UDH
Company Details
Linkedin ID:
ucdavishealth
Website:
Employees number:
8,995
Number of followers:
69,178
NAICS:
62
Industry Type:
Homepage:
ucdavis.edu
IP Addresses:
0
Company ID:
UC _1153733
Scan Status:
In-progress
UC Davis Health Company CyberSecurity Posture
ucdavis.edu
UC Davis Health is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, interprofessional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 627-bed acute-care teaching hospital, a 1,000-member physician's practice group and the Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neurodevelopmental institute, a stem cell institute, and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all. For more information, visit health.ucdavis.edu. Our social media rules of engagement, https://ucdavis.health/3sDQr1h, apply to all of our social channels.
UC Davis Health A.I CyberSecurity Scoring
UDH Risk Score (AI oriented)Between 700 and 749
UDH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UDH Global Score (TPRM)XXXX
UDH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UDH Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
UC Davis Health System
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported that the University of California Davis Medical Center experienced a data breach on September 25, 2014, involving unauthorized access to an email account of a healthcare provider. The breach potentially affected an unknown number of patients, but specific details on the number of individuals or types of compromised information beyond communication about patients were not provided.
UC Davis Health System
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of California Davis Medical Center experienced a data breach on December 13, 2013, due to an email phishing scam. The breach potentially affected patient information, specifically names, medical record numbers, and clinic visit dates; however, no financial information was compromised. The report was made on February 3, 2014.
UC Davis Health
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving UC Davis Health on July 6, 2017. The breach occurred on May 17, 2017, due to unauthorized access to an employee's email account following a phishing event, potentially exposing patients' names, addresses, and diagnoses.
UC Davis Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that UC Davis Health experienced a data breach on May 24, 2023, where an unauthorized individual accessed an employee's work email account. The exposed information may have included patients' names and health information, but not credit card or PIN numbers. The number of individuals affected is unknown.
UDH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UDH
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UC Davis Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UC Davis Health in 2025.
Incident Types UDH vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UC Davis Health in 2025.
Incident History — UDH (X = Date, Y = Severity)
UDH cyber incidents detection timeline including parent company and subsidiaries
UDH Company Subsidiaries
UC Davis Health is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, interprofessional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 627-bed acute-care teaching hospital, a 1,000-member physician's practice group and the Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neurodevelopmental institute, a stem cell institute, and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all. For more information, visit health.ucdavis.edu. Our social media rules of engagement, https://ucdavis.health/3sDQr1h, apply to all of our social channels.
Loading...
UDH Similar Companies
LUX MED
LUX MED - leader and trustworthy expert We care for the health of the patients professionally and with engagement, we have been developing our business for over 20 years. Today we are the leader and expert on the private healthcare market. We take under our care both individual patients and corpo
Cencora
Cencora, a company building on the legacy of AmerisourceBergen, is a leading global pharmaceutical solutions organization centered on improving the lives of people and animals around the world. We connect manufacturers, providers, and patients to ensure that anyone can get the therapies they need, w
UAB Medicine
As a nationally ranked academic medical center and one of Alabama’s largest employers, UAB Medicine is about teamwork, support, mentorship, and collaboration. Employees are empowered to lead, learn, and innovate as they deliver world-class care to every patient, every family, every time. When you ar
MD Anderson Cancer Center
The University of Texas MD Anderson Cancer Center is one of the world's most respected centers devoted exclusively to cancer patient care, research, education and prevention. MD Anderson provides cancer care at several convenient locations throughout the Greater Houston Area and collaborates with co
Ardent Health is a leading provider of healthcare in communities across the country. With a focus on consumer-friendly processes and investments in innovative services and technologies, Ardent is passionate about making healthcare better and easier to access. Through its subsidiaries, Ardent owns an
Omega Healthcare Management Services
Founded in 2003, Omega Healthcare Management Services® (Omega Healthcare) empowers healthcare to thrive via intelligent solutions that optimize revenue cycle operations, administrative workflows, care coordination, and clinical research on a global scale. The company works with providers, payers, li
Sunrise Senior Living
Beginning with a single community in 1981, Sunrise Senior Living has grown to more than 270 communities throughout the U.S. and Canada. Each of our communities continues the mission laid out by founders Paul and Terry Klaassen more than 40 years ago: to champion quality of life for all seniors. Jo
Stanford Health Care
Stanford Health Care, with multiple facilities throughout the Bay Area, is internationally renowned for leading edge and coordinated care in cancer care, neurosciences, cardiovascular medicine, surgery, organ transplant, medicine specialties, and primary care. Throughout its history, Stanford has be
Sienna Senior Living
At Sienna Senior Living, our Purpose is to cultivate happiness in daily life. Our work does not stop at providing the highest quality of service and care to our residents - it goes much further. Each and every day, we strive to bring happiness into our residents’ lives by enabling our team to put
.png)
UDH CyberSecurity News
October 30, 2025 07:00 AM
UC Davis Chancellor May Names Aisha Jackson as University’s First Chief Information and Digital Strategy Executive
University of California, Davis Chancellor Gary S. May has appointed Aisha Jackson as the university's first chief information and digital...
September 17, 2025 07:00 AM
Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams
Cybersecurity training programs as implemented today by most large companies do little to reduce the risk that employees will fall for...
July 13, 2025 07:00 AM
UC faculty concerned over lack of consultation, privacy on cybersecurity software
This post was updated July 20 at 7:40 p.m.. Following the implementation of a systemwide cybersecurity program, UC faculty said they are...
June 16, 2025 07:00 AM
Getting a Job in Tech in Sacramento in 2024: The Complete Guide
Explore how to get a tech job in Sacramento in 2024 with top companies, salaries, and resources in California's burgeoning tech scene.
May 20, 2025 07:00 AM
UC implements cybersecurity mandate
On May 28, 2025, a new cybersecurity mandate will fully go into effect for all University of California (UC) campuses, with several key requirements for campus...
May 15, 2025 07:00 AM
Womxn Rock IT 2025: Meet the UC women advancing technology
Local WIT chapters nominated individual women and teams of women for their impactful work in Information Technology — from education technology...
April 30, 2025 07:00 AM
Best online courses and certificate programs to master new skills in 2025
Post Wanted called upon industry experts to put together a list of the best online classes and certificate programs of 2025 to learn new...
April 04, 2025 07:00 AM
Action: Cybersecurity Mandate for all UC Davis Faculty, Staff and Student Employees
Dear Colleagues, Cyberattacks are on the rise – and getting more advanced every day. These threats put both the university and your personal...
March 04, 2025 08:00 AM
Preparing for the imminent AI revolution in healthcare: Insights from HIMSS25
Las Vegas, NV — The 2025 HIMSS Global Health Conference & Exhibition commenced yesterday, drawing over 30,000 healthcare professionals to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UDH CyberSecurity History Information
Official Website of UC Davis Health
The official website of UC Davis Health is http://health.ucdavis.edu.
UC Davis Health’s AI-Generated Cybersecurity Score
According to Rankiteo, UC Davis Health’s AI-generated cybersecurity score is 728, reflecting their Moderate security posture.
How many security badges does UC Davis Health’ have ?
According to Rankiteo, UC Davis Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UC Davis Health have SOC 2 Type 1 certification ?
According to Rankiteo, UC Davis Health is not certified under SOC 2 Type 1.
Does UC Davis Health have SOC 2 Type 2 certification ?
According to Rankiteo, UC Davis Health does not hold a SOC 2 Type 2 certification.
Does UC Davis Health comply with GDPR ?
According to Rankiteo, UC Davis Health is not listed as GDPR compliant.
Does UC Davis Health have PCI DSS certification ?
According to Rankiteo, UC Davis Health does not currently maintain PCI DSS compliance.
Does UC Davis Health comply with HIPAA ?
According to Rankiteo, UC Davis Health is not compliant with HIPAA regulations.
Does UC Davis Health have ISO 27001 certification ?
According to Rankiteo,UC Davis Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UC Davis Health
UC Davis Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at UC Davis Health
UC Davis Health employs approximately 8,995 people worldwide.
Subsidiaries Owned by UC Davis Health
UC Davis Health presently has no subsidiaries across any sectors.
UC Davis Health’s LinkedIn Followers
UC Davis Health’s official LinkedIn profile has approximately 69,178 followers.
NAICS Classification of UC Davis Health
UC Davis Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UC Davis Health’s Presence on Crunchbase
No, UC Davis Health does not have a profile on Crunchbase.
UC Davis Health’s Presence on LinkedIn
Yes, UC Davis Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ucdavishealth.
Cybersecurity Incidents Involving UC Davis Health
As of November 28, 2025, Rankiteo reports that UC Davis Health has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
UC Davis Health has an estimated 30,038 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UC Davis Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: UC Davis Health Data Breach
Description: The California Office of the Attorney General reported that UC Davis Health experienced a data breach on May 24, 2023, where an employee's work email account was accessed by an unauthorized individual. Although specific details on the number of individuals affected are UNKN, the exposed information may have included patients' names and health information, but not credit card or PIN numbers.
Date Detected: 2023-05-24
Type: Data Breach
Attack Vector: Email Account Compromise
Threat Actor: Unauthorized Individual
Title: Data Breach at University of California Davis Medical Center
Description: The University of California Davis Medical Center experienced a data breach involving unauthorized access to an email account of a healthcare provider.
Date Detected: 2014-09-25
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Email Account
Title: UC Davis Health Data Breach
Description: The California Office of the Attorney General reported a data breach involving UC Davis Health on July 6, 2017. The breach occurred on May 17, 2017, due to unauthorized access to an employee's email account following a phishing event, potentially exposing patients' names, addresses, and diagnoses.
Date Detected: 2017-05-17
Date Publicly Disclosed: 2017-07-06
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Email Account
Title: Data Breach at University of California Davis Medical Center
Description: The University of California Davis Medical Center experienced a data breach on December 13, 2013, due to an email phishing scam. The breach potentially affected patient information, specifically names, medical record numbers, and clinic visit dates; however, no financial information was compromised.
Date Detected: 2013-12-13
Date Publicly Disclosed: 2014-02-03
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Email Phishing Scam
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email Account and Email Account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UCD334072625
Data Compromised: Patients' names, Health information
Incident : Data Breach UCD430072825
Data Compromised: Communication about patients
Systems Affected: Email Account
Incident : Data Breach UCD556072825
Data Compromised: Patients' names, Addresses, Diagnoses
Incident : Data Breach UCD800080425
Data Compromised: Names, Medical record numbers, Clinic visit dates
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patients' Names, Health Information, , Communication About Patients, , Patients' Names, Addresses, Diagnoses, , Names, Medical Record Numbers, Clinic Visit Dates and .
Which entities were affected by each incident ?
Incident : Data Breach UCD334072625
Entity Name: UC Davis Health
Entity Type: Healthcare
Industry: Healthcare
Location: California
Incident : Data Breach UCD430072825
Entity Name: University of California Davis Medical Center
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California, USA
Customers Affected: Unknown number of patients
Incident : Data Breach UCD556072825
Entity Name: UC Davis Health
Entity Type: Healthcare
Industry: Healthcare
Location: California
Incident : Data Breach UCD800080425
Entity Name: University of California Davis Medical Center
Entity Type: Healthcare
Industry: Healthcare
Location: California, USA
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UCD334072625
Type of Data Compromised: Patients' names, Health information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach UCD430072825
Type of Data Compromised: Communication about patients
Number of Records Exposed: Unknown
Incident : Data Breach UCD556072825
Type of Data Compromised: Patients' names, Addresses, Diagnoses
Sensitivity of Data: High
Incident : Data Breach UCD800080425
Type of Data Compromised: Names, Medical record numbers, Clinic visit dates
Personally Identifiable Information: NamesMedical Record NumbersClinic Visit Dates
References
Where can I find more information about each incident ?
Incident : Data Breach UCD334072625
Source: California Office of the Attorney General
Incident : Data Breach UCD430072825
Source: California Office of the Attorney General
Incident : Data Breach UCD556072825
Source: California Office of the Attorney General
Date Accessed: 2017-07-06
Incident : Data Breach UCD800080425
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2017-07-06, and Source: California Office of the Attorney General.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UCD334072625
Entry Point: Email Account
Incident : Data Breach UCD556072825
Entry Point: Email Account
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach UCD556072825
Root Causes: Phishing
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Individual.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2014-02-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Patients' names, Health information, , Communication about patients, , Patients' names, Addresses, Diagnoses, , Names, Medical Record Numbers, Clinic Visit Dates and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Email Account.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Addresses, Clinic Visit Dates, Diagnoses, Communication about patients, Health information, Medical Record Numbers, Names and Patients' names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email Account.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ucdavishealth' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
