CH
Company Details
Linkedin ID:
city-of-hope
Website:
Employees number:
12,192
Number of followers:
151,504
NAICS:
62
Industry Type:
Homepage:
cityofhope.org
IP Addresses:
57
Company ID:
CIT_3094536
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
City of Hope Vendor Cyber Rating & Cyber Score
cityofhope.orgCity of Hope's mission is to deliver the cures of tomorrow to the people who need them today. Founded in 1913, City of Hope has grown into one of the largest cancer research and treatment organizations in the U.S. and one of the leading research centers for diabetes and other life-threatening illnesses. City of Hope research has been the basis for numerous breakthrough cancer medicines, as well as human synthetic insulin and monoclonal antibodies. With an independent, National Cancer Institute-designated comprehensive cancer center at its core, City of Hope brings a uniquely integrated model to patients spanning cancer care, research and development, academics and training, and innovation initiatives. City of Hope’s growing national system includes its Los Angeles campus, a network of clinical care locations across Southern California, a new cancer center in Orange County, California, and treatment facilities in Atlanta, Chicago and Phoenix. City of Hope’s affiliated group of organizations includes Translational Genomics Research Institute and AccessHope™.
City of Hope A.I CyberSecurity Scoring
CH Risk Score (AI oriented)Between 700 and 749
CH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CH Global Score (TPRM)XXXX
CH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CH Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
City of Hope
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that City of Hope experienced a data breach involving unauthorized access to systems resulting in potential exposure of personal information between September 19, 2023, and October 12, 2023. The breach was reported on April 2, 2024, and is believed to have affected various personal information types including names, contact information, and financial details; the exact number of individuals affected is unspecified.
City of Hope
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On April 2, 2024, the Washington State Office of the Attorney General reported a data breach involving City of Hope. The breach, which affected 3,784 Washington residents, resulted from a cyberattack that began on September 19, 2023, and was discovered on October 13, 2023. The compromised information may include names, Social Security numbers, and medical records.
City of Hope
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported that City of Hope experienced a phishing email incident that compromised the email accounts of four staff members on May 31 and June 2, 2017. The breach potentially exposed protected health information (PHI) of individuals, including names and medical record information. The report was made on August 3, 2017.
CH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CH
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for City of Hope in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for City of Hope in 2026.
Incident Types CH vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for City of Hope in 2026.
Incident History — CH (X = Date, Y = Severity)
CH cyber incidents detection timeline including parent company and subsidiaries
CH Company Subsidiaries
City of Hope's mission is to deliver the cures of tomorrow to the people who need them today. Founded in 1913, City of Hope has grown into one of the largest cancer research and treatment organizations in the U.S. and one of the leading research centers for diabetes and other life-threatening illnesses. City of Hope research has been the basis for numerous breakthrough cancer medicines, as well as human synthetic insulin and monoclonal antibodies. With an independent, National Cancer Institute-designated comprehensive cancer center at its core, City of Hope brings a uniquely integrated model to patients spanning cancer care, research and development, academics and training, and innovation initiatives. City of Hope’s growing national system includes its Los Angeles campus, a network of clinical care locations across Southern California, a new cancer center in Orange County, California, and treatment facilities in Atlanta, Chicago and Phoenix. City of Hope’s affiliated group of organizations includes Translational Genomics Research Institute and AccessHope™.
Loading...
CH Similar Companies
Jefferson Health
Thomas Jefferson University and Thomas Jefferson University Hospitals are partners in providing excellent clinical and compassionate care for our patients in the Philadelphia region, educating the health professionals of tomorrow in a variety of disciplines and discovering new knowledge that will de
M42 Health
M42 is an Abu Dhabi-based, global tech-enabled healthcare company operating at the forefront of medical advancement. The company is seeking to transform lives through innovative clinical solutions that can solve the world’s most critical health and diagnostic challenges. By harnessing unique medical
Medical University of South Carolina
The Medical University of South Carolina (MUSC) is a public institution of higher learning the purpose of which is to preserve and optimize human life in South Carolina and beyond. The university provides an interprofessional environment for learning and discovery through education of health care p
Fortis Healthcare Group is a leading integrated healthcare provider operating across the Asia Pacific region. With more than 20,000 employees and growing, Fortis Helathcare is currently present in Australia, Canada, Hong Kong SAR, India, Mauritius, New Zealand, Singapore, Sri Lanka, UAE, and Vietnam
Indiana University Health is Indiana’s largest and most comprehensive system. A unique partnership with the Indiana University School of Medicine—one of the nation’s largest medical schools—gives patients access to groundbreaking research and innovative treatments, and it offers team members acces
Mount Sinai Health System
The Mount Sinai Health System is an integrated health system committed to providing distinguished care, conducting transformative research, and advancing biomedical education. Structured around seven hospital campuses and a single medical school, the Health System has an extensive ambulatory netwo
The University of Maryland Medical System (UMMS) was created in 1984 when the state-owned University Hospital became a private, nonprofit organization. It has evolved into a multi-hospital system with academic, community and specialty service missions reaching every part of the state and beyond. UM
Erasmus MC
We are Erasmus MC. Our roots lie in Rotterdam, a city and port of international standing. We are the most innovative university medical center in the Netherlands and one of the world’s leading centers of scientific research. We are committed to achieving a healthy population and pursuing excellence
Einstein Hospital Israelita
O nascimento da Sociedade Beneficente Israelita Brasileira Albert Einstein, na década de 50, resultou do compromisso da comunidade judaica em oferecer à população brasileira uma referência em qualidade da prática médica. Mas a Sociedade queria ir além da simples construção de um hospital. E assi
.png)
CH CyberSecurity News
March 27, 2026 11:38 PM
Violins of Hope Comes to Sioux City
The media could not be loaded, either because the server or network failed or because the format is not supported. Error Code: 400-4.
March 27, 2026 09:42 PM
Violins of Hope coming to Sioux City
A powerful musical experience rooted in history is about to arrive in Sioux City, bringing with it stories of resilience, memory, and hope.
March 22, 2026 01:43 AM
Careers in cybersecurity
High school students are attaining the technological skills and professionals are making career switches to the cybersecurity field.
January 19, 2026 08:00 AM
Infrastructure failure and cybersecurity threats top list of risks for City of Calgary
A new report finds critical infrastructure is at greater risk of failure in Calgary than it has been in the past, with 11 per cent of...
January 17, 2026 08:00 AM
The Real Hope Valley Location From 'When Calls the Heart' Revealed
When you tune in to When Calls the Heart each week, do you ever find yourself wishing you could spend a day in the idyllic Hope Valley?
December 09, 2025 08:00 AM
Robert Stone Recognized as a Top Healthcare CEO in 2025
LOS ANGELES, December 09, 2025--City of Hope® CEO Robert Stone, who leads one of the largest and most advanced cancer research and treatment...
October 31, 2025 05:03 PM
$8.5M City of Hope data breach settlement
City of Hope has agreed to a $8.5 million class action settlement to resolve claims it failed to prevent a 2023 data breach that compromised patient...
October 21, 2025 07:00 AM
City of Hope Settles Class Action Data Breach Lawsuit
City of Hope, a Duarte, California-based non-profit clinical research and cancer treatment center, has agreed to settle a class action...
August 11, 2025 07:00 AM
St. Paul says cybersecurity breach was a ransomware attack. What does that mean?
St. Paul city officials say they hope to get systems back online by the end of the week, after what they're calling a ransomware attack.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CH CyberSecurity History Information
Official Website of City of Hope
The official website of City of Hope is http://www.cityofhope.org.
City of Hope’s AI-Generated Cybersecurity Score
According to Rankiteo, City of Hope’s AI-generated cybersecurity score is 735, reflecting their Moderate security posture.
How many security badges does City of Hope’ have ?
According to Rankiteo, City of Hope currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has City of Hope been affected by any supply chain cyber incidents ?
According to Rankiteo, City of Hope has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does City of Hope have SOC 2 Type 1 certification ?
According to Rankiteo, City of Hope is not certified under SOC 2 Type 1.
Does City of Hope have SOC 2 Type 2 certification ?
According to Rankiteo, City of Hope does not hold a SOC 2 Type 2 certification.
Does City of Hope comply with GDPR ?
According to Rankiteo, City of Hope is not listed as GDPR compliant.
Does City of Hope have PCI DSS certification ?
According to Rankiteo, City of Hope does not currently maintain PCI DSS compliance.
Does City of Hope comply with HIPAA ?
According to Rankiteo, City of Hope is not compliant with HIPAA regulations.
Does City of Hope have ISO 27001 certification ?
According to Rankiteo,City of Hope is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of City of Hope
City of Hope operates primarily in the Hospitals and Health Care industry.
Number of Employees at City of Hope
City of Hope employs approximately 12,192 people worldwide.
Subsidiaries Owned by City of Hope
City of Hope presently has no subsidiaries across any sectors.
City of Hope’s LinkedIn Followers
City of Hope’s official LinkedIn profile has approximately 151,504 followers.
NAICS Classification of City of Hope
City of Hope is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
City of Hope’s Presence on Crunchbase
No, City of Hope does not have a profile on Crunchbase.
City of Hope’s Presence on LinkedIn
Yes, City of Hope maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/city-of-hope.
Cybersecurity Incidents Involving City of Hope
As of March 30, 2026, Rankiteo reports that City of Hope has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
City of Hope has an estimated 32,297 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at City of Hope ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
Incident Details
Can you provide details on each incident ?
Title: City of Hope Data Breach
Description: A data breach involving City of Hope affected 3,784 Washington residents, compromising names, Social Security numbers, and medical records.
Date Detected: 2023-10-13
Date Publicly Disclosed: 2024-04-02
Type: Data Breach
Title: City of Hope Data Breach
Description: The California Office of the Attorney General reported that City of Hope experienced a data breach involving unauthorized access to systems resulting in potential exposure of personal information between September 19, 2023, and October 12, 2023.
Date Publicly Disclosed: 2024-04-02
Type: Data Breach
Attack Vector: Unauthorized Access
Title: City of Hope Phishing Email Incident
Description: The California Office of the Attorney General reported that City of Hope experienced a phishing email incident that compromised the email accounts of four staff members on May 31 and June 2, 2017. The breach potentially exposed protected health information (PHI) of individuals, including names and medical record information.
Date Detected: 2017-05-312017-06-02
Date Publicly Disclosed: 2017-08-03
Type: Phishing
Attack Vector: Email
Vulnerability Exploited: Human
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CIT107072625
Data Compromised: Names, Social security numbers, Medical records
Incident : Data Breach CIT911072625
Data Compromised: Names, Contact information, Financial details
Incident : Phishing CIT223072925
Data Compromised: Protected Health Information (PHI)
Systems Affected: Email accounts
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Medical Records, , Names, Contact Information, Financial Details, and Protected Health Information (PHI).
Which entities were affected by each incident ?
Incident : Data Breach CIT107072625
Entity Name: City of Hope
Entity Type: Healthcare
Industry: Healthcare
Location: Washington
Customers Affected: 3784
Incident : Data Breach CIT911072625
Entity Name: City of Hope
Entity Type: Healthcare
Industry: Healthcare
Location: California
Incident : Phishing CIT223072925
Entity Name: City of Hope
Entity Type: Healthcare
Industry: Healthcare
Location: California
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CIT107072625
Type of Data Compromised: Names, Social security numbers, Medical records
Number of Records Exposed: 3784
Sensitivity of Data: High
Incident : Data Breach CIT911072625
Type of Data Compromised: Names, Contact information, Financial details
Incident : Phishing CIT223072925
Type of Data Compromised: Protected Health Information (PHI)
Sensitivity of Data: High
Personally Identifiable Information: Names, Medical Record Information
References
Where can I find more information about each incident ?
Incident : Data Breach CIT107072625
Source: Washington State Office of the Attorney General
Date Accessed: 2024-04-02
Incident : Data Breach CIT911072625
Source: California Office of the Attorney General
Date Accessed: 2024-04-02
Incident : Phishing CIT223072925
Source: California Office of the Attorney General
Date Accessed: 2017-08-03
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2024-04-02, and Source: California Office of the Attorney GeneralDate Accessed: 2024-04-02, and Source: California Office of the Attorney GeneralDate Accessed: 2017-08-03.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Phishing CIT223072925
Entry Point: Email
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-13.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-08-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, medical records, , names, contact information, financial details, and Protected Health Information (PHI).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Protected Health Information (PHI), medical records, contact information, Social Security numbers, names and financial details.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 382.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General and California Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
References
- https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
- https://lists.security.metacpan.org/cve-announce/msg/37638919/
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
- https://metacpan.org/release/SHAY/perl-5.40.4/changes
- https://metacpan.org/release/SHAY/perl-5.42.2/changes
- https://www.cve.org/CVERecord?id=CVE-2026-3381
Description
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.
Risk Information
cvss3
Base: 8.3
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=city-of-hope' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
