UHS
Company Details
Linkedin ID:
uhs
Website:
Employees number:
10,784
Number of followers:
84,686
NAICS:
62
Industry Type:
Homepage:
uhs.com
IP Addresses:
0
Company ID:
UHS_2344169
Scan Status:
In-progress
UHS Company CyberSecurity Posture
uhs.com
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance, growing since its inception into a Fortune 300 corporation. Headquartered in King of Prussia, PA, UHS has 99,000 employees. Through its subsidiaries, UHS operates 29 acute care hospitals, 331 behavioral health facilities, 60 outpatient and other facilities in 39 U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com UHS is a registered trademark of UHS of Delaware, Inc., a subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company that operates through its subsidiaries. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent there is any reference to “UHS” or “UHS facilities” on this website, including any statements, articles or other publications contained herein which relates to healthcare or management operations, they are referring to Universal Health Services, Inc.’s subsidiaries. Further, the terms “we,” “us,” “our” or “the company” in such context similarly refer to the operations of the subsidiaries of Universal Health Services, Inc. Any reference to employment at UHS or employees of UHS refers to employment with one of the subsidiaries of Universal Health Services, Inc.
UHS A.I CyberSecurity Scoring
UHS Risk Score (AI oriented)Between 700 and 749
UHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UHS Global Score (TPRM)XXXX
UHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UHS Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
UHS
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names dates of birth Numbers to call Numbers for patient accounts and medical records Details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
UHS
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: The systems of the famous healthcare facility, Universal Health Services, were targeted by the Rayuk ransomware group in September 2020. The attackers hit the systems, disabled multiple antivirus programs, and logged the systems out. The attack caused the doctors to wait for a longer period for lab test results and even resulted in four casualties. The healthcare immediately took action and removed the encrypted files and restored the systems.
UHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UHS in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UHS in 2025.
Incident Types UHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UHS in 2025.
Incident History — UHS (X = Date, Y = Severity)
UHS cyber incidents detection timeline including parent company and subsidiaries
UHS Company Subsidiaries
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance, growing since its inception into a Fortune 300 corporation. Headquartered in King of Prussia, PA, UHS has 99,000 employees. Through its subsidiaries, UHS operates 29 acute care hospitals, 331 behavioral health facilities, 60 outpatient and other facilities in 39 U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com UHS is a registered trademark of UHS of Delaware, Inc., a subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company that operates through its subsidiaries. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent there is any reference to “UHS” or “UHS facilities” on this website, including any statements, articles or other publications contained herein which relates to healthcare or management operations, they are referring to Universal Health Services, Inc.’s subsidiaries. Further, the terms “we,” “us,” “our” or “the company” in such context similarly refer to the operations of the subsidiaries of Universal Health Services, Inc. Any reference to employment at UHS or employees of UHS refers to employment with one of the subsidiaries of Universal Health Services, Inc.
Loading...
UHS Similar Companies
LUX MED
LUX MED - leader and trustworthy expert We care for the health of the patients professionally and with engagement, we have been developing our business for over 20 years. Today we are the leader and expert on the private healthcare market. We take under our care both individual patients and corpo
Lehigh Valley Health Network
Lehigh Valley Health Network (LVHN) is proudly part of Jefferson Health, forming a leading integrated academic health care delivery system. With 65,000 colleagues, 32 hospitals and over 700 sites of care across the Lehigh Valley, northeastern Pennsylvania, Delaware Valley and southern New Jersey. L
Hospital Authority
The Hospital Authority (HA) is a statutory body established under the Hospital Authority Ordinance in 1990. We have been responsible for managing Hong Kong's public hospitals services since December 1991. We are accountable to the Hong Kong Special Administrative Region Government through the Secret
CVS Health
CVS Health is the leading health solutions company, delivering care like no one else can. We reach more people and improve the health of communities across America through our local presence, digital channels and over 300,000 dedicated colleagues – including more than 40,000 physicians, pharmacists,
Sunrise Senior Living
Beginning with a single community in 1981, Sunrise Senior Living has grown to more than 270 communities throughout the U.S. and Canada. Each of our communities continues the mission laid out by founders Paul and Terry Klaassen more than 40 years ago: to champion quality of life for all seniors. Jo
Medical University of South Carolina
The Medical University of South Carolina (MUSC) is a public institution of higher learning the purpose of which is to preserve and optimize human life in South Carolina and beyond. The university provides an interprofessional environment for learning and discovery through education of health care p
Mercy Health
At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across
UPMC is a world-renowned, nonprofit health care provider and insurer committed to delivering exceptional, people-centered care and community services. Headquartered in Pittsburgh and affiliated with the University of Pittsburgh Schools of the Health Sciences, UPMC is shaping the future of health thr
Keralty
Anteriormente Organización Sanitas Internacional, Keralty es un grupo empresarial de valor en salud, con más de 40 años de experiencia conformado por empresas de aseguramiento y prestación de servicios de salud y una red propia hospitalaria y asistencial. También forman parte de Keralty institucion
.png)
UHS CyberSecurity News
May 28, 2025 07:00 AM
NHS trusts' data 'stolen' in cyberattack
University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were exposed,...
May 25, 2025 07:00 AM
UHS’s Kim Sassaman Named Among CISOs Connect’s™ Top 100 CISOs 2025
Posted by cfelixcpa | May 25, 2025 | SF STAT! | 0 |. UHS's Kim Sassaman Named Among CISOs Connect's™ Top 100 CISOs 2025. image_pdf image_print.
March 04, 2025 08:00 AM
Key Themes from Hospital Earnings Season: Breaking down HCA, Tenet, UHS, CHS, and Ardent Commentary
Breaking down major publicly traded hospital operator themes across utilization, revenue and payor mix, expenses, growth, and more.
