SMHS
Company Details
Linkedin ID:
stmarysmaine
Website:
Employees number:
867
Number of followers:
3,627
NAICS:
62
Industry Type:
Homepage:
stmarysmaine.com
IP Addresses:
0
Company ID:
ST._1733385
Scan Status:
In-progress
St. Mary's Health System Company CyberSecurity Posture
stmarysmaine.com
St. Mary’s Health System is a member of Covenant Health in Tewksbury, Massachusetts. It is the parent corporation of: ST. MARY’S REGIONAL MEDICAL CENTER - is comprised of a 233-bed acute care facility, a primary care provider network, urgent care and emergency department, behavioral and mental health services, and outpatient specialty practices that combine talented and compassionate caregivers with state of the art medical technology to meet the healthcare needs in the Androscoggin County area and beyond. ST. MARY’S d’YOUVILLE PAVILION - the state of Maine’s largest nursing home with skilled and nursing services. ST. MARY’S RESIDENCES - has 128 private, non-smoking apartments reserved exclusively for the independent elderly and handicapped. COMMUNITY CLINICAL SERVICES - Federally Qualified Health Centers affiliated with St. Mary's Health System provide primary, specialty and dental services In the Lewiston-Auburn community. St. Mary’s Health System is one of the largest employers in Androscoggin County and the state of Maine.
St. Mary's Health System A.I CyberSecurity Scoring
SMHS Risk Score (AI oriented)Between 650 and 699
SMHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SMHS Global Score (TPRM)XXXX
SMHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SMHS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
St. Mary's Health System: Data breach last year at Central Maine Healthcare affected more than 145,000
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Cybersecurity Breach at Central Maine Healthcare Exposes Over 145,000 Patients’ Data Central Maine Healthcare disclosed a data breach discovered in June 2025, where an unauthorized third party accessed sensitive patient information. The exposed data may have included names, dates of birth, treatment details, and Social Security numbers. The incident affected more than 145,000 individuals approximately 138,000 of them Maine residents making it one of the state’s largest healthcare-related breaches in recent years. The breach occurred at Central Maine Medical Center in Lewiston, with the healthcare system confirming it has notified all impacted patients. This incident follows a separate breach reported earlier this month by St. Mary’s Health System, also based in Lewiston, which initially underestimated the scope of its exposure. The earlier breach, detected last spring, was later revealed to have affected 478,000 people far exceeding the 8,000 initially reported to the Maine Attorney General’s office. Both incidents highlight ongoing vulnerabilities in healthcare data security, with unauthorized access leading to large-scale exposure of personal and medical records. Investigations into the breaches remain ongoing.
SMHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SMHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for St. Mary's Health System in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for St. Mary's Health System in 2026.
Incident Types SMHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for St. Mary's Health System in 2026.
Incident History — SMHS (X = Date, Y = Severity)
SMHS cyber incidents detection timeline including parent company and subsidiaries
SMHS Company Subsidiaries
St. Mary’s Health System is a member of Covenant Health in Tewksbury, Massachusetts. It is the parent corporation of: ST. MARY’S REGIONAL MEDICAL CENTER - is comprised of a 233-bed acute care facility, a primary care provider network, urgent care and emergency department, behavioral and mental health services, and outpatient specialty practices that combine talented and compassionate caregivers with state of the art medical technology to meet the healthcare needs in the Androscoggin County area and beyond. ST. MARY’S d’YOUVILLE PAVILION - the state of Maine’s largest nursing home with skilled and nursing services. ST. MARY’S RESIDENCES - has 128 private, non-smoking apartments reserved exclusively for the independent elderly and handicapped. COMMUNITY CLINICAL SERVICES - Federally Qualified Health Centers affiliated with St. Mary's Health System provide primary, specialty and dental services In the Lewiston-Auburn community. St. Mary’s Health System is one of the largest employers in Androscoggin County and the state of Maine.
Loading...
