CHS
Company Details
Linkedin ID:
community-health-systems
Website:
Employees number:
24,576
Number of followers:
106,663
NAICS:
62
Industry Type:
Homepage:
chs.net
IP Addresses:
0
Company ID:
COM_1368018
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Community Health Systems Vendor Cyber Rating & Cyber Score
chs.netCommunity Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Community Health Systems A.I CyberSecurity Scoring
CHS Risk Score (AI oriented)Between 650 and 699
CHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CHS Global Score (TPRM)XXXX
CHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CHS Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Community Health Systems
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Community Health Systems (CHS) announced a data compromise, wherein attackers used Fortra's GoAnywhere MFT platform's zero-day vulnerability. Up to 1 million patients were harmed, according to an investigation CHS undertook to see if any of its systems were compromised. The Company now estimates that up to one million people may have been impacted by this assault. This information was compromised by the Fortran breach. All affected people whose information was exposed in the data breach will be notified and offered protection services by the company.
Community Health Systems
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer technology was the focus of a recent round of attacks, according to Community Health Systems (CHS). A further investigation showed that the consequent data breach affected up to 1 million patients' personal and health information. Additionally, it stated that it would provide identity theft protection services and alert any affected people whose information was compromised.
Community Health Systems Professional Services Corporation
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that Community Health Systems Professional Services Corporation experienced a data breach due to an external criminal cyber attack confirmed in July 2014. The breach occurred between April 10, 2014, and June 24, 2014, potentially affecting personal information including names, addresses, birthdates, and Social Security numbers of unknown individuals.
CHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Community Health Systems in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Community Health Systems in 2026.
Incident Types CHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Community Health Systems in 2026.
Incident History — CHS (X = Date, Y = Severity)
CHS cyber incidents detection timeline including parent company and subsidiaries
CHS Company Subsidiaries
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Loading...
CHS Similar Companies
Beth Israel Lahey Health
Beth Israel Lahey Health is a new, integrated system providing patients with better care wherever they are. Care informed by world-class research and education. We are doctors and nurses, technicians and social workers, innovators and educators, and so many others. All with a shared vision for what
Ochsner Health
Ochsner Health is the leading nonprofit healthcare provider in Louisiana, Mississippi and across the Gulf South, delivering expert care at its 47 hospitals and more than 370 health and urgent care centers. Ochsner is nationally recognized for inspiring healthier lives and stronger communities thro
Novant Health
Novant Health is an integrated network of more than 850 locations, including 19 hospitals, more than 700 physician clinics and urgent care centers, outpatient facilities, and imaging and pharmacy services. This network supports a seamless and personalized healthcare experience for communities in Nor
Cencora, a company building on the legacy of AmerisourceBergen, is a leading global pharmaceutical solutions organization centered on improving the lives of people and animals around the world. We connect manufacturers, providers, and patients to ensure that anyone can get the therapies they need, w
Molina Healthcare is a FORTUNE 500 company that is focused exclusively on government-sponsored health care programs for families and individuals who qualify for government sponsored health care. Molina Healthcare contracts with state governments and serves as a health plan providing a wide range o
Sanford Health
Sanford Health is the largest rural health system in the U.S. Our organization is dedicated to transforming the health care experience and providing access to world-class health care in America’s heartland. Headquartered in Sioux Falls, South Dakota, we serve more than one million patients and 220,0
The Cigna Group
The Cigna Group is a global health company committed to creating a better future built on the vitality of every individual and every community. We relentlessly challenge ourselves to partner and innovate solutions for better health. The Cigna Group includes products and services marketed under Cig
VCU Health
We are a strong, passionate team of more than 12,500 who take pride in caring for every person who comes through our doors. We lift each other up so we can provide the very best and safest care to those who need us most. Together. Every day. With the support of our university, we make up an acade
Johns Hopkins Medicine is a governing structure for the University’s School of Medicine and the health system, coordinating their research, teaching, patient care, and related enterprises. The Johns Hopkins Hospital opened in 1889, followed four years later by the university’s School of Medicine
.png)
CHS CyberSecurity News
March 25, 2026 07:00 AM
Female Cybersecurity Leaders to Watch in Tennessee
Tennessee's cybersecurity leadership bench spans healthcare, insurance, public-sector technology, and enterprise transformation.
March 02, 2026 08:00 AM
Trizetto Data Breach: PHI of 3.4 Million Individuals Exposed
It has been more than four months since TriZetto Provider Solutions discovered unauthorized access to its IT environment, and it has now...
February 26, 2026 08:00 AM
Trends In Healthcare Data Breach Statistics
Our healthcare data breach statistics clearly show an upward trend in data breaches since 2009, when OCR first started publishing data...
January 28, 2026 08:00 AM
OSIS Launches Comprehensive Cybersecurity Services for Community Health Centers
To support the successful delivery and continued growth of this expanded service line, OSIS has appointed Joy Snyder as Vice President of...
January 27, 2026 08:00 AM
How a rural health system built a sustainable cybersecurity program | Viewpoint
Across the country, rural and community health systems are under extraordinary pressure. Image credit: Clearwater. Jackie Mattingly.
January 26, 2026 08:00 AM
Lawsuit filed against nonprofit hospital after Cerner hack exposes thousands
Aultman Health System notified its patients of the data breach in December 2025. However, the breach occurred some 11 months earlier.
January 22, 2026 08:00 AM
California health system sued over 2024 breach on health IT vendor TriZetto
A patient of One Community Health in Sacramento has filed a lawsuit claiming the nonprofit health system failed to keep sensitive patient...
December 29, 2025 08:00 AM
CMS Announces $50 Billion in Awards to Strengthen Rural Health in All 50 States
The Centers for Medicare & Medicaid Services announced that all 50 states will receive awards under the Rural Health Transformation Program.
