Corewell Health
Company Details
Linkedin ID:
corewell-health
Website:
Employees number:
41,961
Number of followers:
66,399
NAICS:
62
Industry Type:
Homepage:
corewellhealth.org
IP Addresses:
0
Company ID:
COR_1772978
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Corewell Health Vendor Cyber Rating & Cyber Score
corewellhealth.orgPeople are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.
Corewell Health A.I CyberSecurity Scoring
Corewell Health Risk Score (AI oriented)Between 0 and 549
Corewell Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Corewell Health Global Score (TPRM)XXXX
Corewell Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Corewell Health Company CyberSecurity News & History
Past Incidents
5
Attack Types
1
Oleen Pinnacle Healthcare Consulting
Pinnacle Healthcare ConsultingCorewell Health and Pinnacle Holdings LTD: Thousands of Corewell Health patients affected by security breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Corewell Health Data Breach Exposes Personal Information of 19,000 Patients Corewell Health disclosed a 2024 security breach affecting approximately 19,000 patients, following a notification from Pinnacle Holdings LTD, a Colorado-based vendor that previously provided healthcare consulting services. The compromised data includes sensitive personal and medical information, such as names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, and in some cases, biometric data and digital signatures. Corewell Health completed a review to identify impacted individuals and confirmed that Pinnacle has mailed notification letters to those affected. While no fraudulent activity has been reported, the breach was reported to law enforcement, and the responsible party remains unidentified. Pinnacle has implemented additional security measures and is offering free credit monitoring and identity protection services to affected individuals. This incident follows two major breaches in late 2023, where cyberattacks on Corewell’s vendors Welltok, Inc. and HealthEC LLC exposed the data of over 1 million patients each. The repeated breaches highlight ongoing vulnerabilities in third-party vendor security within the healthcare sector.
Corewell Health and HealthEC LLC: HealthEC $5.48M Data Breach Class Action Settlement
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: HealthEC Data Breach Settlement Approved: $5.48M Fund for Affected Patients On January 20, 2026, a U.S. court granted final approval to a $5.48 million class action settlement resolving claims against HealthEC LLC and four affiliated healthcare organizations Community Health Care Systems Inc., Corewell Health, MD Valuecare LLC, and Oakwood Accountable Care Organization LLC. The settlement stems from a December 2023 data breach that exposed the personal and protected health information of approximately 1.52 million individuals. Eligibility and Compensation Patients whose data was compromised in the breach may qualify for financial compensation or credit monitoring, provided they received a settlement notice by email or mail. The class includes all affected individuals, regardless of whether they experienced identity theft or fraud, with a separate subclass for California residents as of July 14, 2023. Compensation options include: - Reimbursement for out-of-pocket losses (e.g., fraud-related expenses, credit freeze costs, or credit monitoring purchases). - Lost time compensation (up to 10 hours at $25/hour for those with qualifying losses, or up to 4 hours for those without). - Alternative cash payments ($25 for non-California residents, $50 for California residents). - Three years of free Medical Shield Complete, a service offering dark web monitoring, credit monitoring, and $1 million in identity theft insurance. If total claims exceed the settlement fund, payments will be reduced proportionally. Conversely, leftover funds may increase payouts. Claim Process and Deadlines Eligible individuals can file claims online or by mail, with documentation required for out-of-pocket loss and lost time claims. The deadline to submit claims, request exclusions, or object to the settlement is November 18, 2025. Payments will be distributed after final approval and resolution of any appeals, with the first disbursements issued on March 24, 2026. Settlement Fund Allocation The $5.48 million fund covers: - $333,250 for settlement administration costs. - Up to $1.86 million in attorneys’ fees. - Undetermined amounts for attorneys’ expenses and Medical Shield Complete services. - Up to $2,500 each for class representatives. - The remaining balance for eligible claimants. Background The lawsuit alleged that HealthEC and its co-defendants failed to adequately protect sensitive patient data, leading to the breach. While the defendants denied wrongdoing, they agreed to settle to avoid prolonged litigation. The incident underscores ongoing vulnerabilities in healthcare data security.