SMHS Similar Companies
CHRISTUS Health
CHRISTUS Health is a Catholic not-for-profit health care system comprising more than 600 centers, including long-term care facilities, community hospitals, walk-in clinics and health ministries. We are a community of 50,000 Associates, with over 15,000 physicians providing personalized care. Our m
UNC Health
Our mission is to improve the health and well-being of North Carolinians and others whom we serve. We accomplish this by providing leadership and excellence in the interrelated areas of patient care, education and research. UNC Health and its 40,000 teammates, continue to serve as North Carolina’s
Oregon Health & Science University
At OHSU, we deliver breakthroughs for better health. We're driven by the belief that better health starts with innovations in the lab, in the classroom, at the bedside and in our communities. From cancer to Alzheimer's to cardiovascular care, we collaborate every day to identify and deliver new wa
Geisinger
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
Cincinnati Children's
Cincinnati Children’s, a nonprofit academic medical center established in 1883, offers services from well-child care to treatment for the most rare and complex conditions. It is the Department of Pediatrics at the University of Cincinnati College of Medicine and trains more than 600 residents and cl
Elevance Health
Fueled by our bold purpose to improve the health of humanity, we are transforming from a traditional health benefits organization into a lifetime trusted health partner. Our nearly 100,000 associates serve more than 118 million people, at every stage of health. We address a full range of needs wi
Amil
A Amil é uma empresa do setor de saúde que atua no Brasil combinando expertise e liderança para coordenar todos os agentes desse mercado - criando relações sustentáveis para conhecer e atender às necessidades de cada cliente e permitir que ele aproveite o melhor da vida. Diariamente, nos preocupamo
Established in 2011, Access Healthcare remains at the forefront of healthcare management, allowing providers to focus on what matters most – their patients. Our reputation is built on investing in and developing innovative technology allowing us to deliver custom solutions, enhancing the quality and
Northwell Health
Northwell Health is New York State’s largest health care provider and private employer, with 28 hospitals, about 1,000+ outpatient facilities and more than 16,000 affiliated physicians. At Northwell, we focus on cultivating an environment that inspires growth, empowers leadership, and encourages br
.png)
SMHS CyberSecurity News
January 08, 2026 07:41 PM
Covenant Health, Inc. Under Investigation for Data Breach of Over 470,000 Patient Records
Schubert Jonckheer & Kolbe LLP is investigating a data breach that led to unauthorized access to the sensitive information of 478,188...
January 05, 2026 09:57 PM
Covenant Health data breach impacted more than 284K Mainers, far exceeding initial reports
MAINE, USA — Covenant Health, the Massachusetts-based parent company of St. Mary's Health System in Lewiston and St. Joseph Healthcare in...
January 05, 2026 08:00 AM
Covenant Health Ransomware Attack Victim Count Increases by 5,980%
Covenant Health has provided an update on the number of individuals affected by its May 2025 ransomware attack, confirming that at least...
January 02, 2026 08:00 AM
Owner of Lewiston hospital vastly underestimated scope of May data breach
St. Mary's parent Covenant Health initially said fewer than 10000 patients were affected. It now says the data of 478000 people,...
November 26, 2025 08:00 AM
CodeRED Breach Hits St. Mary’s Emergency Alerts
St. Mary's County notifies residents of CodeRED cybersecurity breach exposing names, addresses and passwords in emergency alert system;...
October 31, 2025 07:00 AM
Family Health West hit by cyberattack
On Tuesday morning, Family Health West Hospital in Fruita discovered that it was the target of a cyberattack.
July 14, 2025 07:00 AM
Was your info taken in the Lewiston hospital breach? Here’s what to know
The data breach stems from an incident in late May prompting St. Mary's Health System to take its computer data system offline.
July 09, 2025 07:00 AM
Trump bill will have major impact on health care cybersecurity, experts warn Congress
Witnesses at a Senate hearing Wednesday connected One Big Beautiful Bill provisions to potential cyber issues in the health care sector,...
June 30, 2025 07:00 AM
Both Lewiston hospitals’ systems completely restored after ‘cyber incident’
Both hospitals announced Monday they had fully restored their computer systems in all their hospitals and provider offices.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SMHS CyberSecurity History Information
Official Website of St. Mary's Health System
The official website of St. Mary's Health System is http://www.stmarysmaine.com.
St. Mary's Health System’s AI-Generated Cybersecurity Score
According to Rankiteo, St. Mary's Health System’s AI-generated cybersecurity score is 692, reflecting their Weak security posture.
How many security badges does St. Mary's Health System’ have ?
According to Rankiteo, St. Mary's Health System currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has St. Mary's Health System been affected by any supply chain cyber incidents ?
According to Rankiteo, St. Mary's Health System has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does St. Mary's Health System have SOC 2 Type 1 certification ?
According to Rankiteo, St. Mary's Health System is not certified under SOC 2 Type 1.
Does St. Mary's Health System have SOC 2 Type 2 certification ?
According to Rankiteo, St. Mary's Health System does not hold a SOC 2 Type 2 certification.
Does St. Mary's Health System comply with GDPR ?
According to Rankiteo, St. Mary's Health System is not listed as GDPR compliant.
Does St. Mary's Health System have PCI DSS certification ?
According to Rankiteo, St. Mary's Health System does not currently maintain PCI DSS compliance.
Does St. Mary's Health System comply with HIPAA ?
According to Rankiteo, St. Mary's Health System is not compliant with HIPAA regulations.
Does St. Mary's Health System have ISO 27001 certification ?
According to Rankiteo,St. Mary's Health System is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of St. Mary's Health System
St. Mary's Health System operates primarily in the Hospitals and Health Care industry.
Number of Employees at St. Mary's Health System
St. Mary's Health System employs approximately 867 people worldwide.
Subsidiaries Owned by St. Mary's Health System
St. Mary's Health System presently has no subsidiaries across any sectors.
St. Mary's Health System’s LinkedIn Followers
St. Mary's Health System’s official LinkedIn profile has approximately 3,627 followers.
NAICS Classification of St. Mary's Health System
St. Mary's Health System is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
St. Mary's Health System’s Presence on Crunchbase
Yes, St. Mary's Health System has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/st-mary-s-regional-medical-center.
St. Mary's Health System’s Presence on LinkedIn
Yes, St. Mary's Health System maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/stmarysmaine.
Cybersecurity Incidents Involving St. Mary's Health System
As of January 25, 2026, Rankiteo reports that St. Mary's Health System has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
St. Mary's Health System has an estimated 31,618 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at St. Mary's Health System ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does St. Mary's Health System detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified all patients whose data may have been involved in the incident..
Incident Details
Can you provide details on each incident ?
Title: Central Maine Healthcare Data Breach
Description: An unauthorized third party accessed patient information at Central Maine Healthcare, which may have included names, dates of birth, treatment information, and Social Security numbers. The breach affected more than 145,000 people, including roughly 138,000 Mainers.
Date Detected: 2025-06
Date Publicly Disclosed: 2026-01-14
Type: Data Breach
Threat Actor: Unauthorized third party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach STM1768422816
Data Compromised: Names, dates of birth, treatment information, Social Security numbers
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Dates Of Birth, Treatment Information, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach STM1768422816
Entity Name: Central Maine Healthcare
Entity Type: Healthcare System
Industry: Healthcare
Location: Lewiston, Maine, USA
Customers Affected: 145000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach STM1768422816
Communication Strategy: Notified all patients whose data may have been involved in the incident
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach STM1768422816
Type of Data Compromised: Names, Dates of birth, Treatment information, Social security numbers
Number of Records Exposed: 145000
Sensitivity of Data: High
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach STM1768422816
Regulatory Notifications: Reported to Maine Attorney General's office
References
Where can I find more information about each incident ?
Incident : Data Breach STM1768422816
Source: Central Maine Healthcare
URL: https://www.cmmc.org
Date Accessed: 2026-01-14
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Central Maine HealthcareUrl: https://www.cmmc.orgDate Accessed: 2026-01-14, and Source: Maine PublicDate Accessed: 2026-01-14.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified all patients whose data may have been involved in the incident.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach STM1768422816
Customer Advisories: Notified all patients whose data may have been involved in the incident
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notified all patients whose data may have been involved in the incident.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-06.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2026-01-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, dates of birth, treatment information and Social Security numbers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, dates of birth, treatment information and Social Security numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 145.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Central Maine Healthcare and Maine Public.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cmmc.org .
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notified all patients whose data may have been involved in the incident.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=stmarysmaine' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
