Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
UNC Health Southeastern

UNC Health Southeastern Vendor Cyber Rating & Cyber Score

unchealthse.org

UNC Health Southeastern, which is licensed for 337 beds, is a comprehensive healthcare system that offers an array of services through its affiliated divisions. The medical center is accredited by DNV-GL Healthcare and offers a combination of acute care, intensive care and psychiatric services to more than 13,000 inpatients and 60,000 emergency patients annually. As a nonprofit organization, UNC Health Southeastern is operated by a local board of trustees whose only remuneration is the assurance it is making quality healthcare available for its community. There are more than 135 physicians on the active medical staff. UNC Health Southeastern is still the only hospital in Robeson County and serves patients throughout southeastern North


UHS A.I CyberSecurity Scoring

UHS
Company Information
Website:http://www.unchealthse.org
Employees number:266
Number of followers:888
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:unchealthse.org
UHS Risk Score (AI oriented)
Between 750 and 799
logo
UHSHospitals and Health Care
Updated:
08/03/2026
753/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
UHS Global Score (TPRM)
xxxx
logo
UHSHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

UHS
UHSFair
Current Score
753Baa (FAIR)
01000
1 incidents
-11 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
754Before Incident
JUNE 2026
753Before Incident
MAY 2026
753Before Incident
APRIL 2026
753Before Incident
MARCH 2026
753Before Incident
FEBRUARY 2026
764Before Incident
Vulnerability
04 Feb 2026UHS
Southeastern U.S. Hospital: HHS-OIG Identifies Web Application Security Weaknesses at Large U.S. Hospital

HHS-OIG Audit Reveals Critical Web Application Security Gaps at Major U.S. Hospital

753After Incident
CRITICAL-11
UNC1770223081
HHS-OIG Audit Reveals Critical Web Application Security Gaps at Major U.S. Hospital A recent audit by the Department of Health and Human Services Office of Inspector General (HHS-OIG) uncovered significant security vulnerabilities in internet-facing applications at a large Southeastern U.S. hospital, raising concerns about similar risks across the healthcare sector. The audit, conducted to evaluate cybersecurity controls, continuity of care during cyberattacks, and protection of Medicare enrollee data, found that while the hospital had implemented foundational safeguards, critical weaknesses persisted. The 300+ bed hospital, part of a network sharing protected health information (PHI), adhered to the HITRUST Common Security Framework (CSF) v9.4 and HIPAA Rules for compliance. However, penetration tests and vulnerability assessments on four of its web applications revealed exploitable flaws: - Credential Capture & Account Compromise: HHS-OIG successfully obtained login credentials via a phishing simulation, with 108 of 2,171 recipients (6%) clicking the malicious link and one user submitting credentials. While the compromised account lacked direct patient data, it allowed access to device management controls, including the ability to disable multifactor authentication (MFA) and modify account-linked devices. - Injection Attack Vulnerability: A separate application lacked input validation controls, enabling potential code injection attacks that could manipulate system commands or exfiltrate sensitive data. Despite prior vulnerability scans and third-party tests, the flaw went undetected, and the application lacked a web application firewall (WAF) to block malicious traffic. The audit resulted in four key recommendations: 1. Strengthen user identification and authentication (UIA) controls for the account management application. 2. Regularly assess and update UIA controls across all systems. 3. Evaluate all web applications for the need for automated protections like WAFs. 4. Expand vulnerability testing to include dynamic, static, and manual application testing. HHS-OIG did not disclose the hospital’s identity to avoid targeting by threat actors but indicated plans for additional audits to identify systemic issues and improve HHS guidance for healthcare providers. Industry experts, including Russell Spitler (CEO of Nudge Security), emphasized the shift in healthcare cybersecurity risks, noting that traditional network-focused controls fail to protect cloud-based SaaS applications, where data flows across organizational boundaries. Spitler highlighted the need for comprehensive visibility and strong authentication (e.g., MFA, SSO) to secure evolving attack surfaces.
INCIDENT DETAILS -
TYPE
Data Security Audit
IMPACT
Data Compromised: Potential access to device management controls and protected health information (PHI)Web applicationsAccount management systemsOperational Impact: Risk of disabling multifactor authentication (MFA) and modifying account-linked devicesBrand Reputation Impact: Potential reputational damage due to security gapsLegal Liabilities: Potential HIPAA violationsIdentity Theft Risk: Risk of identity theft due to compromised credentials
DATA BREACH
Protected health information (PHI)Login credentialsDevice management controlsSensitivity Of Data: High (PHI, Medicare enrollee data)Personally Identifiable Information: Yes
JANUARY 2026
764Before Incident
DECEMBER 2025
764Before Incident
NOVEMBER 2025
764Before Incident
OCTOBER 2025
764Before Incident
SEPTEMBER 2025
764Before Incident
AUGUST 2025
764Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for UHS ?
?
What was UHS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was UHS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was UHS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was UHS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was UHS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was UHS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was UHS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was UHS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was UHS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was UHS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was UHS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on UHS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with UHS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view UHS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?