Dignity Health
Company Details
Linkedin ID:
dignity-health
Employees number:
31,720
Number of followers:
196,602
NAICS:
62
Industry Type:
Homepage:
commonspirit.careers
IP Addresses:
0
Company ID:
DIG_1201386
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Dignity Health Vendor Cyber Rating & Cyber Score
commonspirit.careersWe provide quality, compassionate health care at more than 40 hospitals and care centers that are serving communities across California, Arizona and Nevada every minute of every day. And while not everyone may live near a major medical facility, Dignity Health is making health care more accessible by bringing resources closer to where people live and work. In urban and rural communities alike, residents of all ages and backgrounds have access to primary care, preventive treatment, clinical support, chronic disease management, trauma services, and a host of medical and therapeutic specializations. With several different ways to activate your search, let us help you to quickly and easily find an affordable, quality medical facility located close to where you need it, when you need it.
Dignity Health A.I CyberSecurity Scoring
Dignity Health Risk Score (AI oriented)Between 700 and 749
Dignity Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Dignity Health Global Score (TPRM)XXXX
Dignity Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Dignity Health Company CyberSecurity News & History
Past Incidents
15
Attack Types
5
Pinnacle Healthcare ConsultingSt. Joseph Health: Brazos County's Emergency Alert Notification System Is Dealing With A Data Breach - WTAW
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: Registered Nurses at St. Joseph Regional Hospitals Vote to Unionize Registered nurses (RNs) across five St. Joseph Health system hospitals in Texas Bryan, College Station, Navasota, Madisonville, and Caldwell have voted to unionize under the National Nurses Organizing Committee/National Nurses United (NNOC/NNU). The December 9–10, 2025 election, overseen by the National Labor Relations Board (NLRB), resulted in a 326–272 decision in favor of unionization, with 40 challenged ballots and one voided vote. A total of 781 nurses were eligible to participate. The vote applies to full-time, part-time, and per diem RNs in various roles, including clinical educators, flight nurses, and specialty care coordinators. This marks the 33rd hospital under CommonSpirit Health, St. Joseph’s parent company, to join NNOC/NNU, which already represents over 17,000 nurses across the system. Nurses cited patient safety, staffing concerns, and retention challenges as key reasons for unionizing. Tara Cassell, an RN in labor and delivery, stated that the decision was driven by a need to advocate for better patient care and ensure nurses’ voices are heard in decision-making. Katie Oberhelman, a medical unit RN, emphasized the importance of safe staffing levels and protections against workplace violence. CommonSpirit Health, one of the largest Catholic healthcare systems in the U.S., reported $1.1 billion in profits last year, with its former and current CEOs earning a combined $36.6 million in 2024. Nurses argue that the system has the resources to address their concerns but has prioritized profits over patient care. The hospital issued a statement acknowledging the preliminary results, expressing gratitude to its nurses, and reaffirming its commitment to patient-centered care. The NLRB will now certify the vote, after which nurses will elect a bargaining team to negotiate their first contract. NNOC/NNU also represents nurses at three other Texas hospitals, including Ascension Seton Medical Center in Austin, which ratified its first union contract last year.
CommonSpirit Health and Northgauge Healthcare Advisors: CommonSpirit Health Data Breach Lawsuit Investigation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CommonSpirit Health Vendor Breach Exposes Data of Nearly 20,000 Washington Residents A ransomware attack on Pinnacle Holdings, LTD, a healthcare consulting vendor, has led to the exposure of sensitive personal data linked to CommonSpirit Health, one of the largest nonprofit health systems in the U.S. The incident, discovered on November 25, 2024, involved unauthorized access to Pinnacle’s network between November 11 and November 25, 2024, during which a threat actor copied personally identifiable information (PII). Pinnacle, which provides services to Northgauge Healthcare Advisors a contractor for CommonSpirit Health isolated its systems and launched an investigation following the breach. However, delays in notification meant that Northgauge was only informed in November 2025, with impacted individuals not identified until January 30, 2026. CommonSpirit Health was notified of affected Washington residents on February 2, 2026. The exposed data includes names, full dates of birth, medical information, and other unspecified details. The breach was reported to the Washington Attorney General, with 19,027 state residents confirmed as affected. CommonSpirit Health has since posted a notice on its website regarding the incident. The law firm Shamis & Gentile P.A. is investigating potential compensation for those impacted, citing eligibility for damages related to the exposure of personal data. The breach highlights risks associated with third-party vendors in healthcare cybersecurity.
Dignity Health (St. Rose Dominican Hospital, Rosa de Lima Campus)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: An unauthorized third party accessed the personal identifying information (PII) and protected health information (PHI) of patients at Dignity Health’s St. Rose Dominican Hospital (Rosa de Lima Campus). The compromised data included names, contact details, Social Security numbers, dates of birth, clinical/diagnosis records, medical account numbers, and service locations. The breach, disclosed around March 2024, led to a $675,000 class-action settlement to cover identity theft risks, fraudulent transactions, falsified tax returns, and unauthorized medical claims. Patients were offered credit monitoring, medical identity-theft protection, and reimbursements up to $2,500 for extraordinary losses. The incident exposed victims to financial fraud, medical identity theft, and reputational harm, with potential long-term consequences for affected individuals. The breach was attributed to a cybersecurity failure allowing external access to sensitive records.
CommonSpirit Health
Cyber Attack
Rankiteo Explanation
Attack that could injure or kill people
Description: CommonSpirit, the second-largest nonprofit hospital chain in the U.S., suffered a cybersecurity incident that disrupted medical services across the country. The attack caused certain IT systems including electronic health records and other systems to go offline which resulted in rescheduling some patient appointments.