Corewell Health, Pinnacle Holdings and LTD: Thousands of Corewell Health patients impacted by 2024 data breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Corewell Health Data Breach Exposes Personal and Medical Data of 19,000 Patients A data breach at Pinnacle Holdings, LTD a former healthcare consulting provider for Michigan-based Corewell Health has compromised the sensitive information of approximately 19,000 Corewell Health patients. The incident occurred on November 25, 2024, when Pinnacle Holdings detected a "network disruption" affecting certain systems. During its investigation, the Colorado-based firm determined that an unauthorized individual may have accessed patient data. Corewell Health was notified of the breach in early 2024 and promptly launched a review to identify affected individuals. Exposed information includes names, phone numbers, Social Security numbers, driver’s license numbers, dates of birth, health insurance details, prescription information, and service dates. Pinnacle Holdings stated it has since implemented additional safeguards to prevent future incidents and has begun notifying impacted individuals. As part of the response, affected patients are being offered free credit monitoring and identity protection services. The firm reported no evidence of fraudulent activity resulting from the breach. Individuals seeking more information can contact Pinnacle Holdings at 866-686-2607.
Corewell Health and Pinnacle Holdings: Thousands of Corewell Health patients affected by 2024 vendor data breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Corewell Health Data Breach Exposes Thousands of Patients’ Sensitive Information In early 2024, Corewell Health disclosed a data breach affecting approximately 19,000 patients, stemming from a security incident at its former vendor, Pinnacle Holdings. The consulting firm, which previously provided healthcare services to Corewell, experienced the breach, compromising a range of sensitive data. The exposed information included names, contact details, Social Security numbers, medical records, and insurance information. While Pinnacle Holdings stated it had implemented additional safeguards and found no evidence of fraudulent activity, Corewell Health conducted a review to identify impacted individuals. Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website. The incident highlights ongoing risks in third-party vendor security within the healthcare sector.
Corewell Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients. The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme. The exposed information includes patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals. The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.
Corewell Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Corewell Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
Corewell Health has 29.58% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Corewell Health has 15.25% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Corewell Health vs Hospitals and Health Care Industry Avg (This Year)
Corewell Health reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Corewell Health (X = Date, Y = Severity)
Corewell Health cyber incidents detection timeline including parent company and subsidiaries
Corewell Health Company Subsidiaries
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.
Loading...
Corewell Health Similar Companies
Mediclinic
Mediclinic Southern Africa is a private hospital group operating in South Africa and Namibia focused on providing acute care, specialist-orientated, multi-disciplinary hospital services and related service offerings. We place science at the heart of our care process by striving to provide evidence-b
Keralty
Anteriormente Organización Sanitas Internacional, Keralty es un grupo empresarial de valor en salud, con más de 40 años de experiencia conformado por empresas de aseguramiento y prestación de servicios de salud y una red propia hospitalaria y asistencial. También forman parte de Keralty institucio
Baylor Scott & White Health
With us by your side, there's no stopping you. It's why we're creating a new kind of healthcare at Baylor Scott & White. And we're just getting started. As the largest not-for-profit health system in the state of Texas, Baylor Scott & White promotes the health and well-being of every individual, fa
Michigan Medicine
Michigan Medicine, based in Ann Arbor, Michigan, is part of one of the world’s leading universities. Michigan Medicine is a premier, highly ranked academic medical center and award-winning health care system with state-of-the-art facilities. Our vision is to create the future of health care throu
IQVIA (NYSE:IQV) is a leading global provider of clinical research services, commercial insights and healthcare intelligence to the life sciences and healthcare industries. IQVIA’s portfolio of solutions are powered by IQVIA Connected Intelligence™ to deliver actionable insights and services built o
Aurora Health Care is proud to be a part of Advocate Health, the third-largest nonprofit integrated health system in the U.S. Advocate Health is the third-largest nonprofit, integrated health system in the United States, created from the combination of Advocate Aurora Health and Atrium Health. Prov
As a world-class academic and health care system, Duke Health strives to transform medicine and health locally and globally through innovative scientific research, rapid translation of breakthrough discoveries, educating future clinical and scientific leaders, advocating and practicing evidence-base
Nationwide Children's Hospital
Nationwide Children’s is one of America's largest pediatric hospitals, an international leader in research and is ranked in all 10 specialties on U.S. News & World Report’s 2025-26 “America’s Best Children’s Hospitals” list. Our staff, comprised of 1,600 medical professionals and over 16,000 employe
Welcome to the official LinkedIn page for McKesson Corporation. We're an impact-driven healthcare organization dedicated to “Advancing Health Outcomes For All.” As a global healthcare company, we touch virtually every aspect of health. Our leaders empower our people to lead with a growth mindset an
.png)
Corewell Health CyberSecurity News
March 10, 2026 06:58 AM
Leading with Empathy and Purpose in Healthcare Leadership
Leading with Empathy and Purpose in Healthcare Leadership By Imana “Mo” Minard, Director of Nursing, Corewell Health - From Frontline Care to Senior...
