AAH
Company Details
Linkedin ID:
advocate-aurora-health
Employees number:
15,059
Number of followers:
78,983
NAICS:
62
Industry Type:
Homepage:
advocateaurorahealth.org
IP Addresses:
0
Company ID:
ADV_1090924
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Advocate Aurora Health Vendor Cyber Rating & Cyber Score
advocateaurorahealth.orgAdvocate Aurora Health and Atrium Health are now Advocate Health – the fifth-largest nonprofit integrated health system in the U.S. Advocate Health is the fifth-largest nonprofit integrated health system in the United States –created from the combination of Advocate Aurora Health and Atrium Health. Providing care under the names Advocate Health Care in Illinois, Atrium Health in the Carolinas, Georgia and Alabama, and Aurora Health Care in Wisconsin, Advocate Health is a national leader in clinical innovation, health outcomes, consumer experience and value-based care, with Wake Forest University School of Medicine serving as the academic core of the enterprise. Headquartered in Charlotte, North Carolina, Advocate Health serves nearly 6 million patients and is engaged in hundreds of clinical trials and research studies. It is nationally recognized for its expertise in cardiology, neurosciences, oncology, pediatrics and rehabilitation, as well as organ transplants, burn treatments and specialized musculoskeletal programs. Advocate Health employs nearly 150,000 team members across 67 hospitals and over 1,000 care locations, and offers one of the nation’s largest graduate medical education programs with over 2,000 residents and fellows across more than 200 programs. Committed to equitable care for all, Advocate Health provides nearly $5 billion in annual community benefits. Learn more: advocatehealth.org Read our social media community engagement guidelines: aah.org/social
Advocate Aurora Health A.I CyberSecurity Scoring
AAH Risk Score (AI oriented)Between 700 and 749
AAH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AAH Global Score (TPRM)XXXX
AAH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AAH Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Advocate Aurora Health
Breach
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois, experienced a data breach that exposed the personal data of 3,000,000 patients. The incident was caused by the improper use of Meta Pixel on AAH's websites which is a tracker that helps website operators understand how visitors interact with the site. The incident compromised information including the IP address, Dates, times, and locations of scheduled appointments, Proximity to an AAH location, Medical provider information, Type of appointment or procedure, and Communications between MyChart users, which may have included first and last names and medical record numbers, Insurance information, Proxy account information etc of about 3 million people.
AAH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AAH
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Advocate Aurora Health in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Advocate Aurora Health in 2026.
Incident Types AAH vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Advocate Aurora Health in 2026.
Incident History — AAH (X = Date, Y = Severity)
AAH cyber incidents detection timeline including parent company and subsidiaries
AAH Company Subsidiaries
Advocate Aurora Health and Atrium Health are now Advocate Health – the fifth-largest nonprofit integrated health system in the U.S. Advocate Health is the fifth-largest nonprofit integrated health system in the United States –created from the combination of Advocate Aurora Health and Atrium Health. Providing care under the names Advocate Health Care in Illinois, Atrium Health in the Carolinas, Georgia and Alabama, and Aurora Health Care in Wisconsin, Advocate Health is a national leader in clinical innovation, health outcomes, consumer experience and value-based care, with Wake Forest University School of Medicine serving as the academic core of the enterprise. Headquartered in Charlotte, North Carolina, Advocate Health serves nearly 6 million patients and is engaged in hundreds of clinical trials and research studies. It is nationally recognized for its expertise in cardiology, neurosciences, oncology, pediatrics and rehabilitation, as well as organ transplants, burn treatments and specialized musculoskeletal programs. Advocate Health employs nearly 150,000 team members across 67 hospitals and over 1,000 care locations, and offers one of the nation’s largest graduate medical education programs with over 2,000 residents and fellows across more than 200 programs. Committed to equitable care for all, Advocate Health provides nearly $5 billion in annual community benefits. Learn more: advocatehealth.org Read our social media community engagement guidelines: aah.org/social
Loading...
AAH Similar Companies
IQVIA (NYSE:IQV) is a leading global provider of clinical research services, commercial insights and healthcare intelligence to the life sciences and healthcare industries. IQVIA’s portfolio of solutions are powered by IQVIA Connected Intelligence™ to deliver actionable insights and services built o
From specializing in transplants and pediatric cancer to solving undiagnosed diseases, we know solving the most complex problems prepares us to solve any problem. We are committed to excellence in patient care, research, and medical education and training. We thrive on challenges, embrace collaborat
Aster DM Healthcare
From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl
Nationwide Children's Hospital
Nationwide Children’s is one of America's largest pediatric hospitals, an international leader in research and is ranked in all 10 specialties on U.S. News & World Report’s 2025-26 “America’s Best Children’s Hospitals” list. Our staff, comprised of 1,600 medical professionals and over 16,000 employe
The Netcare Group (JSE: NTC) offers a unique, comprehensive range of medical services across the healthcare spectrum, enabling us to serve the health and care needs of each individual who entrust their care to us. Our focus on implementing sophisticated digital systems will enable us to provide care
The Cigna Group
The Cigna Group is a global health company committed to creating a better future built on the vitality of every individual and every community. We relentlessly challenge ourselves to partner and innovate solutions for better health. The Cigna Group includes products and services marketed under Cig
UT Southwestern Medical Center
UT Southwestern is an academic medical center, world-renowned for its research, regarded among the best in the country for medical education and for clinical and scientific training, and nationally recognized for the quality of care its faculty provides to patients at UT Southwestern’s University Ho
Geisinger
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
CVS Health
CVS Health is the leading health solutions company, delivering care like no one else can. We reach more people and improve the health of communities across America through our local presence, digital channels and over 300,000 dedicated colleagues. Wherever and whenever people need us, we help them
.png)
AAH CyberSecurity News
February 26, 2026 08:00 AM
Trends In Healthcare Data Breach Statistics
Our healthcare data breach statistics clearly show an upward trend in data breaches since 2009, when OCR first started publishing data...
December 03, 2025 08:00 AM
Kaiser settles class-action web tracking lawsuit for $46M
Kaiser Permanente's health plan settled a class action lawsuit concerning a 2024 breach that stemmed from its alleged use of web trackers...
December 01, 2025 08:00 AM
Health care organizations: A cyber criminal’s treasure trove
Health care organizations are increasingly targeted by cybercriminals, putting sensitive patient data and practice operations at risk,...
June 23, 2025 07:00 AM
The top 10 nonprofit health systems by 2024 operating revenue
Operating revenues popped across fiscal 2024 as many of the largest nonprofits combined strong demand with capacity increases.
May 28, 2025 07:00 AM
Shields Health Care Group settles breach lawsuit for $15.35M
Learn about a proposed data breach settlement that requires Shields Health Care Group to pay $15.35 million over a breach that hit over 2...
April 29, 2025 07:00 AM
Health Insurance Provider Blue Shield of California Discloses Accidental Sharing of Customer Health Data Via Google Analytics
A major data breach at health insurance giant Blue Shield of California appears to be a case of misconfiguring advertising analytics tools.
March 24, 2025 07:00 AM
A Survey on Internet of Medical Things (IoMT): Enabling Technologies, Security and Explainability Issues, Challenges, and Future Directions
Internet of Medical Things (IoMT) paradigm refers to the process of collection, transmission and analysis of healthcare data using...
January 21, 2025 08:00 AM
4 Takeaways from the J.P. Morgan Healthcare Conference
Health care executives continue to reimagine and reshape their organizations. Their ideas were developing in real time during last week's...
September 25, 2024 07:00 AM
Advocate Aurora Health Sued Over Health Plan’s Tobacco Penalty
Advocate Aurora Health Inc. was sued Wednesday by two former employees who say the health system improperly discriminates against workers who smoke.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AAH CyberSecurity History Information
Official Website of Advocate Aurora Health
The official website of Advocate Aurora Health is http://www.advocateaurorahealth.org.
Advocate Aurora Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Advocate Aurora Health’s AI-generated cybersecurity score is 743, reflecting their Moderate security posture.
How many security badges does Advocate Aurora Health’ have ?
According to Rankiteo, Advocate Aurora Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Advocate Aurora Health been affected by any supply chain cyber incidents ?
According to Rankiteo, Advocate Aurora Health has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Advocate Aurora Health have SOC 2 Type 1 certification ?
According to Rankiteo, Advocate Aurora Health is not certified under SOC 2 Type 1.
Does Advocate Aurora Health have SOC 2 Type 2 certification ?
According to Rankiteo, Advocate Aurora Health does not hold a SOC 2 Type 2 certification.
Does Advocate Aurora Health comply with GDPR ?
According to Rankiteo, Advocate Aurora Health is not listed as GDPR compliant.
Does Advocate Aurora Health have PCI DSS certification ?
According to Rankiteo, Advocate Aurora Health does not currently maintain PCI DSS compliance.
Does Advocate Aurora Health comply with HIPAA ?
According to Rankiteo, Advocate Aurora Health is not compliant with HIPAA regulations.
Does Advocate Aurora Health have ISO 27001 certification ?
According to Rankiteo,Advocate Aurora Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Advocate Aurora Health
Advocate Aurora Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Advocate Aurora Health
Advocate Aurora Health employs approximately 15,059 people worldwide.
Subsidiaries Owned by Advocate Aurora Health
Advocate Aurora Health presently has no subsidiaries across any sectors.
Advocate Aurora Health’s LinkedIn Followers
Advocate Aurora Health’s official LinkedIn profile has approximately 78,983 followers.
NAICS Classification of Advocate Aurora Health
Advocate Aurora Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Advocate Aurora Health’s Presence on Crunchbase
Yes, Advocate Aurora Health has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/advocate-aurora-health.
Advocate Aurora Health’s Presence on LinkedIn
Yes, Advocate Aurora Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/advocate-aurora-health.
Cybersecurity Incidents Involving Advocate Aurora Health
As of March 30, 2026, Rankiteo reports that Advocate Aurora Health has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Advocate Aurora Health has an estimated 32,295 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Advocate Aurora Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Advocate Aurora Health Data Breach
Description: Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois, experienced a data breach that exposed the personal data of 3,000,000 patients. The incident was caused by the improper use of Meta Pixel on AAH's websites which is a tracker that helps website operators understand how visitors interact with the site. The incident compromised information including the IP address, Dates, times, and locations of scheduled appointments, Proximity to an AAH location, Medical provider information, Type of appointment or procedure, and Communications between MyChart users, which may have included first and last names and medical record numbers, Insurance information, Proxy account information etc of about 3 million people.
Type: Data Breach
Attack Vector: Improper use of Meta Pixel
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ADV058241022
Data Compromised: Ip address, Dates, times, and locations of scheduled appointments, Proximity to an aah location, Medical provider information, Type of appointment or procedure, Communications between mychart users, First and last names, Medical record numbers, Insurance information, Proxy account information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Ip Address, Dates, Times, And Locations Of Scheduled Appointments, Proximity To An Aah Location, Medical Provider Information, Type Of Appointment Or Procedure, Communications Between Mychart Users, First And Last Names, Medical Record Numbers, Insurance Information, Proxy Account Information and .
Which entities were affected by each incident ?
Incident : Data Breach ADV058241022
Entity Name: Advocate Aurora Health
Entity Type: Healthcare System
Industry: Healthcare
Location: WisconsinIllinois
Size: 26 hospitals
Customers Affected: 3000000
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ADV058241022
Type of Data Compromised: Ip address, Dates, times, and locations of scheduled appointments, Proximity to an aah location, Medical provider information, Type of appointment or procedure, Communications between mychart users, First and last names, Medical record numbers, Insurance information, Proxy account information
Number of Records Exposed: 3000000
Personally Identifiable Information: First and last namesMedical record numbersInsurance information
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were IP address, Dates, times, and locations of scheduled appointments, Proximity to an AAH location, Medical provider information, Type of appointment or procedure, Communications between MyChart users, First and last names, Medical record numbers, Insurance information, Proxy account information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Dates, times, and locations of scheduled appointments, Medical provider information, First and last names, IP address, Proximity to an AAH location, Insurance information, Medical record numbers, Proxy account information, Type of appointment or procedure and Communications between MyChart users.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 300.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=advocate-aurora-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