CHI Health
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: CHI Health locations in Omaha suffered an IT security incident that affected its electronic health records and other systems. CHI had to take some information technology systems offline as a precautionary measure.
St. Luke's Health
Ransomware
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: The parent company of St. Luke's was the victim of a ransomware attack that affected the company's facilities in 22 states. Vital digital records have been replaced by slow, unfamiliar, and occasionally incomplete paper records as a result of the ransomware attack, which has caused a "internal calamity." CommonSpirit Health stated, "We are taking steps to alleviate the disruption and maintain continuity of service. Patient care is our first concern. We apologise for any inconvenience.
CommonSpirit Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CommonSpirit Health is now facing a class action lawsuit because of the cyberattacks that it faced in 2022. The lawsuit was initiated because the attacks impacted facilities across one of the largest nonprofit healthcare systems in the US. Back in the last year, CommonSpirit began reporting IT outages, EHR downtime, and appointment cancellations in early October, later confirming that these disruptions were caused by attacks. The latest lawsuit alleges that CommonSpirit lost control of highly sensitive information as a result of the breach and suggested that the health system has not been forthcoming about the breach. It was also alleged that the number of actual victims of the Data Breach may be much higher to approx twenty million individuals. The plaintiffs are seeking reimbursement for out-of-pocket costs, credit monitoring services, and improvements to CommonSpirit’s data security systems.
CHI
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: CHI Health locations in Omaha experienced an IT security incident that affected electronic health records and other systems of the organization. After that, some information technology systems have been taken offline as a precautionary measure for the organization notified. All CHI Health facilities in Omaha including Lakeside Hospital, Creighton University Medical Center-Bergan Mercy, and Immanuel Medical Center have been impacted. The organization also stated that their facilities are following existing protocols for system outages and taking steps to minimize the disruption.
St. Joseph's Medical Center
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported that Dignity Health St. Joseph's Medical Center experienced a data breach involving limited patient information due to mislaid hard drives discovered on August 9, 2018. The breach was reported on August 31, 2018, affecting an unknown number of individuals, and involved demographic and clinical information but not financial data or social security numbers.
Dignity Health
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving Dignity Health - Mercy San Juan Medical Center on November 13, 2017. From September 8 to 12, 2017, a software error in the Employee Self Service system exposed employee names, employee ID numbers, and Social Security Numbers to other internal staff. The total number of individuals affected is unknown.
Dignity Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Dominican Hospital, part of Dignity Health, accedentially suffered from a data breach incident in August 2016. The attack compromised the name, account number, admission date, length of stay, total charges, unit they were seen in, room number they were seen in, and insurance carrier name. The health plan that received the transmission has been cooperating with the hospital and expected to provide an attestation that the errant data was destroyed. Dominican Hospital took action and provided traning sessions to their staff and took disciplinary action.
Dominican Hospital
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On July 28, 2016, Dominican Hospital, a healthcare facility under the jurisdiction of the California Office of the Attorney General, suffered a data breach involving the unauthorized transmission of a Microsoft Excel workbook via secured email. The file was sent to a local health plan but inadvertently included patient information for individuals not affiliated with the plan. The exposed data comprised sensitive details such as names, account numbers, and medical records, though Social Security numbers were not compromised. The breach raised concerns over patient privacy violations and potential misuse of medical data, which could lead to identity theft, targeted phishing, or fraudulent medical claims. While the exact number of affected individuals remains undisclosed (marked as 'UNKN'), the incident underscored vulnerabilities in data-sharing protocols between healthcare providers and third-party entities. The exposure of medical information a highly regulated and sensitive data category poses long-term risks, including reputational damage to the hospital and erosion of patient trust. Regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) likely followed, given the nature of the compromised data.
Dignity Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On June 9, 2016, Dignity Health reported a data breach involving patient information accessed inappropriately by a case manager employed by their business partner, naviHealth, from June 2015 to May 2016. The breach potentially affected various personal and clinical information of patients, including names, social security numbers, and health insurance details. Dignity Health is offering 12 months of free credit monitoring to affected individuals.
St. Joseph Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving St. Joseph Health on March 3, 2014. The breach occurred on February 18, 2014, when an employee accidentally sent a Microsoft Excel file containing identifiable patient information to Cain Brothers, affecting an unspecified number of individuals. The disclosed information included names, patient codes, and other patient-related details, but did not involve social security numbers or financial data.
St. Joseph Health System
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving St. Joseph Health System on February 5, 2014. The breach occurred between December 16 and December 18, 2013, allowing unauthorized access to a server, potentially affecting patient and employee records, although the exact number of individuals affected is unknown. This breach could have significant implications for the privacy and security of personal information, including the potential leak of sensitive health data. The incident highlights the importance of robust cybersecurity measures to protect sensitive information in healthcare settings.
Dignity Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Dignity Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Dignity Health in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Dignity Health in 2026.
Incident Types Dignity Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Dignity Health in 2026.
Incident History — Dignity Health (X = Date, Y = Severity)
Dignity Health cyber incidents detection timeline including parent company and subsidiaries
Dignity Health Company Subsidiaries
We provide quality, compassionate health care at more than 40 hospitals and care centers that are serving communities across California, Arizona and Nevada every minute of every day. And while not everyone may live near a major medical facility, Dignity Health is making health care more accessible by bringing resources closer to where people live and work. In urban and rural communities alike, residents of all ages and backgrounds have access to primary care, preventive treatment, clinical support, chronic disease management, trauma services, and a host of medical and therapeutic specializations. With several different ways to activate your search, let us help you to quickly and easily find an affordable, quality medical facility located close to where you need it, when you need it.
