it’s a unique opportunity for you to collaborate with some of the brightest minds in health care, while building on our success as on
Aster DM Healthcare
From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl
R1 RCM
R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise
Owens & Minor
Owens & Minor, Inc. (NYSE: OMI) is a Fortune 500 global healthcare solutions company providing essential products and services that support care from the hospital to the home. For over 100 years, Owens & Minor and its affiliated brands, Apria® , Byram®, and HALYARD*, have helped to make each day be
AdventHealth is a connected network of care that helps people feel whole – body, mind and spirit. More than 100,000 team members across a national footprint provide whole-person care to nearly nine million people annually through more than 2,000 care sites that include hospitals, physician practices
Ascension
Answering God's call to bring health, healing and hope to all. Ascension is one of the nation’s leading non-profit and Catholic health systems, with a Mission of delivering compassionate, personalized care to all, with special attention to those most vulnerable. In FY2025, Ascension provided $1.7
Access Healthcare provides business process outsourcing, application services, and robotic process automation tools to hospitals, health systems, providers, payers, and related service providers. We operate from 20 delivery centers across nine cities in the US, India, and the Philippines, and our 2
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 33 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Se
.png)
SAH CyberSecurity News
May 02, 2025 07:00 AM
Ascension discloses multiple third-party data breaches
Ascension Health, a Missouri-based Catholic health system, has disclosed several third-party data breaches in 2025, impacting patients across its network of...
April 29, 2025 07:00 AM
Fond du Lac's St. Agnes Hospital to host First Friday Mass each month, open to the public
The Mass will be held at noon in the hospital's St. Agnes Chapel.
April 07, 2025 07:00 AM
From legacy to leading edge: Taking a holistic approach to medical device security
Fortinet will be hosting a webinar series to address the challenge of securing medical devices for healthcare institutions.
January 12, 2025 08:00 AM
Fresno physician says Saint Agnes has taken away his right to treat his own patients | Opinion
Fresno physician: “Saint Agnes has taken away my right to care for my own patients admitted to the hospital.”
January 06, 2025 08:00 AM
Doctors sue Fresno hospital over staffing shakeup they say could ‘disrupt’ patient care
A group of Fresno doctors wants to stop St. Agnes Medical Center from entering into an exclusive contract with a national staffing firm.
July 29, 2024 07:00 AM
Mangaluru: St Agnes College conducts seminar on 'Aerodynamiks & Cyber security'
Media Release. Mangaluru, Jul 29: A seminar on “Aerodynamiks and Cyber security” was organized by St Agnes College (Autonomous),...
July 19, 2024 07:00 AM
Valley medical groups impacted by global outage
A global tech outage impacted hospitals and emergency services across the nation late Thursday night into Friday morning.
July 19, 2024 07:00 AM
Maryland companies, agencies provide updates on global IT outage
The global technology blunder is just as widespread in the state of Maryland. The corrupt update forced offices to close and even postponed...
July 18, 2024 05:34 PM
Ascension hospitals make progress in ransomware attack recovery
UPDATE 6/20/2024 -- As of June 14, Ascension had restored EHR access across the organization. Patients also now have access to patient portals,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SAH CyberSecurity History Information
Official Website of Saint Agnes Hospital
The official website of Saint Agnes Hospital is https://healthcare.ascension.org/.
Saint Agnes Hospital’s AI-Generated Cybersecurity Score
According to Rankiteo, Saint Agnes Hospital’s AI-generated cybersecurity score is 759, reflecting their Fair security posture.
How many security badges does Saint Agnes Hospital’ have ?
According to Rankiteo, Saint Agnes Hospital currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Saint Agnes Hospital have SOC 2 Type 1 certification ?
According to Rankiteo, Saint Agnes Hospital is not certified under SOC 2 Type 1.
Does Saint Agnes Hospital have SOC 2 Type 2 certification ?
According to Rankiteo, Saint Agnes Hospital does not hold a SOC 2 Type 2 certification.
Does Saint Agnes Hospital comply with GDPR ?
According to Rankiteo, Saint Agnes Hospital is not listed as GDPR compliant.
Does Saint Agnes Hospital have PCI DSS certification ?
According to Rankiteo, Saint Agnes Hospital does not currently maintain PCI DSS compliance.
Does Saint Agnes Hospital comply with HIPAA ?
According to Rankiteo, Saint Agnes Hospital is not compliant with HIPAA regulations.
Does Saint Agnes Hospital have ISO 27001 certification ?
According to Rankiteo,Saint Agnes Hospital is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Saint Agnes Hospital
Saint Agnes Hospital operates primarily in the Hospitals and Health Care industry.
Number of Employees at Saint Agnes Hospital
Saint Agnes Hospital employs approximately 1,254 people worldwide.
Subsidiaries Owned by Saint Agnes Hospital
Saint Agnes Hospital presently has no subsidiaries across any sectors.
Saint Agnes Hospital’s LinkedIn Followers
Saint Agnes Hospital’s official LinkedIn profile has approximately 3,414 followers.
NAICS Classification of Saint Agnes Hospital
Saint Agnes Hospital is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Saint Agnes Hospital’s Presence on Crunchbase
No, Saint Agnes Hospital does not have a profile on Crunchbase.
Saint Agnes Hospital’s Presence on LinkedIn
Yes, Saint Agnes Hospital maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/st.-agnes-hospital.
Cybersecurity Incidents Involving Saint Agnes Hospital
As of December 26, 2025, Rankiteo reports that Saint Agnes Hospital has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Saint Agnes Hospital has an estimated 31,365 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Saint Agnes Hospital ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Saint Agnes Medical Center Data Breach (2016)
Description: The California Office of the Attorney General reported that Saint Agnes Medical Center experienced a data breach on May 2, 2016, affecting 2,812 employees. The breach resulted from a Business Email Compromise (BEC) attack that compromised W-2 data, including names, addresses, salaries, withholding information, and Social Security Numbers.
Date Detected: 2016-05-02
Type: Data Breach
Attack Vector: Business Email Compromise (BEC)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ST.024091825
Data Compromised: W-2 data (names, addresses, salaries, withholding information, social security numbers)
Identity Theft Risk: High (SSNs compromised)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Tax/Financial Data and .
Which entities were affected by each incident ?
Incident : Data Breach ST.024091825
Entity Name: Saint Agnes Medical Center
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California, USA
Customers Affected: 2,812 (employees)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ST.024091825
Type of Data Compromised: Personally identifiable information (pii), Tax/financial data
Number of Records Exposed: 2,812
Sensitivity of Data: High
Data Exfiltration: Yes
File Types Exposed: W-2 forms
Personally Identifiable Information: NamesAddressesSalariesWithholding InformationSocial Security Numbers
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ST.024091825
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach ST.024091825
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach ST.024091825
High Value Targets: Employee W-2 Data,
Data Sold on Dark Web: Employee W-2 Data,
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2016-05-02.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were W-2 data (names, addresses, salaries, withholding information, Social Security Numbers) and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were W-2 data (names, addresses, salaries, withholding information and Social Security Numbers).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.8K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=st.-agnes-hospital' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