December 10, 2025 08:00 AM
HealthEC Data Hack Class Seeks OK Of $5.5M Privacy Deal
Over 1.6 million patients affected by HealthEC's cybersecurity attack in 2023 asked a New Jersey magistrate judge for her final stamp of...
October 06, 2025 07:00 AM
Jason Joseph | Notable Leaders in Health Care Technology 2025
Chief Digital and Information Officer Corewell Health. Scope of work: Joseph leads more than 1,900 staff delivering digital solutions at...
August 26, 2025 07:00 AM
Thumb hospital system hacked as cybercriminals move to rural heath care industry
The personal data of nearly 139000 people in Michigan's Thumb has been compromised in a cybersecurity breach at Aspire Rural Health System.
August 12, 2025 07:00 AM
SpartanNash Names Ed Rybicki CIO, Brett Hoffman CISO
They will both be part of the IT department, reporting to EVP and CFO Jason Monaco as part of the company's newly combined finance,...
August 11, 2025 05:29 PM
SpartanNash® Announces New IT Leadership with CIO and CISO Appointments; Jason Monaco Comments
GRAND RAPIDS, MI - Food solutions company SpartanNash® announced the appointment of two new IT leaders, Ed Rybicki as SVP and Chief Information Officer...
August 11, 2025 07:00 AM
SpartanNash Reveals New IT Leadership
Food solutions company SpartanNash has appointed two new IT leaders: Ed Rybicki as SVP and chief information officer (CIO) and Brett Hoffman...
June 17, 2025 07:00 AM
$5.48M Lawsuit Settlement Reached in Software Vendor Hack
A provider of artificial intelligence-enabled hospital cost-cutting software and several of its healthcare clients agreed to $5.48 million...
June 12, 2025 07:00 AM
$5.48 Million Settlement Approved to Resolve HealthEC Data Breach Litigation
A settlement has been agreed to resolve class action data breach litigation against HealthEC and its clients over a 2023 hacking incident and data breach.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Corewell Health CyberSecurity History Information
Official Website of Corewell Health
The official website of Corewell Health is http://corewellhealth.org.
Corewell Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Corewell Health’s AI-generated cybersecurity score is 512, reflecting their Critical security posture.
How many security badges does Corewell Health’ have ?
According to Rankiteo, Corewell Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Corewell Health been affected by any supply chain cyber incidents ?
According to Rankiteo, Corewell Health has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are:
- Oleen Pinnacle Healthcare Consulting (Incident ID: OLECOR1774664850)
- Pinnacle Healthcare Consulting (Incident ID: PINCOR1774758354)
- Oleen Pinnacle Healthcare Consulting (Incident ID: OLECOR1774672026)
Does Corewell Health have SOC 2 Type 1 certification ?
According to Rankiteo, Corewell Health is not certified under SOC 2 Type 1.
Does Corewell Health have SOC 2 Type 2 certification ?
According to Rankiteo, Corewell Health does not hold a SOC 2 Type 2 certification.