Loading...
Dignity Health Similar Companies
Prisma Health is the largest not-for-profit health organization in South Carolina, serving more than 1.2 million patients annually. Our facilities in the Greenville and Columbia surrounding markets are dedicated to improving the health of all South Carolinians through improved clinical quality, acce
The people of Memorial Sloan Kettering Cancer Center (MSK) are united by a singular mission: ending cancer for life. Our specialized care teams provide personalized, compassionate, expert care to patients of all ages. Informed by basic research done at our Sloan Kettering Institute, scientists acros
Guided by the needs of our patients and their families, Massachusetts General Hospital aims to deliver the very best health care in a safe, compassionate environment; to advance that care through innovative research and education; and, to improve the health and well-being of the diverse communitie
WellSpan Health
WellSpan Health’s vision is to reimagine healthcare through the delivery of comprehensive, equitable health and wellness solutions throughout our continuum of care. As an integrated delivery system focused on leading in value-based care, we encompass more than 2,500 employed providers, more than 250
Hospital Sisters Health System
Since 1875, the Hospital Sisters of St. Francis have been caring for patients in Illinois, Wisconsin and other locations in the United States and across the world. Today, Hospital Sisters Health System (HSHS) is a multi-institutional health care system that cares for patients in 14 communities in Il
Health Care Service Corporation
Health Care Service Corporation serves nearly 23 million people across the United States through its portfolio of health benefit solutions. HCSC provides health coverage options for employers large and small, individuals and families, and Medicare and Medicaid plans. HCSC also offers related health
R1 RCM
R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise
Mount Sinai Health System
The Mount Sinai Health System is an integrated health system committed to providing distinguished care, conducting transformative research, and advancing biomedical education. Structured around seven hospital campuses and a single medical school, the Health System has an extensive ambulatory netwo
EsSalud
El Seguro Social de Salud, EsSalud, es un organismo público descentralizado, con personería jurídica de derecho público interno, adscrito al Sector Trabajo y Promoción Social. Tiene por finalidad dar cobertura a los asegurados y sus derechohabientes, a través del otorgamiento de prestaciones de pre
.png)
Dignity Health CyberSecurity News
March 13, 2026 07:00 AM
Dignity Health Sports Park and LA Galaxy Help Empower 5,000+ Girls During 5th Annual Girls Empowerment Day
NORTHAMPTON, MA / ACCESS Newswire / March 13, 2026 / On Friday, March 6, 2026, AEG's Dignity Health Sports Park and LA Galaxy hosted their...
March 12, 2026 07:00 AM
Dignity Health completes $17M renovation in Stockton
Dignity Health has completed a $17 million renovation of its pediatric unit at St. Joseph's Medical Center in Stockton.
March 03, 2026 08:00 AM
Bakersfield Job Fest 2026 at the Dignity Health Convention Center
The media could not be loaded, either because the server or network failed or because the format is not supported. Error Code: 400-4.
February 26, 2026 08:00 AM
Trends In Healthcare Data Breach Statistics
Our healthcare data breach statistics clearly show an upward trend in data breaches since 2009, when OCR first started publishing data...
February 10, 2026 08:00 AM
Cybersecurity group identifies person behind Manage My Health hack
The International Online Crime Coordination Centre has been tracking the hacker following the breach.
February 09, 2026 08:00 AM
California Hospital Association CEO plans to retire, and more | MED MOVES
Dignity Health names a new market president, and other leaders take on new roles.
January 28, 2026 08:00 AM
HIPAA Violation Cases - Updated 2026
MMG Fusion. MMG Fusion, a provider of software solutions to oral healthcare providers, was investigated by OCR in response to a complaint...
January 22, 2026 08:00 AM
UAE’s new Child Digital Safety Law now makes parents legally responsible for children’s online activity
Discover how the UAE's new Child Digital Safety Law places legal responsibility on parents to monitor their children's online activities.
November 03, 2025 08:00 AM
Trinity Health adds service line administrator
Trinity Health has announced the addition of Greg Toepfer as Service Line administrator, bringing more than 12 years of healthcare...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Dignity Health CyberSecurity History Information
Official Website of Dignity Health
The official website of Dignity Health is https://www.commonspirit.careers/.
Dignity Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Dignity Health’s AI-generated cybersecurity score is 736, reflecting their Moderate security posture.
How many security badges does Dignity Health’ have ?
According to Rankiteo, Dignity Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Dignity Health been affected by any supply chain cyber incidents ?
According to Rankiteo, Dignity Health has been affected by a supply chain cyber incident involving Pinnacle Healthcare Consulting, with the incident ID COMPIN1773247957.
Does Dignity Health have SOC 2 Type 1 certification ?
According to Rankiteo, Dignity Health is not certified under SOC 2 Type 1.
Does Dignity Health have SOC 2 Type 2 certification ?
According to Rankiteo, Dignity Health does not hold a SOC 2 Type 2 certification.
Does Dignity Health comply with GDPR ?
According to Rankiteo, Dignity Health is not listed as GDPR compliant.
Does Dignity Health have PCI DSS certification ?
According to Rankiteo, Dignity Health does not currently maintain PCI DSS compliance.
Does Dignity Health comply with HIPAA ?
According to Rankiteo, Dignity Health is not compliant with HIPAA regulations.
Does Dignity Health have ISO 27001 certification ?
According to Rankiteo,Dignity Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Dignity Health
Dignity Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Dignity Health
Dignity Health employs approximately 31,720 people worldwide.
