Badge
11,371 badges added since 01 January 2025
ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
Apply now and get your badge!
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Aurora Health Care Vendor Cyber Rating & Cyber Score

aah.org
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Aurora Health Care is proud to be a part of Advocate Health, the third-largest nonprofit integrated health system in the U.S. Advocate Health is the third-largest nonprofit, integrated health system in the United States, created from the combination of Advocate Aurora Health and Atrium Health. Providing care under the names Advocate Health Care in Illinois; Atrium Health in the Carolinas, Georgia and Alabama; and Aurora Health Care in Wisconsin, Advocate Health is a national leader in clinical innovation, health outcomes, consumer experience and value-based care. Headquartered in Charlotte, North Carolina, Advocate Health services nearly 6 million patients and is engaged in hundreds of clinical trials and research studies, with Wake Forest University School of Medicine serving as the academic core of the enterprise. It is nationally recognized for its expertise in cardiology, neurosciences, oncology, pediatrics and rehabilitation, as well as organ transplants, burn treatments and specialized musculoskeletal programs. Advocate Health employs nearly 150,000 team members across 68 hospitals and over 1,000 care locations, and offers one of the nation’s largest graduate medical education programs with over 2,000 residents and fellows across more than 200 programs. Committed to providing equitable care for all, Advocate Health provides nearly $5 billion in annual community benefits. Learn more: advocatehealth.org Read our social media community engagement guidelines: aah.org/social

Aurora Health Care A.I CyberSecurity Scoring

AHC

Company Details

Linkedin ID:

aurora-health-care

Website:

https://careers.aah.org/

Employees number:

13,563

Number of followers:

71,900

NAICS:

62

Industry Type:

Hospitals and Health Care

Homepage:

aah.org

IP Addresses:

39

Company ID:

AUR_1042304

Scan Status:

Completed

AI scoreAHC Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/aurora-health-care.jpeg
AHC Hospitals and Health Care
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreAHC Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/aurora-health-care.jpeg
AHC Hospitals and Health Care
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

AHC Company CyberSecurity News & History

Past Incidents
1
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
Aurora Health CareData Leak85301/2020NA
AUR1248291222
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: Hackers had stolen personal information from patients at Aurora Medical Center Bay Area. An email phishing scam around January 1 was used to gain access to the email accounts of several of hospital's employee. The hackers didn’t get into the hospital's electronic health records system, but they had access to patient’s personal and health information through employee emails. Information included a patient’s first and last name, maiden name ,marital status,date of birth,street address ,Email address and phone number ,dates of admission,discharge, or treatment ,social security number,medical record number,health insurance account number,medical device number,drivers license number,passport number,bank account numbers,full face photograph.

Aurora Health Care
Data Leak
Severity: 85
Impact: 3
Seen: 01/2020
Blog:
Supply Chain Source: NA
AUR1248291222
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: Hackers had stolen personal information from patients at Aurora Medical Center Bay Area. An email phishing scam around January 1 was used to gain access to the email accounts of several of hospital's employee. The hackers didn’t get into the hospital's electronic health records system, but they had access to patient’s personal and health information through employee emails. Information included a patient’s first and last name, maiden name ,marital status,date of birth,street address ,Email address and phone number ,dates of admission,discharge, or treatment ,social security number,medical record number,health insurance account number,medical device number,drivers license number,passport number,bank account numbers,full face photograph.

Ailogo

AHC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for AHC

Incidents vs Hospitals and Health Care Industry Average (This Year)

No incidents recorded for Aurora Health Care in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Aurora Health Care in 2026.

Incident Types AHC vs Hospitals and Health Care Industry Avg (This Year)

No incidents recorded for Aurora Health Care in 2026.

Incident History — AHC (X = Date, Y = Severity)

AHC cyber incidents detection timeline including parent company and subsidiaries

AHC Company Subsidiaries

SubsidiaryImage

Aurora Health Care is proud to be a part of Advocate Health, the third-largest nonprofit integrated health system in the U.S. Advocate Health is the third-largest nonprofit, integrated health system in the United States, created from the combination of Advocate Aurora Health and Atrium Health. Providing care under the names Advocate Health Care in Illinois; Atrium Health in the Carolinas, Georgia and Alabama; and Aurora Health Care in Wisconsin, Advocate Health is a national leader in clinical innovation, health outcomes, consumer experience and value-based care. Headquartered in Charlotte, North Carolina, Advocate Health services nearly 6 million patients and is engaged in hundreds of clinical trials and research studies, with Wake Forest University School of Medicine serving as the academic core of the enterprise. It is nationally recognized for its expertise in cardiology, neurosciences, oncology, pediatrics and rehabilitation, as well as organ transplants, burn treatments and specialized musculoskeletal programs. Advocate Health employs nearly 150,000 team members across 68 hospitals and over 1,000 care locations, and offers one of the nation’s largest graduate medical education programs with over 2,000 residents and fellows across more than 200 programs. Committed to providing equitable care for all, Advocate Health provides nearly $5 billion in annual community benefits. Learn more: advocatehealth.org Read our social media community engagement guidelines: aah.org/social