December 29, 2025 08:00 AM
Healthcare Cybersecurity – 2026 Health IT Predictions
As we wrap up another year and get ready for 2026 to begin, it is once again time for everyone's favorite annual tradition of Health IT...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CHS CyberSecurity History Information
Official Website of Community Health Systems
The official website of Community Health Systems is https://www.chs.net/.
Community Health Systems’s AI-Generated Cybersecurity Score
According to Rankiteo, Community Health Systems’s AI-generated cybersecurity score is 671, reflecting their Weak security posture.
How many security badges does Community Health Systems’ have ?
According to Rankiteo, Community Health Systems currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Community Health Systems been affected by any supply chain cyber incidents ?
According to Rankiteo, Community Health Systems has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Community Health Systems have SOC 2 Type 1 certification ?
According to Rankiteo, Community Health Systems is not certified under SOC 2 Type 1.
Does Community Health Systems have SOC 2 Type 2 certification ?
According to Rankiteo, Community Health Systems does not hold a SOC 2 Type 2 certification.
Does Community Health Systems comply with GDPR ?
According to Rankiteo, Community Health Systems is not listed as GDPR compliant.
Does Community Health Systems have PCI DSS certification ?
According to Rankiteo, Community Health Systems does not currently maintain PCI DSS compliance.
Does Community Health Systems comply with HIPAA ?
According to Rankiteo, Community Health Systems is not compliant with HIPAA regulations.
Does Community Health Systems have ISO 27001 certification ?
According to Rankiteo,Community Health Systems is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Community Health Systems
Community Health Systems operates primarily in the Hospitals and Health Care industry.
Number of Employees at Community Health Systems
Community Health Systems employs approximately 24,576 people worldwide.
Subsidiaries Owned by Community Health Systems
Community Health Systems presently has no subsidiaries across any sectors.
Community Health Systems’s LinkedIn Followers
Community Health Systems’s official LinkedIn profile has approximately 106,663 followers.
NAICS Classification of Community Health Systems
Community Health Systems is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Community Health Systems’s Presence on Crunchbase
Yes, Community Health Systems has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/chs-community-health-systems.
Community Health Systems’s Presence on LinkedIn
Yes, Community Health Systems maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/community-health-systems.
Cybersecurity Incidents Involving Community Health Systems
As of March 30, 2026, Rankiteo reports that Community Health Systems has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Community Health Systems has an estimated 32,295 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Community Health Systems ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Cyber Attack and Data Leak.
How does Community Health Systems detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with inform affected individuals and provide identity theft protection services, and communication strategy with notify and offer protection services to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Community Health Systems Due to Zero-Day Vulnerability in Fortra's GoAnywhere MFT
Description: A zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer technology was the focus of a recent round of attacks, affecting up to 1 million patients' personal and health information.
Type: Data Breach
Attack Vector: Zero-Day Vulnerability
Vulnerability Exploited: Zero-Day Vulnerability in Fortra's GoAnywhere MFT
Title: Community Health Systems Data Breach
Description: Community Health Systems (CHS) announced a data compromise, wherein attackers used Fortra's GoAnywhere MFT platform's zero-day vulnerability. Up to 1 million patients were harmed, according to an investigation CHS undertook to see if any of its systems were compromised. The Company now estimates that up to one million people may have been impacted by this assault. This information was compromised by the Fortran breach. All affected people whose information was exposed in the data breach will be notified and offered protection services by the company.
Type: Data Breach
Attack Vector: Zero-day vulnerability
Vulnerability Exploited: Fortra's GoAnywhere MFT platform's zero-day vulnerability
Title: Community Health Systems Data Breach
Description: The California Office of the Attorney General reported that Community Health Systems Professional Services Corporation experienced a data breach due to an external criminal cyber attack confirmed in July 2014. The breach occurred between April 10, 2014, and June 24, 2014, potentially affecting personal information including names, addresses, birthdates, and Social Security numbers of unknown individuals.
Date Detected: July 2014
Type: Data Breach
Attack Vector: External Criminal Cyber Attack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COM21810723
Data Compromised: Personal information, Health information
Identity Theft Risk: High
Incident : Data Breach COM201281023
Data Compromised: Patient information
Incident : Data Breach COM405072925
Data Compromised: Names, Addresses, Birthdates, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Health Information, , Patient information, Names, Addresses, Birthdates, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach COM21810723
Entity Name: Community Health Systems (CHS)
Entity Type: Healthcare
Industry: Healthcare
Customers Affected: 1000000
Incident : Data Breach COM201281023
Entity Name: Community Health Systems
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 1 million
Incident : Data Breach COM405072925
Entity Name: Community Health Systems Professional Services Corporation
Entity Type: Healthcare
Industry: Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COM21810723
Communication Strategy: Inform affected individuals and provide identity theft protection services
Incident : Data Breach COM201281023
Communication Strategy: Notify and offer protection services to affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COM21810723
Type of Data Compromised: Personal information, Health information
Number of Records Exposed: 1000000
Sensitivity of Data: High
Incident : Data Breach COM201281023
Type of Data Compromised: Patient information
Number of Records Exposed: 1 million
Incident : Data Breach COM405072925
Type of Data Compromised: Names, Addresses, Birthdates, Social security numbers
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach COM405072925
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Inform affected individuals and provide identity theft protection services and Notify and offer protection services to affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach COM21810723
Customer Advisories: Provide identity theft protection services and alert affected individuals
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Provide identity theft protection services and alert affected individuals.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on July 2014.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, Health Information, , Patient information, , names, addresses, birthdates, Social Security numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were birthdates, Patient information, addresses, names, Social Security numbers, Personal Information and Health Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Provide identity theft protection services and alert affected individuals.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=community-health-systems' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