Subsidiaries Owned by Dignity Health
Dignity Health presently has no subsidiaries across any sectors.
Dignity Health’s LinkedIn Followers
Dignity Health’s official LinkedIn profile has approximately 196,602 followers.
NAICS Classification of Dignity Health
Dignity Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Dignity Health’s Presence on Crunchbase
No, Dignity Health does not have a profile on Crunchbase.
Dignity Health’s Presence on LinkedIn
Yes, Dignity Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dignity-health.
Cybersecurity Incidents Involving Dignity Health
As of March 30, 2026, Rankiteo reports that Dignity Health has experienced 15 cybersecurity incidents.
Number of Peer and Competitor Companies
Dignity Health has an estimated 32,295 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Dignity Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Vulnerability, Cyber Attack, Data Leak and Ransomware.
What was the total financial impact of these incidents on Dignity Health ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Dignity Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with provided training sessions to staff, remediation measures with took disciplinary action, and communication strategy with public statement acknowledging the incident and apologizing for inconvenience, and containment measures with taking some it systems offline, and containment measures with systems taken offline, and remediation measures with offering 12 months of free credit monitoring to affected individuals, and remediation measures with class action settlement, remediation measures with credit/medical monitoring services for affected individuals, and communication strategy with written notifications to affected patients (march 2024), communication strategy with settlement claims process with deadlines, and communication strategy with statements released by st. joseph health and texas afl-cio, and containment measures with isolated systems, and communication strategy with posted notice on commonspirit health website, reported to washington attorney general..
Incident Details
Can you provide details on each incident ?
Title: Dominican Hospital Data Breach
Description: Dominican Hospital, part of Dignity Health, accidentally suffered from a data breach incident in August 2016. The attack compromised the name, account number, admission date, length of stay, total charges, unit they were seen in, room number they were seen in, and insurance carrier name. The health plan that received the transmission has been cooperating with the hospital and is expected to provide an attestation that the errant data was destroyed. Dominican Hospital took action and provided training sessions to their staff and took disciplinary action.
Date Detected: August 2016
Type: Data Breach
Title: Ransomware Attack on CommonSpirit Health
Description: The parent company of St. Luke's was the victim of a ransomware attack that affected the company's facilities in 22 states. Vital digital records have been replaced by slow, unfamiliar, and occasionally incomplete paper records as a result of the ransomware attack, which has caused a 'internal calamity.' CommonSpirit Health stated, 'We are taking steps to alleviate the disruption and maintain continuity of service. Patient care is our first concern. We apologise for any inconvenience.'
Type: Ransomware Attack
Motivation: Financial
Title: CHI Health IT Security Incident
Description: CHI Health locations in Omaha suffered an IT security incident that affected its electronic health records and other systems. CHI had to take some information technology systems offline as a precautionary measure.
Type: IT Security Incident
Title: Cybersecurity Incident at CommonSpirit
Description: CommonSpirit, the second-largest nonprofit hospital chain in the U.S., suffered a cybersecurity incident that disrupted medical services across the country. The attack caused certain IT systems including electronic health records and other systems to go offline which resulted in rescheduling some patient appointments.
Type: Cyber Attack
Title: CommonSpirit Health Cyberattacks
Description: CommonSpirit Health faced cyberattacks in 2022 that impacted facilities across one of the largest nonprofit healthcare systems in the US. The attacks resulted in IT outages, EHR downtime, and appointment cancellations. A class action lawsuit has been initiated alleging that the health system lost control of highly sensitive information and has not been forthcoming about the breach.
Date Detected: 2022-10
Type: Cyberattack
Title: IT Security Incident at CHI Health
Description: CHI Health locations in Omaha experienced an IT security incident that affected electronic health records and other systems of the organization. Some information technology systems have been taken offline as a precautionary measure. All CHI Health facilities in Omaha including Lakeside Hospital, Creighton University Medical Center-Bergan Mercy, and Immanuel Medical Center have been impacted. The organization is following existing protocols for system outages and taking steps to minimize the disruption.
Type: IT Security Incident
Title: St. Joseph Health System Data Breach
Description: The California Office of the Attorney General reported a data breach involving St. Joseph Health System on February 5, 2014. The breach occurred between December 16 and December 18, 2013, allowing unauthorized access to a server, potentially affecting patient and employee records, although the exact number of individuals affected is unknown.
Date Detected: 2013-12-16
Date Publicly Disclosed: 2014-02-05
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Data Breach at Dignity Health - Mercy San Juan Medical Center
Description: A software error in the Employee Self Service system exposed employee names, employee ID numbers, and Social Security Numbers to other internal staff.
Date Detected: 2017-09-08
Date Publicly Disclosed: 2017-11-13
Type: Data Breach
Attack Vector: Software Error
Vulnerability Exploited: Employee Self Service system
Title: St. Joseph Health Data Breach
Description: An employee accidentally sent a Microsoft Excel file containing identifiable patient information to Cain Brothers.
Date Detected: 2014-02-18
Date Publicly Disclosed: 2014-03-03
Type: Data Breach
Attack Vector: Accidental Data Disclosure
Vulnerability Exploited: Human Error
Title: Dignity Health St. Joseph's Medical Center Data Breach
Description: The California Office of the Attorney General reported that Dignity Health St. Joseph's Medical Center experienced a data breach involving limited patient information due to mislaid hard drives discovered on August 9, 2018. The breach was reported on August 31, 2018, affecting an unknown number of individuals, and involved demographic and clinical information but not financial data or social security numbers.
Date Detected: 2018-08-09
Date Publicly Disclosed: 2018-08-31
Type: Data Breach
Attack Vector: Mislaid Hard Drives
Title: Dignity Health Data Breach
Description: A data breach involving patient information accessed inappropriately by a case manager employed by naviHealth, a business partner of Dignity Health, from June 2015 to May 2016.
Date Detected: 2016-05-01
Date Publicly Disclosed: 2016-06-09
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Unauthorized Access
Threat Actor: Employee of naviHealth
Motivation: Unknown
Title: Data Breach at Dignity Health - St. Rose Dominican Hospital, Rosa de Lima Campus via R1 RCM Inc.
Description: An unauthorized third party accessed the personal identifying information (PII) and/or protected health information (PHI) of certain patients at Dignity Health's St. Rose Dominican Hospital, Rosa de Lima Campus. The breach exposed sensitive data including names, contact information, Social Security numbers, dates of birth, clinical/diagnosis information, and medical record numbers. A class action lawsuit was settled for $675,000, with affected patients eligible for reimbursements up to $2,500 and credit/medical monitoring services.
Date Publicly Disclosed: 2024-03
Type: Data Breach
Threat Actor: Unauthorized third party
Title: Dominican Hospital Data Breach (2016)
Description: The California Office of the Attorney General reported that Dominican Hospital experienced a data breach on July 28, 2016, affecting patient information. The incident involved the transmission of a Microsoft Excel workbook via secured email to a local health plan, potentially including information for patients not associated with the health plan. The breach affected an unknown number of individuals, with the compromised data consisting of names, account numbers, and medical information, but excluded social security numbers.
Date Detected: 2016-07-28
Type: Data Breach
Attack Vector: Human Error (Improper Data Transmission)
Title: Unionization Vote by Registered Nurses at St. Joseph Regional Hospitals
Description: Registered nurses at St. Joseph Health system hospitals voted to unionize with a vote of 326 to 272 out of 781 eligible voters. The vote included 40 challenged ballots and one voided ballot. The unionization applies to full-time, regular part-time, and per diem registered nurses across multiple St. Joseph hospitals. The National Nurses Organizing Committee/National Nurses United (NNOC/NNU) will represent the nurses, who cited concerns over patient safety, staffing, and decision-making in patient care.
Date Publicly Disclosed: 2025-12-11
Type: Labor Unionization
Title: CommonSpirit Health Vendor Breach Exposes Data of Nearly 20,000 Washington Residents
Description: A ransomware attack on Pinnacle Holdings, LTD, a healthcare consulting vendor, has led to the exposure of sensitive personal data linked to CommonSpirit Health, one of the largest nonprofit health systems in the U.S. The incident involved unauthorized access to Pinnacle’s network, during which a threat actor copied personally identifiable information (PII).
Date Detected: 2024-11-25
Date Publicly Disclosed: 2026-02-02
Type: Ransomware
Attack Vector: Unauthorized network access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DIG15131522
Data Compromised: Name, Account number, Admission date, Length of stay, Total charges, Unit they were seen in, Room number they were seen in, Insurance carrier name
Incident : Ransomware Attack STL235161022
Operational Impact: Disruption in servicesSwitch to paper recordsInternal calamity
Incident : IT Security Incident CHI234511122
Systems Affected: electronic health recordsother systems
Incident : Cyber Attack COM01921122
Systems Affected: Electronic Health RecordsOther IT Systems
Downtime: Some downtime resulting in rescheduling of patient appointments
Operational Impact: Disruption of medical services
Incident : Cyberattack COM205827123
Data Compromised: Highly sensitive information
Systems Affected: IT systemsEHR systems
Downtime: ['IT outages', 'EHR downtime']
Operational Impact: Appointment cancellations
Legal Liabilities: Class action lawsuit
Incident : IT Security Incident CHI25116223
Systems Affected: electronic health recordsother systems
Operational Impact: disruption
Incident : Data Breach ST-231071625
Data Compromised: Patient records, Employee records
Incident : Data Breach DIG328072625
Data Compromised: Employee names, Employee id numbers, Social security numbers
Systems Affected: Employee Self Service system
Incident : Data Breach ST-641072625
Data Compromised: Names, Patient codes, Other patient-related details
Incident : Data Breach ST-429072725
Data Compromised: Demographic information, Clinical information
Incident : Data Breach DIG456080425
Data Compromised: Names, Social security numbers, Health insurance details
Incident : Data Breach DIG5762157091125
Data Compromised: Name, Contact information, Date of birth, Social security number, Location of services, Clinical/diagnosis information, Patient account number, Medical record number
Customer Complaints: Class action lawsuit filed
Brand Reputation Impact: Likely negative (settlement indicates reputational harm)
Legal Liabilities: $675,000 settlement
Identity Theft Risk: High (SSNs and medical data exposed)
Incident : Data Breach DIG014091825
Data Compromised: Names, Account numbers, Medical information
Identity Theft Risk: Low (no SSNs compromised)
Incident : Labor Unionization ST-1765583985
Operational Impact: Potential improvements in patient care, staffing, and nurse retention
Brand Reputation Impact: Potential positive impact due to improved patient care and nurse advocacy
Incident : Ransomware COMPIN1773247957
Data Compromised: Personally identifiable information (PII), medical information
Systems Affected: Pinnacle Holdings, LTD network
Operational Impact: Delayed notifications to affected parties
Brand Reputation Impact: Potential reputational damage to CommonSpirit Health
Legal Liabilities: Potential legal actions and fines
Identity Theft Risk: High
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Name, Account Number, Admission Date, Length Of Stay, Total Charges, Unit They Were Seen In, Room Number They Were Seen In, Insurance Carrier Name, , Highly sensitive information, Patient Records, Employee Records, , Employee Names, Employee Id Numbers, Social Security Numbers, , Names, Patient Codes, Other Patient-Related Details, , Demographic Information, Clinical Information, , Personal Information, Clinical Information, , Pii, Phi, , Names, Account Numbers, Medical Information, , Personally identifiable information (PII) and medical information.
Which entities were affected by each incident ?
Incident : Data Breach DIG15131522
Entity Name: Dominican Hospital
Entity Type: Hospital
Industry: Healthcare
Incident : Ransomware Attack STL235161022
Entity Name: CommonSpirit Health
Entity Type: Healthcare
Industry: Healthcare
Location: 22 states
Incident : IT Security Incident CHI234511122
Entity Name: CHI Health
Entity Type: Healthcare
Industry: Healthcare
Location: Omaha
Incident : Cyber Attack COM01921122
Entity Name: CommonSpirit
Entity Type: Nonprofit Hospital Chain
Industry: Healthcare
Location: U.S.
Incident : Cyberattack COM205827123
Entity Name: CommonSpirit Health
Entity Type: Nonprofit healthcare system
Industry: Healthcare
Location: US
Size: Large
Customers Affected: Approx twenty million individuals
Incident : IT Security Incident CHI25116223
Entity Name: CHI Health
Entity Type: Healthcare
Industry: Healthcare
Location: Omaha
Incident : IT Security Incident CHI25116223
Entity Name: Lakeside Hospital
Entity Type: Hospital
Industry: Healthcare
Location: Omaha
Incident : IT Security Incident CHI25116223
Entity Name: Creighton University Medical Center-Bergan Mercy
Entity Type: Hospital
Industry: Healthcare
Location: Omaha
Incident : IT Security Incident CHI25116223
Entity Name: Immanuel Medical Center
Entity Type: Hospital
Industry: Healthcare
Location: Omaha
Incident : Data Breach ST-231071625
Entity Name: St. Joseph Health System
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California
Incident : Data Breach DIG328072625
Entity Name: Dignity Health - Mercy San Juan Medical Center
Entity Type: Healthcare
Industry: Healthcare
Location: California
Incident : Data Breach ST-641072625
Entity Name: St. Joseph Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California
Customers Affected: Unspecified number of individuals
Incident : Data Breach ST-429072725
Entity Name: Dignity Health St. Joseph's Medical Center
Entity Type: Healthcare
Industry: Healthcare
Location: California
Incident : Data Breach DIG456080425
Entity Name: Dignity Health
Entity Type: Healthcare Provider
Industry: Healthcare
Incident : Data Breach DIG5762157091125
Entity Name: R1 RCM Inc.
Entity Type: Revenue Cycle Management Provider
Industry: Healthcare IT
Customers Affected: Patients of Dignity Health - St. Rose Dominican Hospital, Rosa de Lima Campus
Incident : Data Breach DIG5762157091125
Entity Name: Dignity Health dba St. Rose Dominican Hospital, Rosa de Lima Campus
Entity Type: Hospital
Industry: Healthcare
Location: Henderson, Nevada (implied by context)
Customers Affected: Current and former patients (exact number unspecified)
Incident : Data Breach DIG014091825
Entity Name: Dominican Hospital
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California, USA
Customers Affected: UNKN
Incident : Labor Unionization ST-1765583985
Entity Name: St. Joseph Regional Hospital
Entity Type: Healthcare
Industry: Hospital/Healthcare System
Location: Bryan, College Station, Navasota, Madisonville, Caldwell, Texas, USA
Size: 316-bed facility
Customers Affected: More than 700 registered nurses
Incident : Ransomware COMPIN1773247957
Entity Name: CommonSpirit Health
Entity Type: Healthcare System
Industry: Healthcare
Location: U.S.
Size: Large (nonprofit)
Customers Affected: 19,027 Washington residents
Incident : Ransomware COMPIN1773247957
Entity Name: Pinnacle Holdings, LTD
Entity Type: Healthcare Consulting Vendor
Industry: Healthcare Consulting
Incident : Ransomware COMPIN1773247957
Entity Name: Northgauge Healthcare Advisors
Entity Type: Contractor
Industry: Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DIG15131522
Remediation Measures: Provided training sessions to staffTook disciplinary action
Incident : Ransomware Attack STL235161022
Communication Strategy: Public statement acknowledging the incident and apologizing for inconvenience
Incident : IT Security Incident CHI234511122
Containment Measures: taking some IT systems offline
Incident : IT Security Incident CHI25116223
Containment Measures: systems taken offline
Incident : Data Breach DIG456080425
Remediation Measures: Offering 12 months of free credit monitoring to affected individuals
Incident : Data Breach DIG5762157091125
Remediation Measures: Class action settlementCredit/medical monitoring services for affected individuals
Communication Strategy: Written notifications to affected patients (March 2024)Settlement claims process with deadlines
Incident : Labor Unionization ST-1765583985
Communication Strategy: Statements released by St. Joseph Health and Texas AFL-CIO
Incident : Ransomware COMPIN1773247957
Containment Measures: Isolated systems
Communication Strategy: Posted notice on CommonSpirit Health website, reported to Washington Attorney General
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DIG15131522
Type of Data Compromised: Name, Account number, Admission date, Length of stay, Total charges, Unit they were seen in, Room number they were seen in, Insurance carrier name
Personally Identifiable Information: nameaccount numberadmission datelength of staytotal chargesunit they were seen inroom number they were seen ininsurance carrier name
Incident : Cyberattack COM205827123
Type of Data Compromised: Highly sensitive information
Number of Records Exposed: Approx twenty million individuals
Sensitivity of Data: High
Incident : Data Breach ST-231071625
Type of Data Compromised: Patient records, Employee records
Incident : Data Breach DIG328072625
Type of Data Compromised: Employee names, Employee id numbers, Social security numbers
Sensitivity of Data: High
Incident : Data Breach ST-641072625
Type of Data Compromised: Names, Patient codes, Other patient-related details
Sensitivity of Data: Medium
File Types Exposed: Microsoft Excel
Personally Identifiable Information: NamesPatient Codes
Incident : Data Breach ST-429072725
Type of Data Compromised: Demographic information, Clinical information
Incident : Data Breach DIG456080425
Type of Data Compromised: Personal information, Clinical information
Sensitivity of Data: High
Personally Identifiable Information: NamesSocial Security Numbers
Incident : Data Breach DIG5762157091125
Type of Data Compromised: Pii, Phi
Sensitivity of Data: High (includes SSNs, medical records, and clinical data)
