Corewell Health Vendor Cyber Rating & Cyber Score

corewellhealth.org
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,000+ dedicated people—including more than 12,000 physicians and advanced practice providers and more than 15,500 nurses providing care and services in 21 hospitals, 300+ outpatient locations and several post-acute facilities—and Priority Health, a provider-sponsored health plan serving more than 1.3 million members. Through experience and collaboration, we are reimagining a better, more equitable model of health and wellness. For more information, visit corewellhealth.org.

Corewell Health A.I CyberSecurity Scoring

Corewell Health

Company Details

Linkedin ID:

corewell-health

Website:

http://corewellhealth.org

Employees number:

41,961

Number of followers:

66,399

NAICS:

62

Industry Type:

Hospitals and Health Care

Homepage:

corewellhealth.org

IP Addresses:

Scan still pending

Company ID:

COR_1772978

Scan Status:

In-progress

AI scoreCorewell Health Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/corewell-health.jpeg
Corewell Health Hospitals and Health Care
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreCorewell Health Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/corewell-health.jpeg
Corewell Health Hospitals and Health Care
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Corewell Health

Critical
Current Score
512
C (Critical)
01000
5 incidents
-81.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

MARCH 2026
572
Breach
27 Mar 2026 • Corewell Health and Pinnacle Holdings LTD: Thousands of Corewell Health patients affected by security breach
Corewell Health Data Breach Exposes Personal Information of 19,000 Patients

**Corewell Health Data Breach Exposes Personal Information of 19,000 Patients** Corewell Health disclosed a 2024 security breach affecting approximately 19,000 patients, following a notification from Pinnacle Holdings LTD, a Colorado-based vendor that previously provided healthcare consulting services. The compromised data includes sensitive personal and medical information, such as names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, and in some cases, biometric data and digital signatures. Corewell Health completed a review to identify impacted individuals and confirmed that Pinnacle has mailed notification letters to those affected. While no fraudulent activity has been reported, the breach was reported to law enforcement, and the responsible party remains unidentified. Pinnacle has implemented additional security measures and is offering free credit monitoring and identity protection services to affected individuals. This incident follows two major breaches in late 2023, where cyberattacks on Corewell’s vendors Welltok, Inc. and HealthEC LLC exposed the data of over 1 million patients each. The repeated breaches highlight ongoing vulnerabilities in third-party vendor security within the healthcare sector.

512
critical -60
OLECOR1774664850
Incident Details -
Type
Data Breach
Impact
Data Compromised: Sensitive personal and medical information, including names, addresses, Social Security numbers, driver’s license details, dates of birth, medical diagnoses, prescription records, treatment information, biometric data, and digital signatures Identity Theft Risk: High
Response
Law Enforcement Notified: Yes Remediation Measures: Additional security measures implemented by Pinnacle Holdings LTD Communication Strategy: Notification letters mailed to affected individuals
Data Breach
Personal Information Medical Information Number Of Records Exposed: 19,000 Sensitivity Of Data: High Names Addresses Social Security numbers Driver’s license details Dates of birth Biometric data Digital signatures
Lessons Learned
Ongoing vulnerabilities in third-party vendor security within the healthcare sector
Investigation Status
Ongoing
Customer Advisories
Free credit monitoring and identity protection services offered to affected individuals
Post Incident Analysis
Root Causes: Third-party vendor security vulnerabilities Corrective Actions: Additional security measures implemented by Pinnacle Holdings LTD
References
Blog URL Source URL
FEBRUARY 2026
569
JANUARY 2026
565
DECEMBER 2025
561
NOVEMBER 2025
557
OCTOBER 2025
552
SEPTEMBER 2025
548
AUGUST 2025
543
JULY 2025
640
Breach
28 Jul 2025 • Corewell Health and HealthEC LLC: HealthEC $5.48M Data Breach Class Action Settlement
HealthEC Data Breach Settlement Approved: $5.48M Fund for Affected Patients

**HealthEC Data Breach Settlement Approved: $5.48M Fund for Affected Patients** On January 20, 2026, a U.S. court granted final approval to a $5.48 million class action settlement resolving claims against HealthEC LLC and four affiliated healthcare organizations Community Health Care Systems Inc., Corewell Health, MD Valuecare LLC, and Oakwood Accountable Care Organization LLC. The settlement stems from a December 2023 data breach that exposed the personal and protected health information of approximately 1.52 million individuals. **Eligibility and Compensation** Patients whose data was compromised in the breach may qualify for financial compensation or credit monitoring, provided they received a settlement notice by email or mail. The class includes all affected individuals, regardless of whether they experienced identity theft or fraud, with a separate subclass for California residents as of July 14, 2023. Compensation options include: - **Reimbursement for out-of-pocket losses** (e.g., fraud-related expenses, credit freeze costs, or credit monitoring purchases). - **Lost time compensation** (up to 10 hours at $25/hour for those with qualifying losses, or up to 4 hours for those without). - **Alternative cash payments** ($25 for non-California residents, $50 for California residents). - **Three years of free Medical Shield Complete**, a service offering dark web monitoring, credit monitoring, and $1 million in identity theft insurance. If total claims exceed the settlement fund, payments will be reduced proportionally. Conversely, leftover funds may increase payouts. **Claim Process and Deadlines** Eligible individuals can file claims online or by mail, with documentation required for out-of-pocket loss and lost time claims. The deadline to submit claims, request exclusions, or object to the settlement is **November 18, 2025**. Payments will be distributed after final approval and resolution of any appeals, with the first disbursements issued on **March 24, 2026**. **Settlement Fund Allocation** The $5.48 million fund covers: - **$333,250** for settlement administration costs. - **Up to $1.86 million** in attorneys’ fees. - **Undetermined amounts** for attorneys’ expenses and Medical Shield Complete services. - **Up to $2,500 each** for class representatives. - The remaining balance for eligible claimants. **Background** The lawsuit alleged that HealthEC and its co-defendants failed to adequately protect sensitive patient data, leading to the breach. While the defendants denied wrongdoing, they agreed to settle to avoid prolonged litigation. The incident underscores ongoing vulnerabilities in healthcare data security.

538
critical -102
HEACOR1774651954
Incident Details -
Type
Data Breach
Impact
Financial Loss: $5.48 million settlement fund Data Compromised: Personal and protected health information Brand Reputation Impact: Undermined trust in healthcare data security Legal Liabilities: Class action settlement Identity Theft Risk: High (1.52 million individuals affected)
Response
Communication Strategy: Settlement notices sent via email and mail Enhanced Monitoring: Three years of free Medical Shield Complete (dark web monitoring, credit monitoring, and identity theft insurance)
Data Breach
Personal information Protected health information Number Of Records Exposed: 1.52 million Sensitivity Of Data: High Personally Identifiable Information: Yes
Regulatory Compliance
Legal Actions: Class action lawsuit
Lessons Learned
The incident underscores ongoing vulnerabilities in healthcare data security and the importance of adequate data protection measures.
Investigation Status
Settled
Customer Advisories
Settlement notices sent to affected individuals with compensation options and deadlines.
Post Incident Analysis
Root Causes: Alleged failure to adequately protect sensitive patient data
References
Blog URL Source URL
JUNE 2025
637
MAY 2025
634
APRIL 2025
687
NOVEMBER 2024
677
Breach
25 Nov 2024 • Corewell Health, Pinnacle Holdings and LTD: Thousands of Corewell Health patients impacted by 2024 data breach
Corewell Health Data Breach Exposes Personal and Medical Data of 19,000 Patients

**Corewell Health Data Breach Exposes Personal and Medical Data of 19,000 Patients** A data breach at Pinnacle Holdings, LTD a former healthcare consulting provider for Michigan-based Corewell Health has compromised the sensitive information of approximately 19,000 Corewell Health patients. The incident occurred on **November 25, 2024**, when Pinnacle Holdings detected a "network disruption" affecting certain systems. During its investigation, the Colorado-based firm determined that an unauthorized individual may have accessed patient data. Corewell Health was notified of the breach in early 2024 and promptly launched a review to identify affected individuals. Exposed information includes **names, phone numbers, Social Security numbers, driver’s license numbers, dates of birth, health insurance details, prescription information, and service dates**. Pinnacle Holdings stated it has since implemented additional safeguards to prevent future incidents and has begun notifying impacted individuals. As part of the response, affected patients are being offered **free credit monitoring and identity protection services**. The firm reported no evidence of fraudulent activity resulting from the breach. Individuals seeking more information can contact Pinnacle Holdings at **866-686-2607**.