Does Corewell Health comply with GDPR ?
According to Rankiteo, Corewell Health is not listed as GDPR compliant.
Does Corewell Health have PCI DSS certification ?
According to Rankiteo, Corewell Health does not currently maintain PCI DSS compliance.
Does Corewell Health comply with HIPAA ?
According to Rankiteo, Corewell Health is not compliant with HIPAA regulations.
Does Corewell Health have ISO 27001 certification ?
According to Rankiteo,Corewell Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Corewell Health
Corewell Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Corewell Health
Corewell Health employs approximately 41,961 people worldwide.
Subsidiaries Owned by Corewell Health
Corewell Health presently has no subsidiaries across any sectors.
Corewell Health’s LinkedIn Followers
Corewell Health’s official LinkedIn profile has approximately 66,399 followers.
NAICS Classification of Corewell Health
Corewell Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Corewell Health’s Presence on Crunchbase
No, Corewell Health does not have a profile on Crunchbase.
Corewell Health’s Presence on LinkedIn
Yes, Corewell Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/corewell-health.
Cybersecurity Incidents Involving Corewell Health
As of March 30, 2026, Rankiteo reports that Corewell Health has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
Corewell Health has an estimated 32,297 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Corewell Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on Corewell Health ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $5.48 million.
How does Corewell Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notifying affected individuals, and communication strategy with settlement notices sent via email and mail, and enhanced monitoring with three years of free medical shield complete (dark web monitoring, credit monitoring, and identity theft insurance), and law enforcement notified with yes, and remediation measures with additional security measures implemented by pinnacle holdings ltd, and communication strategy with notification letters mailed to affected individuals, and containment measures with additional safeguards implemented, and remediation measures with review to identify impacted individuals, notification by mail, free credit monitoring and identity protection services, and communication strategy with notification by mail, dedicated call center (866-686-2607), support on pinnacle holdings’ website, and containment measures with additional safeguards implemented to prevent future incidents, and communication strategy with notifying impacted individuals and offering free credit monitoring and identity protection services..
Incident Details
Can you provide details on each incident ?
Title: Welltok Data Breach
Description: Welltok revealed a data breach affecting around 8.5 million patients due to a zero-day vulnerability in the MOVEit Transfer programme.
Type: Data Breach
Attack Vector: Exploitation of Zero-Day Vulnerability
Vulnerability Exploited: MOVEit Transfer programme
Title: HealthEC Data Breach Settlement Approved: $5.48M Fund for Affected Patients
Description: A U.S. court granted final approval to a $5.48 million class action settlement resolving claims against HealthEC LLC and four affiliated healthcare organizations due to a December 2023 data breach that exposed the personal and protected health information of approximately 1.52 million individuals.
Date Detected: 2023-12-01
Date Publicly Disclosed: 2026-01-20
Date Resolved: 2026-03-24
Type: Data Breach
Title: Corewell Health Data Breach Exposes Personal Information of 19,000 Patients
Description: Corewell Health disclosed a 2024 security breach affecting approximately 19,000 patients, following a notification from Pinnacle Holdings LTD, a Colorado-based vendor that previously provided healthcare consulting services. The compromised data includes sensitive personal and medical information, such as names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, and in some cases, biometric data and digital signatures.
Date Detected: 2024
Date Publicly Disclosed: 2024
Type: Data Breach
Title: Corewell Health Data Breach Exposes Thousands of Patients’ Sensitive Information
Description: In early 2024, Corewell Health disclosed a data breach affecting approximately 19,000 patients, stemming from a security incident at its former vendor, Pinnacle Holdings. The consulting firm, which previously provided healthcare services to Corewell, experienced the breach, compromising a range of sensitive data. The exposed information included names, contact details, Social Security numbers, medical records, and insurance information. While Pinnacle Holdings stated it had implemented additional safeguards and found no evidence of fraudulent activity, Corewell Health conducted a review to identify impacted individuals. Affected patients were notified by mail and offered free credit monitoring and identity protection services.