Data Exfiltration: Likely (data accessed by unauthorized third party)
Personally Identifiable Information: NameContact informationDate of birthSocial Security numberPatient account numberMedical record number
Incident : Data Breach DIG014091825
Type of Data Compromised: Names, Account numbers, Medical information
Number of Records Exposed: UNKN
Sensitivity of Data: Moderate (no SSNs, but medical and account data)
Data Exfiltration: Yes (transmitted via email)
Data Encryption: Yes (secured email)
File Types Exposed: Microsoft Excel workbook
Personally Identifiable Information: namesaccount numbers
Incident : Ransomware COMPIN1773247957
Type of Data Compromised: Personally identifiable information (PII), medical information
Number of Records Exposed: 19,027
Sensitivity of Data: High (names, full dates of birth, medical information)
Data Exfiltration: Yes
Personally Identifiable Information: Names, full dates of birth, medical information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Provided training sessions to staff, Took disciplinary action, , Offering 12 months of free credit monitoring to affected individuals, , Class action settlement, Credit/medical monitoring services for affected individuals, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by taking some it systems offline, , systems taken offline, and isolated systems.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware COMPIN1773247957
Data Exfiltration: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Cyberattack COM205827123
Legal Actions: Class action lawsuit,
Incident : Data Breach DIG5762157091125
Legal Actions: Class action lawsuit settled for $675,000,
Incident : Data Breach DIG014091825
Regulations Violated: Potential HIPAA violation (unauthorized disclosure of PHI),
Regulatory Notifications: California Office of the Attorney General
Incident : Labor Unionization ST-1765583985
Regulatory Notifications: NLRB conducted the election and published results
Incident : Ransomware COMPIN1773247957
Legal Actions: Potential investigation by Shamis & Gentile P.A. for compensation
Regulatory Notifications: Reported to Washington Attorney General
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit, , Class action lawsuit settled for $675,000, , Potential investigation by Shamis & Gentile P.A. for compensation.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Labor Unionization ST-1765583985
Lessons Learned: Nurses emphasized the importance of having a say in patient care decisions, staffing, and recruitment/retention of experienced nurses to improve patient safety.
What recommendations were made to prevent future incidents ?
Incident : Labor Unionization ST-1765583985
Recommendations: Negotiate for safe staffing, safeguards against workplace violence, and prioritize patient care over profits in contract bargaining.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Nurses emphasized the importance of having a say in patient care decisions, staffing, and recruitment/retention of experienced nurses to improve patient safety.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Negotiate for safe staffing, safeguards against workplace violence and and prioritize patient care over profits in contract bargaining..
References
Where can I find more information about each incident ?
Incident : Cyberattack COM205827123
Source: Class action lawsuit
Incident : Data Breach ST-231071625
Source: California Office of the Attorney General
Incident : Data Breach DIG328072625
Source: California Office of the Attorney General
Date Accessed: 2017-11-13
Incident : Data Breach ST-641072625
Source: California Office of the Attorney General
Date Accessed: 2014-03-03
Incident : Data Breach ST-429072725
Source: California Office of the Attorney General
Incident : Data Breach DIG456080425
Source: Dignity Health
Incident : Data Breach DIG5762157091125
Source: Class Action Settlement Notice
Incident : Data Breach DIG5762157091125
Source: Settlement Administrator (R1/Dignity Data Incident Settlement)
Incident : Data Breach DIG014091825
Source: California Office of the Attorney General
Incident : Labor Unionization ST-1765583985
Source: National Labor Relations Board (NLRB)
URL: https://www.nlrb.gov
Date Accessed: 2025-12-12
Incident : Labor Unionization ST-1765583985
Source: Texas AFL-CIO News Release
Date Accessed: 2025-12-11
Incident : Labor Unionization ST-1765583985
Source: St. Joseph Health Statement
Date Accessed: 2025-12-11
Incident : Ransomware COMPIN1773247957
Source: Washington Attorney General
Incident : Ransomware COMPIN1773247957
Source: CommonSpirit Health website notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Class action lawsuit, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2017-11-13, and Source: California Office of the Attorney GeneralDate Accessed: 2014-03-03, and Source: California Office of the Attorney General, and Source: Dignity Health, and Source: Class Action Settlement Notice, and Source: Settlement Administrator (R1/Dignity Data Incident Settlement), and Source: California Office of the Attorney General, and Source: National Labor Relations Board (NLRB)Url: https://www.nlrb.govDate Accessed: 2025-12-12, and Source: Texas AFL-CIO News ReleaseDate Accessed: 2025-12-11, and Source: St. Joseph Health StatementDate Accessed: 2025-12-11, and Source: Washington Attorney General, and Source: CommonSpirit Health website notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach DIG5762157091125
Investigation Status: Settled (no further details on root cause investigation)
Incident : Labor Unionization ST-1765583985
Investigation Status: Completed (vote results published)
Incident : Ransomware COMPIN1773247957
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statement Acknowledging The Incident And Apologizing For Inconvenience, Written Notifications To Affected Patients (March 2024), Settlement Claims Process With Deadlines, Statements released by St. Joseph Health and Texas AFL-CIO, Posted notice on CommonSpirit Health website and reported to Washington Attorney General.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach DIG5762157091125
Stakeholder Advisories: Written Notifications To Affected Patients, Settlement Claims Process.