similarCompanies

AHC Similar Companies

Johnson & Johnson
jnj.com

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine

Security Report Compare
Children's Healthcare of Atlanta
choa.org

For more than 100 years, Children’s Healthcare of Atlanta has depended on clinical and nonclinical employees to help make kids better today and healthier tomorrow. Consistently ranked as one of the leading pediatric healthcare systems in the country by U.S. News & World Report, Children’s is the onl

Security Report Compare
Allina Health
allinahealth.org

People at Allina Health have a career of making a difference in the lives of the millions of patients we see each year at our 90+ clinics, 12 hospitals and through a wide variety of specialty care services in Minnesota and western Wisconsin. We’re a not-for-profit organization committed to enrichin

Security Report Compare
Aster DM Healthcare
asterdmhealthcare.com

From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl

Security Report Compare
Fresenius Medical Care
freseniusmedicalcare.com

Fresenius Medical Care is the world’s leading provider of products and services for individuals with renal diseases. We aim to create a future worth living for chronically and critically ill patients – worldwide and every day. Thanks to our decades of experience in dialysis, our innovative research

Security Report Compare
NYC Health + Hospitals
nychealthandhospitals.org

NYC Health + Hospitals is the nation’s largest public health care delivery system. We are an integrated network of hospitals, trauma centers, neighborhood health centers, nursing homes, and post-acute care centers. We are a home care agency and a health plan, MetroPlus. The health system provides es

Security Report Compare
GeBBS Healthcare Solutions
gebbs.com

GeBBS Healthcare Solutions is a KLAS rated leading provider of Revenue Cycle Management (RCM) services and Risk Adjustment solutions. GeBBS’ innovative technology, combined with over 14,000-strong global workforce, helps clients improve financial performance, adhere to compliance, and enhance the pa

Security Report Compare
Corewell Health
corewellhealth.org

People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,0

Security Report Compare
UT Southwestern Medical Center
utsouthwestern.edu

UT Southwestern is an academic medical center, world-renowned for its research, regarded among the best in the country for medical education and for clinical and scientific training, and nationally recognized for the quality of care its faculty provides to patients at UT Southwestern’s University Ho

Security Report Compare
newsone

AHC CyberSecurity News

March 25, 2026 06:50 PM
News & Commentary: March 25, 2026

In today's news and commentary, UPS partially rescinded its driver buyout program, a California district court dismissed a whistleblower retaliation suit...

Read Article
March 23, 2026 04:38 PM
Simplify Group Launches Simplify Ventures: Capital Backed by a Proven Operational Ecosystem

Simplify Group today announced the launch of Simplify Ventures, an operator-led venture capital firm that pairs early-stage capital with the...

Read Article
February 26, 2026 08:00 AM
Trends In Healthcare Data Breach Statistics

Healthcare data breach statistics from 2009 to 2026 in the United States, HIPAA violation statistics, and fines and penalties.

Read Article
December 03, 2025 08:00 AM
Kaiser settles class-action web tracking lawsuit for $46M

Kaiser Permanente's health plan settled a class action lawsuit concerning a 2024 breach that stemmed from its alleged use of web trackers...

Read Article
December 01, 2025 08:00 AM
Health care organizations: A cyber criminal’s treasure trove

Health care organizations are increasingly targeted by cybercriminals, putting sensitive patient data and practice operations at risk,...

Read Article
November 17, 2025 08:00 AM
Securing the future: How AI Agents, Web3, and post-quantum cryptography are helping redefine digital trust

Introduction. As digital identity, artificial intelligence (AI) agents, Web3, and cybersecurity technologies converge, a new paradigm for...

Read Article
October 23, 2025 07:00 AM
Aurora and LGI to enhance healthcare RCM efficiency using AI

Aurora Healthcare and LGI Healthcare Solutions have collaborated to drive efficiency in healthcare revenue cycle management (RCM) using AI...

Read Article
October 14, 2025 07:00 AM
66 CIOs On the Move

This month, we're spotlighting 66 forward-thinking CIOs, CTOs, and CISOs taking the helm of technology and security leadership across...

Read Article
September 30, 2025 07:00 AM
Aurora Health Care plans large expansion for its Grafton hospital. It features 84 new rooms

Aurora Health Care Inc. is planning a large expansion of its Grafton medical center − including a new mid-rise tower.

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

AHC CyberSecurity History Information

Official Website of Aurora Health Care

The official website of Aurora Health Care is https://careers.aah.org/.

Aurora Health Care’s AI-Generated Cybersecurity Score

According to Rankiteo, Aurora Health Care’s AI-generated cybersecurity score is 769, reflecting their Fair security posture.

How many security badges does Aurora Health Care’ have ?

According to Rankiteo, Aurora Health Care currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Aurora Health Care been affected by any supply chain cyber incidents ?

According to Rankiteo, Aurora Health Care has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Aurora Health Care have SOC 2 Type 1 certification ?

According to Rankiteo, Aurora Health Care is not certified under SOC 2 Type 1.

Does Aurora Health Care have SOC 2 Type 2 certification ?

According to Rankiteo, Aurora Health Care does not hold a SOC 2 Type 2 certification.

Does Aurora Health Care comply with GDPR ?

According to Rankiteo, Aurora Health Care is not listed as GDPR compliant.

Does Aurora Health Care have PCI DSS certification ?

According to Rankiteo, Aurora Health Care does not currently maintain PCI DSS compliance.

Does Aurora Health Care comply with HIPAA ?

According to Rankiteo, Aurora Health Care is not compliant with HIPAA regulations.

Does Aurora Health Care have ISO 27001 certification ?

According to Rankiteo,Aurora Health Care is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Aurora Health Care

Aurora Health Care operates primarily in the Hospitals and Health Care industry.

Number of Employees at Aurora Health Care

Aurora Health Care employs approximately 13,563 people worldwide.

Subsidiaries Owned by Aurora Health Care

Aurora Health Care presently has no subsidiaries across any sectors.

Aurora Health Care’s LinkedIn Followers

Aurora Health Care’s official LinkedIn profile has approximately 71,900 followers.

NAICS Classification of Aurora Health Care

Aurora Health Care is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.

Aurora Health Care’s Presence on Crunchbase

Yes, Aurora Health Care has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/aurora-zilber-family-hospice.

Aurora Health Care’s Presence on LinkedIn

Yes, Aurora Health Care maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/aurora-health-care.

Cybersecurity Incidents Involving Aurora Health Care

As of March 30, 2026, Rankiteo reports that Aurora Health Care has experienced 1 cybersecurity incidents.

Number of Peer and Competitor Companies

Aurora Health Care has an estimated 32,297 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Aurora Health Care ?

Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: Data Breach at Aurora Medical Center Bay Area

Description: Hackers had stolen personal information from patients at Aurora Medical Center Bay Area through an email phishing scam.

Date Detected: 2023-01-01

Type: Data Breach

Attack Vector: Phishing

Vulnerability Exploited: Email Accounts

Threat Actor: Unknown Hackers

Motivation: Data Theft

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Data Leak.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email Phishing.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach AUR1248291222

Data Compromised: Patient’s first and last name, Maiden name, Marital status, Date of birth, Street address, Email address, Phone number, Dates of admission, discharge, or treatment, Social security number, Medical record number, Health insurance account number, Medical device number, Driver's license number, Passport number, Bank account numbers, Full face photograph

Systems Affected: Employee Email Accounts

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Health Information and .

Which entities were affected by each incident ?

Incident : Data Breach AUR1248291222

Entity Name: Aurora Medical Center Bay Area

Entity Type: Hospital

Industry: Healthcare

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach AUR1248291222

Type of Data Compromised: Personal information, Health information

Sensitivity of Data: High

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach AUR1248291222

Entry Point: Email Phishing

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach AUR1248291222

Root Causes: Phishing Attack

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an Unknown Hackers.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2023-01-01.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were Patient’s first and last name, Maiden name, Marital status, Date of birth, Street address, Email address, Phone number, Dates of admission, discharge, or treatment, Social security number, Medical record number, Health insurance account number, Medical device number, Driver's license number, Passport number, Bank account numbers, Full face photograph and .

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Medical record number, Email address, Date of birth, Social security number, Phone number, Medical device number, Street address, Health insurance account number, Passport number, Bank account numbers, Maiden name, Dates of admission, discharge, or treatment, Full face photograph, Driver's license number, Marital status and Patient’s first and last name.

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email Phishing.

cve

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Published
Date
2026-03-29
Updated
Date
2026-03-29
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

Published
Date
2026-03-29
Updated
Date
2026-03-29
References
Description

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.

Published
Date
2026-03-29
Updated
Date
2026-03-29
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Description

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.

Published
Date
2026-03-29
Updated
Date
2026-03-29
Risk Information
cvss3
Base: 8.3
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
References
Description

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

Published
Date
2026-03-29
Updated
Date
2026-03-29
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=aurora-health-care' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest plans → View all security reports →
Users Love Us Badge