Date Publicly Disclosed: 2024-early
Type: Data Breach
Title: Corewell Health Data Breach Exposes Personal and Medical Data of 19,000 Patients
Description: A data breach at Pinnacle Holdings, LTD, a former healthcare consulting provider for Michigan-based Corewell Health, has compromised the sensitive information of approximately 19,000 Corewell Health patients. The incident occurred when Pinnacle Holdings detected a 'network disruption' affecting certain systems. An unauthorized individual may have accessed patient data, including names, phone numbers, Social Security numbers, driver’s license numbers, dates of birth, health insurance details, prescription information, and service dates.
Date Detected: 2024-11-25
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through MOVEit Transfer programme.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COR358271123
Data Compromised: Patient information, Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
Incident : Data Breach HEACOR1774651954
Financial Loss: $5.48 million settlement fund
Data Compromised: Personal and protected health information
Brand Reputation Impact: Undermined trust in healthcare data security
Legal Liabilities: Class action settlement
Identity Theft Risk: High (1.52 million individuals affected)
Incident : Data Breach OLECOR1774664850
Data Compromised: Sensitive personal and medical information, including names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, biometric data, and digital signatures
Identity Theft Risk: High
Incident : Data Breach OLECOR1774672026
Data Compromised: Names, contact details, Social Security numbers, medical records, and insurance information
Identity Theft Risk: High
Incident : Data Breach PINCOR1774758354
Data Compromised: Personal and medical data of 19,000 patients
Identity Theft Risk: High
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $1.10 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Information, Phone Numbers, Physical Addresses, Email Addresses, Full Names, Health Insurance Details, Medicare/Medicaid Id Numbers, Social Security Numbers (Ssns), , Personal Information, Protected Health Information, , Personal Information, Medical Information, , Personal and medical information, Names, Phone Numbers, Social Security Numbers, Driver’S License Numbers, Dates Of Birth, Health Insurance Details, Prescription Information, Service Dates and .
Which entities were affected by each incident ?
Incident : Data Breach COR358271123
Entity Name: Welltok
Entity Type: Healthcare Services
Industry: Healthcare
Customers Affected: 8.5 million
Incident : Data Breach COR358271123
Entity Name: Asuris Northwest Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: BridgeSpan Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Minnesota
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Alabama
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of Kansas
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Blue Cross and Blue Shield of North Carolina
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Corewell Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Faith Regional Health Services
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Mass General
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Brigham Health Plan
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Priority Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueCross BlueShield of Oregon
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueShield
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence BlueCross BlueShield of Utah
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Regence Blue Shield of Idaho
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: St. Bernards Healthcare
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach COR358271123
Entity Name: Sutter Health
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach HEACOR1774651954
Entity Name: HealthEC LLC
Entity Type: Healthcare Technology
Industry: Healthcare
Location: United States
Customers Affected: 1.52 million individuals
Incident : Data Breach HEACOR1774651954
Entity Name: Community Health Care Systems Inc.
Entity Type: Healthcare Organization
Industry: Healthcare
Location: United States
Customers Affected: 1.52 million individuals
Incident : Data Breach HEACOR1774651954
Entity Name: Corewell Health
Entity Type: Healthcare Organization
Industry: Healthcare
Location: United States
Customers Affected: 1.52 million individuals
Incident : Data Breach HEACOR1774651954
Entity Name: MD Valuecare LLC
Entity Type: Healthcare Organization
Industry: Healthcare
Location: United States
Customers Affected: 1.52 million individuals
Incident : Data Breach HEACOR1774651954
Entity Name: Oakwood Accountable Care Organization LLC
Entity Type: Healthcare Organization
Industry: Healthcare
Location: United States
Customers Affected: 1.52 million individuals
Incident : Data Breach OLECOR1774664850
Entity Name: Corewell Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: United States
Customers Affected: 19,000
Incident : Data Breach OLECOR1774664850
Entity Name: Pinnacle Holdings LTD
Entity Type: Vendor
Industry: Healthcare Consulting
Location: Colorado, United States
Incident : Data Breach OLECOR1774672026
Entity Name: Corewell Health
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 19000
Incident : Data Breach OLECOR1774672026
Entity Name: Pinnacle Holdings
Entity Type: Vendor/Consulting Firm
Industry: Healthcare Services
Incident : Data Breach PINCOR1774758354
Entity Name: Corewell Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Michigan, USA
Customers Affected: 19,000
Incident : Data Breach PINCOR1774758354
Entity Name: Pinnacle Holdings, LTD
Entity Type: Healthcare Consulting Provider
Industry: Healthcare Consulting
Location: Colorado, USA
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COR358271123
Communication Strategy: Notifying affected individuals
Incident : Data Breach HEACOR1774651954
Communication Strategy: Settlement notices sent via email and mail
Enhanced Monitoring: Three years of free Medical Shield Complete (dark web monitoring, credit monitoring, and identity theft insurance)
Incident : Data Breach OLECOR1774664850
Law Enforcement Notified: Yes
Remediation Measures: Additional security measures implemented by Pinnacle Holdings LTD
Communication Strategy: Notification letters mailed to affected individuals
Incident : Data Breach OLECOR1774672026
Containment Measures: Additional safeguards implemented
Remediation Measures: Review to identify impacted individuals, notification by mail, free credit monitoring and identity protection services
Communication Strategy: Notification by mail, dedicated call center (866-686-2607), support on Pinnacle Holdings’ website
Incident : Data Breach PINCOR1774758354
Containment Measures: Additional safeguards implemented to prevent future incidents
Communication Strategy: Notifying impacted individuals and offering free credit monitoring and identity protection services
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COR358271123
Type of Data Compromised: Patient information, Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
Number of Records Exposed: 8.5 million
Sensitivity of Data: High
Personally Identifiable Information: full namesphone numbersphysical addressesemail addressesMedicare/Medicaid ID numbersSocial Security numbers (SSNs)
Incident : Data Breach HEACOR1774651954
Type of Data Compromised: Personal information, Protected health information
Number of Records Exposed: 1.52 million
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach OLECOR1774664850
Type of Data Compromised: Personal information, Medical information
Number of Records Exposed: 19,000
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesSocial Security numbersDriver’s license detailsDates of birthBiometric dataDigital signatures
Incident : Data Breach OLECOR1774672026
Type of Data Compromised: Personal and medical information
Number of Records Exposed: 19000
Sensitivity of Data: High
Personally Identifiable Information: Names, contact details, Social Security numbers, medical records, insurance information
Incident : Data Breach PINCOR1774758354
Type of Data Compromised: Names, Phone numbers, Social security numbers, Driver’s license numbers, Dates of birth, Health insurance details, Prescription information, Service dates
Number of Records Exposed: 19,000
Sensitivity of Data: High
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Additional security measures implemented by Pinnacle Holdings LTD, Review to identify impacted individuals, notification by mail, free credit monitoring and identity protection services.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by additional safeguards implemented and additional safeguards implemented to prevent future incidents.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach HEACOR1774651954
Legal Actions: Class action lawsuit
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach HEACOR1774651954
Lessons Learned: The incident underscores ongoing vulnerabilities in healthcare data security and the importance of adequate data protection measures.
Incident : Data Breach OLECOR1774664850
Lessons Learned: Ongoing vulnerabilities in third-party vendor security within the healthcare sector
Incident : Data Breach OLECOR1774672026
Lessons Learned: Highlights ongoing risks in third-party vendor security within the healthcare sector
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The incident underscores ongoing vulnerabilities in healthcare data security and the importance of adequate data protection measures.Ongoing vulnerabilities in third-party vendor security within the healthcare sectorHighlights ongoing risks in third-party vendor security within the healthcare sector.
References
Where can I find more information about each incident ?
Incident : Data Breach OLECOR1774664850
Source: Corewell Health Disclosure
Incident : Data Breach OLECOR1774672026
Source: Corewell Health Disclosure
Incident : Data Breach PINCOR1774758354
Source: Incident Report
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Court settlement approvalDate Accessed: 2026-01-20, and Source: Corewell Health Disclosure, and Source: Corewell Health Disclosure, and Source: Incident Report.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach HEACOR1774651954
Investigation Status: Settled
Incident : Data Breach OLECOR1774664850
Investigation Status: Ongoing
Incident : Data Breach PINCOR1774758354
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifying affected individuals, Settlement notices sent via email and mail, Notification letters mailed to affected individuals, Notification by mail, dedicated call center (866-686-2607), support on Pinnacle Holdings’ website and Notifying impacted individuals and offering free credit monitoring and identity protection services.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach HEACOR1774651954
Customer Advisories: Settlement notices sent to affected individuals with compensation options and deadlines.
Incident : Data Breach OLECOR1774664850
Customer Advisories: Free credit monitoring and identity protection services offered to affected individuals
Incident : Data Breach OLECOR1774672026
Customer Advisories: Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website.
Incident : Data Breach PINCOR1774758354
Customer Advisories: Affected patients are being offered free credit monitoring and identity protection services. Contact Pinnacle Holdings at 866-686-2607 for more information.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Settlement notices sent to affected individuals with compensation options and deadlines., Free credit monitoring and identity protection services offered to affected individuals, Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website. and Affected patients are being offered free credit monitoring and identity protection services. Contact Pinnacle Holdings at 866-686-2607 for more information..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COR358271123
Entry Point: MOVEit Transfer programme
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach COR358271123
Root Causes: Zero-day vulnerability in the MOVEit Transfer programme
Incident : Data Breach HEACOR1774651954
Root Causes: Alleged failure to adequately protect sensitive patient data
Incident : Data Breach OLECOR1774664850
Root Causes: Third-party vendor security vulnerabilities
Corrective Actions: Additional security measures implemented by Pinnacle Holdings LTD
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Three years of free Medical Shield Complete (dark web monitoring, credit monitoring, and identity theft insurance).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Additional security measures implemented by Pinnacle Holdings LTD.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-12-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-early.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2026-03-24.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $5.48 million settlement fund.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient information, phone numbers, physical addresses, email addresses, full names, health insurance details, Medicare/Medicaid ID numbers, Social Security numbers (SSNs), , Personal and protected health information, Sensitive personal and medical information, including names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, biometric data, and digital signatures, Names, contact details, Social Security numbers, medical records, and insurance information, Personal and medical data of 19 and000 patients.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Additional safeguards implemented and Additional safeguards implemented to prevent future incidents.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Medicare/Medicaid ID numbers, full names, phone numbers, patient information, physical addresses, email addresses, Sensitive personal and medical information, including names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, biometric data, and digital signatures, Names, contact details, Social Security numbers, medical records, and insurance information, Personal and medical data of 19,000 patients, health insurance details, Personal and protected health information and Social Security numbers (SSNs).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 10.1M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The incident underscores ongoing vulnerabilities in healthcare data security and the importance of adequate data protection measures., Ongoing vulnerabilities in third-party vendor security within the healthcare sector, Highlights ongoing risks in third-party vendor security within the healthcare sector.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Incident Report, Court settlement approval and Corewell Health Disclosure.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Settled.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Settlement notices sent to affected individuals with compensation options and deadlines., Free credit monitoring and identity protection services offered to affected individuals, Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website. and Affected patients are being offered free credit monitoring and identity protection services. Contact Pinnacle Holdings at 866-686-2607 for more information.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an MOVEit Transfer programme.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Zero-day vulnerability in the MOVEit Transfer programme, Alleged failure to adequately protect sensitive patient data, Third-party vendor security vulnerabilities.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Additional security measures implemented by Pinnacle Holdings LTD.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
References
- https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
- https://lists.security.metacpan.org/cve-announce/msg/37638919/
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
- https://metacpan.org/release/SHAY/perl-5.40.4/changes
- https://metacpan.org/release/SHAY/perl-5.42.2/changes
- https://www.cve.org/CVERecord?id=CVE-2026-3381
Description
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.
Risk Information
cvss3
Base: 8.3
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=corewell-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