616
critical -61
PINCOR1774758354
Incident Details -
Type
Data Breach
Impact
Data Compromised: Personal and medical data of 19,000 patients Identity Theft Risk: High
Response
Containment Measures: Additional safeguards implemented to prevent future incidents Communication Strategy: Notifying impacted individuals and offering free credit monitoring and identity protection services
Data Breach
Names Phone numbers Social Security numbers Driver’s license numbers Dates of birth Health insurance details Prescription information Service dates Number Of Records Exposed: 19,000 Sensitivity Of Data: High Personally Identifiable Information: Yes
Investigation Status
Ongoing
Customer Advisories
Affected patients are being offered free credit monitoring and identity protection services. Contact Pinnacle Holdings at 866-686-2607 for more information.
References
Blog URL Source URL
JANUARY 2024
713
Breach
01 Jan 2024 • Corewell Health and Pinnacle Holdings: Thousands of Corewell Health patients affected by 2024 vendor data breach
Corewell Health Data Breach Exposes Thousands of Patients’ Sensitive Information

**Corewell Health Data Breach Exposes Thousands of Patients’ Sensitive Information** In early 2024, Corewell Health disclosed a data breach affecting approximately 19,000 patients, stemming from a security incident at its former vendor, Pinnacle Holdings. The consulting firm, which previously provided healthcare services to Corewell, experienced the breach, compromising a range of sensitive data. The exposed information included names, contact details, Social Security numbers, medical records, and insurance information. While Pinnacle Holdings stated it had implemented additional safeguards and found no evidence of fraudulent activity, Corewell Health conducted a review to identify impacted individuals. Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website. The incident highlights ongoing risks in third-party vendor security within the healthcare sector.

652
critical -61
OLECOR1774672026
Incident Details -
Type
Data Breach
Impact
Data Compromised: Names, contact details, Social Security numbers, medical records, and insurance information Identity Theft Risk: High
Response
Containment Measures: Additional safeguards implemented Remediation Measures: Review to identify impacted individuals, notification by mail, free credit monitoring and identity protection services Communication Strategy: Notification by mail, dedicated call center (866-686-2607), support on Pinnacle Holdings’ website
Data Breach
Type Of Data Compromised: Personal and medical information Number Of Records Exposed: 19000 Sensitivity Of Data: High Personally Identifiable Information: Names, contact details, Social Security numbers, medical records, insurance information
Lessons Learned
Highlights ongoing risks in third-party vendor security within the healthcare sector
Customer Advisories
Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website.
References
Blog URL Source URL
NOVEMBER 2023
789
Breach
01 Nov 2023 • Corewell Health
Welltok Data Breach

The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients. The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme. The exposed information includes patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals. The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.

710
critical -79
COR358271123
Incident Details -
Type
Data Breach
Attack Vector
Exploitation of Zero-Day Vulnerability
Vulnerability Exploited
MOVEit Transfer programme
Impact
patient information phone numbers physical addresses email addresses full names health insurance details Medicare/Medicaid ID numbers Social Security numbers (SSNs)
Response
Communication Strategy: Notifying affected individuals
Data Breach
patient information phone numbers physical addresses email addresses full names health insurance details Medicare/Medicaid ID numbers Social Security numbers (SSNs) Number Of Records Exposed: 8.5 million Sensitivity Of Data: High full names phone numbers physical addresses email addresses Medicare/Medicaid ID numbers Social Security numbers (SSNs)
Initial Access Broker
Entry Point: MOVEit Transfer programme
Post Incident Analysis
Root Causes: Zero-day vulnerability in the MOVEit Transfer programme
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Corewell Health is 512, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 569.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 565.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 561.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 557.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 552.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 548.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 543.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 640.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 637.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 634.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 687.

Over the past 12 months, the average per-incident point impact on Corewell Health’s A.I Rankiteo Cyber Score has been -81.0 points.

You can access Corewell Health’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/corewell-health.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Corewell Health’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/corewell-health.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.