Customer Advisories: Eligibility Criteria: ['Patients of Dignity Health St. Rose Dominican Hospital, Rosa de Lima Campus', 'Received written notification in/around March 2024', 'PII/PHI potentially accessed'], Claim Options: ['Out-of-pocket expenses (up to $500)', 'Extraordinary losses (up to $2,500)', 'Pro rata cash payment', '2 years of three-bureau credit monitoring + CyEx Medical Shield Total'], Deadlines: {'opt_out': '2025-10-13', 'claim_submission': '2025-11-11', 'final_approval_hearing': '2025-11-14'}, Payout Methods: ['PayPal', 'Venmo', 'Zelle', 'Paper check (mail-only)'], Required Documentation: ['Notice ID and PIN from settlement notice', 'Receipts/bills for out-of-pocket expenses', 'Police reports/statements for extraordinary losses'].
Incident : Labor Unionization ST-1765583985
Stakeholder Advisories: Nurses will elect a bargaining team and prepare to negotiate their first contract with NNOC/NNU.
Incident : Ransomware COMPIN1773247957
Customer Advisories: Notice posted on CommonSpirit Health website
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Written Notifications To Affected Patients, Settlement Claims Process, eligibility_criteria: ['Patients of Dignity Health St. Rose Dominican Hospital, Rosa de Lima Campus', 'Received written notification in/around March 2024', 'PII/PHI potentially accessed'], claim_options: ['Out-of-pocket expenses (up to $500)', 'Extraordinary losses (up to $2,500)', 'Pro rata cash payment', '2 years of three-bureau credit monitoring + CyEx Medical Shield Total'], deadlines: {'opt_out': '2025-10-13', 'claim_submission': '2025-11-11', 'final_approval_hearing': '2025-11-14'}, payout_methods: ['PayPal', 'Venmo', 'Zelle', 'Paper check (mail-only)'], required_documentation: ['Notice ID and PIN from settlement notice', 'Receipts/bills for out-of-pocket expenses', 'Police reports/statements for extraordinary losses'], , Nurses will elect a bargaining team and prepare to negotiate their first contract with NNOC/NNU. and Notice posted on CommonSpirit Health website.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach DIG15131522
Corrective Actions: Provided Training Sessions To Staff, Took Disciplinary Action,
Incident : Data Breach DIG328072625
Root Causes: Software Error
Incident : Data Breach ST-641072625
Root Causes: Human Error
Incident : Data Breach DIG5762157091125
Corrective Actions: Settlement Payments, Credit/Medical Monitoring For Affected Individuals,
Incident : Data Breach DIG014091825
Root Causes: Human Error In Data Transmission (Emailing Excel Workbook To Unauthorized Recipient),
Incident : Labor Unionization ST-1765583985
Root Causes: Nurses cited concerns over patient safety, staffing, and lack of decision-making influence in patient care.
Corrective Actions: Unionization to advocate for better staffing, patient care policies, and workplace safety measures.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Provided Training Sessions To Staff, Took Disciplinary Action, , Settlement Payments, Credit/Medical Monitoring For Affected Individuals, , Unionization to advocate for better staffing, patient care policies, and workplace safety measures..
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Employee of naviHealth and Unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on August 2016.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2026-02-02.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was {'settlement_fund': '$675,000', 'individual_claims': {'out_of_pocket_expenses': 'Up to $500', 'extraordinary_losses': 'Up to $2,500', 'pro_rata_cash_payment': 'Varies (based on remaining funds)'}, 'administrative_costs': {'settlement_administration': 'To be determined', 'attorneys_fees': 'Amount pending court approval', 'class_representative_award': 'Up to $2,500'}}.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were name, account number, admission date, length of stay, total charges, unit they were seen in, room number they were seen in, insurance carrier name, , Highly sensitive information, , patient records, employee records, , Employee names, Employee ID numbers, Social Security Numbers, , Names, Patient Codes, Other Patient-Related Details, , Demographic Information, Clinical Information, , Names, Social Security Numbers, Health Insurance Details, , Name, Contact information, Date of birth, Social Security number, Location of services, Clinical/diagnosis information, Patient account number, Medical record number, , names, account numbers, medical information, , Personally identifiable information (PII) and medical information.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was electronic health recordsother systems and Electronic Health RecordsOther IT Systems and IT systemsEHR systems and electronic health recordsother systems and Employee Self Service system and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were taking some IT systems offline, systems taken offline and Isolated systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Contact information, total charges, Personally identifiable information (PII), medical information, Demographic Information, name, Highly sensitive information, length of stay, Other Patient-Related Details, account number, room number they were seen in, Clinical/diagnosis information, Date of birth, Patient account number, names, Employee names, Health Insurance Details, