UAB Medicine
Company Details
Linkedin ID:
uab-medicine
Website:
Employees number:
10,600
Number of followers:
45,506
NAICS:
62
Industry Type:
Homepage:
uabmedicine.org
IP Addresses:
0
Company ID:
UAB_2048302
Scan Status:
In-progress
UAB Medicine Company CyberSecurity Posture
uabmedicine.org
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you are a part of UAB Medicine, you change the world - starting with you. What happens here? • 1,100+ patient bed facility caring for 60,000+ each year • Level I Trauma Center and an ER the size of a football field • 9 speciality Intensive Care Units, including a Level IV Regional Neonatal ICU • Alabama’s first Comprehensive Stroke Center • First Magnet Hospital in Alabama and the only one in our state Why work at UAB Medicine? • Excellent benefits package: 100% tuition assistance, paid parental leave for moms and dads, professional development opportunities • Named among the “150 Best Places to Work in Healthcare” and "100 Great Hospitals in America" by Becker's Hospital Review • Ranked among the best by U.S. News & World Report year after year • Rated in the top 25 by Forbes for “Best Midsized Employer” Our website is a great career resource- be sure to check it out! www.uabmedicine.org/careers
UAB Medicine A.I CyberSecurity Scoring
UAB Medicine Risk Score (AI oriented)Between 750 and 799
UAB Medicine
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UAB Medicine Global Score (TPRM)XXXX
UAB Medicine
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UAB Medicine Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
UAB Medicine
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Hackers gained access to some UAB Medicine employee email accounts exposing the protected health information of 20,000 patients. UAB Medicine notified the affected patients that their information could have potentially been seen by the hackers. The information that hackers may have seen could include the patient's name along with one or more of the following pieces of information: medical record number, birth date, dates of service, location of service, diagnosis and treatment information. The hackers sent an email designed to look like an authentic business survey from an executive.
UAB Medicine Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UAB Medicine
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UAB Medicine in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UAB Medicine in 2025.
Incident Types UAB Medicine vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UAB Medicine in 2025.
Incident History — UAB Medicine (X = Date, Y = Severity)
UAB Medicine cyber incidents detection timeline including parent company and subsidiaries
UAB Medicine Company Subsidiaries
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you are a part of UAB Medicine, you change the world - starting with you. What happens here? • 1,100+ patient bed facility caring for 60,000+ each year • Level I Trauma Center and an ER the size of a football field • 9 speciality Intensive Care Units, including a Level IV Regional Neonatal ICU • Alabama’s first Comprehensive Stroke Center • First Magnet Hospital in Alabama and the only one in our state Why work at UAB Medicine? • Excellent benefits package: 100% tuition assistance, paid parental leave for moms and dads, professional development opportunities • Named among the “150 Best Places to Work in Healthcare” and "100 Great Hospitals in America" by Becker's Hospital Review • Ranked among the best by U.S. News & World Report year after year • Rated in the top 25 by Forbes for “Best Midsized Employer” Our website is a great career resource- be sure to check it out! www.uabmedicine.org/careers
Loading...
UAB Medicine Similar Companies
Labcorp
Clear and confident health care decisions begin with questions. At Labcorp, we’re constantly in pursuit of answers. As a global leader of innovative and comprehensive laboratory services, we help doctors, hospitals, pharmaceutical companies, researchers and patients make clear and confident decisi
BJC Health System
BJC Health System is one of the largest nonprofit health care organizations in the United States and the largest in the state of Missouri, serving urban, suburban, and rural communities across Missouri, southern Illinois, eastern Kansas, and the greater Midwest region. One of the largest employers i
Lehigh Valley Health Network
Lehigh Valley Health Network (LVHN) is proudly part of Jefferson Health, forming a leading integrated academic health care delivery system. With 65,000 colleagues, 32 hospitals and over 700 sites of care across the Lehigh Valley, northeastern Pennsylvania, Delaware Valley and southern New Jersey. L
UC San Diego Health
UC San Diego Health and Health Sciences has been caring for the community and producing physicians for more than 50 years. In 1966, we established our first medical center. Two years later, in 1968, UC San Diego School of Medicine opened for business. Today, UC San Diego Health is the only academic
HCA Healthcare is dedicated to giving people a healthier tomorrow. As one of the nation’s leading providers of healthcare services, HCA Healthcare is comprised of 188 hospitals and 2,400+ sites of care in 20 states and the United Kingdom. In addition to hospitals, sites of care include surgery cen
UHS
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance, growing since its inception into a Fortune 300 corporation. Headquartered in King of Prussia, PA, U
UnitedHealth Group
UnitedHealth Group is a health care and well-being company with a mission to help people live healthier lives and help make the health system work better for everyone. We are 340,000 colleagues in two distinct and complementary businesses working to help build a modern, high-performing health syste
Oregon Health & Science University
At OHSU, we deliver breakthroughs for better health. We're driven by the belief that better health starts with innovations in the lab, in the classroom, at the bedside and in our communities. From cancer to Alzheimer's to cardiovascular care, we collaborate every day to identify and deliver new wa
University of Maryland Medical System
The University of Maryland Medical System (UMMS) was created in 1984 when the state-owned University Hospital became a private, nonprofit organization. It has evolved into a multi-hospital system with academic, community and specialty service missions reaching every part of the state and beyond. UM
.png)
UAB Medicine CyberSecurity News
November 05, 2025 04:47 PM
UAB students and alumni receive Dones TIC 2025 Awards
Aimara Ventoso, Yolanda Lupiáñez, Lucía Pallarés and Sílvia Sanvicente, students and alumni of the UAB School of Engineering, and Marina Sánchez...
September 22, 2025 07:00 AM
Two UAB computer science students win first place in cybersecurity division of a national hackathon
Williams Beaumont and Hunter ForsytheTwo students from the University of Alabama at Birmingham's Department of Computer Science competed...
August 29, 2025 07:00 AM
HHS-OIG Imposes Three Penalties for EMTALA Violations
The Department of Health and Human Services Office of Inspector General (HHS-OIG) has agreed to settle alleged violations of the Emergency...
August 08, 2025 07:00 AM
UAB Radiology names Mossa-Basha as chair
The University of Alabama at Birmingham (UAB) Heersink School of Medicine has named neuroradiologist Mahmud Mossa-Basha, MD, chair of UAB...
June 11, 2025 07:00 AM
UAB Health System acquires Cotton Exchange property for future expansion in Cullman
The University of Alabama System's Board of Trustees convened on June 5, 2025, to discuss significant developments in health and education...
May 01, 2025 07:00 AM
Excellence in tech: Two computer science master’s programs earn Fortune top 10 rankings
Two prestigious master's programs in the University of Alabama at Birmingham's College of Arts and Sciences have earned top 10 national...
March 24, 2025 07:00 AM
UAB cyber expert warns 23andMe users to delete data
With 23 and Me filing for bankruptcy protection, the head of UAB's Center for Cybersecurity suggests that if the DNA testing company has...
March 20, 2025 07:00 AM
Cybersecurity dangers of sharenting and how to protect your child
Sharenting refers to the practice of parents' oversharing their children's lives online. While it can be a way to celebrate milestones, connect with loved ones...
February 18, 2025 12:26 AM
Experts | UAB News
Academic Medical Center operations; State of affairs in medicine and science in the southeast; Rural health and health careations; Training and mentoring...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UAB Medicine CyberSecurity History Information
Official Website of UAB Medicine
The official website of UAB Medicine is http://www.uabmedicine.org.
UAB Medicine’s AI-Generated Cybersecurity Score
According to Rankiteo, UAB Medicine’s AI-generated cybersecurity score is 762, reflecting their Fair security posture.
How many security badges does UAB Medicine’ have ?
According to Rankiteo, UAB Medicine currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UAB Medicine have SOC 2 Type 1 certification ?
According to Rankiteo, UAB Medicine is not certified under SOC 2 Type 1.
Does UAB Medicine have SOC 2 Type 2 certification ?
According to Rankiteo, UAB Medicine does not hold a SOC 2 Type 2 certification.
Does UAB Medicine comply with GDPR ?
According to Rankiteo, UAB Medicine is not listed as GDPR compliant.
Does UAB Medicine have PCI DSS certification ?
According to Rankiteo, UAB Medicine does not currently maintain PCI DSS compliance.
Does UAB Medicine comply with HIPAA ?
According to Rankiteo, UAB Medicine is not compliant with HIPAA regulations.
Does UAB Medicine have ISO 27001 certification ?
According to Rankiteo,UAB Medicine is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UAB Medicine
UAB Medicine operates primarily in the Hospitals and Health Care industry.
Number of Employees at UAB Medicine
UAB Medicine employs approximately 10,600 people worldwide.
Subsidiaries Owned by UAB Medicine
UAB Medicine presently has no subsidiaries across any sectors.
UAB Medicine’s LinkedIn Followers
UAB Medicine’s official LinkedIn profile has approximately 45,506 followers.
NAICS Classification of UAB Medicine
UAB Medicine is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UAB Medicine’s Presence on Crunchbase
No, UAB Medicine does not have a profile on Crunchbase.
UAB Medicine’s Presence on LinkedIn
Yes, UAB Medicine maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/uab-medicine.
Cybersecurity Incidents Involving UAB Medicine
As of November 27, 2025, Rankiteo reports that UAB Medicine has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
UAB Medicine has an estimated 29,990 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UAB Medicine ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does UAB Medicine detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified affected patients..
Incident Details
Can you provide details on each incident ?
Title: UAB Medicine Email Account Breach
Description: Hackers gained access to some UAB Medicine employee email accounts exposing the protected health information of 20,000 patients.
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Human
Threat Actor: Unknown Hackers
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UAB71515423
Data Compromised: Protected health information
Systems Affected: Email Accounts
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Name, Medical Record Number, Birth Date, Dates Of Service, Location Of Service, Diagnosis And Treatment Information and .
Which entities were affected by each incident ?
Incident : Data Breach UAB71515423
Entity Name: UAB Medicine
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 20000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UAB71515423
Communication Strategy: Notified affected patients
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UAB71515423
Type of Data Compromised: Patient name, Medical record number, Birth date, Dates of service, Location of service, Diagnosis and treatment information
Number of Records Exposed: 20000
Sensitivity of Data: High
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified affected patients.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach UAB71515423
Customer Advisories: Notified affected patients that their information could have potentially been seen by the hackers.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notified affected patients that their information could have potentially been seen by the hackers..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UAB71515423
Entry Point: Email
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown Hackers.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Protected Health Information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Email Accounts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Protected Health Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 200.0.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notified affected patients that their information could have potentially been seen by the hackers.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=uab-medicine' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