July 31, 2024 07:00 AM
UHS employees recognized by Becker’s Hospital Review
Associate Chief Information Officer Kara Hines and Chief Revenue Cycle Officer Kenneth Hogue of UHS were recently named “Rising Stars: 42 healthcare leaders...
May 29, 2024 04:21 AM
Ryuk Ransomware Attacks: Hospitals Targeted
Ryuk ransomware attacks vastly increased during 2020. From almost obscurity in 2019, Ryuk now accounts for a third of all ransomware attacks.
March 13, 2024 07:00 AM
Change Healthcare cyberattack isn't threatening major for-profit systems' bottom lines, execs say
Senior leadership at major for-profit systems say they're shielded from the liquidity and administrative issues plaguing providers across...
March 06, 2024 08:00 AM
Sven Hahues Named University of Houston System CISO
Sven Hahues will lead the University of Houston System's (UHS) information security initiatives as the new chief information security officer (CISO).
February 26, 2024 08:00 AM
Untitled Document
It is with great excitement that we announce the appointment of Sven Hahues as the new Chief Information Security Officer (CISO) for the...
December 12, 2023 10:45 AM
UHS Discloses Cost of September Cyberattack: $67 Million in Pre-Tax Dollars
On Feb. 25, the 400-plus hospital, Pennsylvania-based Universal Health Services, Inc. disclosed in its fourth-quarter 2020 earnings report that the cyber...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UHS CyberSecurity History Information
Official Website of UHS
The official website of UHS is http://www.uhs.com.
UHS’s AI-Generated Cybersecurity Score
According to Rankiteo, UHS’s AI-generated cybersecurity score is 718, reflecting their Moderate security posture.
How many security badges does UHS’ have ?
According to Rankiteo, UHS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UHS have SOC 2 Type 1 certification ?
According to Rankiteo, UHS is not certified under SOC 2 Type 1.
Does UHS have SOC 2 Type 2 certification ?
According to Rankiteo, UHS does not hold a SOC 2 Type 2 certification.
Does UHS comply with GDPR ?
According to Rankiteo, UHS is not listed as GDPR compliant.
Does UHS have PCI DSS certification ?
According to Rankiteo, UHS does not currently maintain PCI DSS compliance.
Does UHS comply with HIPAA ?
According to Rankiteo, UHS is not compliant with HIPAA regulations.
Does UHS have ISO 27001 certification ?
According to Rankiteo,UHS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UHS
UHS operates primarily in the Hospitals and Health Care industry.
Number of Employees at UHS
UHS employs approximately 10,784 people worldwide.
Subsidiaries Owned by UHS
UHS presently has no subsidiaries across any sectors.
UHS’s LinkedIn Followers
UHS’s official LinkedIn profile has approximately 84,686 followers.
NAICS Classification of UHS
UHS is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UHS’s Presence on Crunchbase
No, UHS does not have a profile on Crunchbase.
UHS’s Presence on LinkedIn
Yes, UHS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/uhs.
Cybersecurity Incidents Involving UHS
As of November 27, 2025, Rankiteo reports that UHS has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
UHS has an estimated 29,991 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UHS ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does UHS detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with removed encrypted files, containment measures with restored systems, and third party assistance with kroll, and remediation measures with one year of identity monitoring services from kroll..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on Universal Health Services
Description: The systems of the famous healthcare facility, Universal Health Services, were targeted by the Rayuk ransomware group in September 2020. The attackers hit the systems, disabled multiple antivirus programs, and logged the systems out. The attack caused the doctors to wait for a longer period for lab test results and even resulted in four casualties. The healthcare immediately took action and removed the encrypted files and restored the systems.
Date Detected: September 2020
Type: Ransomware
Threat Actor: Rayuk ransomware group
Title: Ransomware Attack on ESO Solutions
Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names, dates of birth, phone numbers, patient account numbers, medical records, details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
Type: Ransomware Attack
Attack Vector: Unauthorised Data Access and System Encryption
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware UHS194910422
Operational Impact: Longer wait times for lab test resultsFour casualties
Incident : Ransomware Attack UHS8515124
Data Compromised: Complete names, Dates of birth, Phone numbers, Patient account numbers, Medical records, Details of injury, diagnosis, treatment, and procedure, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Medical Records and .
Which entities were affected by each incident ?
Incident : Ransomware UHS194910422
Entity Name: Universal Health Services
Entity Type: Healthcare facility
Industry: Healthcare
Incident : Ransomware Attack UHS8515124
Entity Name: ESO Solutions
Entity Type: Software Provider
Industry: Healthcare and Emergency Services
Customers Affected: U.S. hospitals and clinics
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware UHS194910422
Containment Measures: Removed encrypted filesRestored systems
Incident : Ransomware Attack UHS8515124
Third Party Assistance: Kroll
Remediation Measures: One year of identity monitoring services from Kroll
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack UHS8515124
Type of Data Compromised: Personal information, Medical records
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: One year of identity monitoring services from Kroll.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by removed encrypted files, restored systems and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware UHS194910422
Ransomware Strain: Rayuk
Incident : Ransomware Attack UHS8515124
Data Encryption: True
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Rayuk ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on September 2020.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Complete names, Dates of birth, Phone numbers, Patient account numbers, Medical records, Details of injury, diagnosis, treatment, and procedure, Social Security numbers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Removed encrypted filesRestored systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Patient account numbers, Details of injury, diagnosis, treatment, and procedure, Medical records, Complete names, Dates of birth, Social Security numbers and Phone numbers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=uhs' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
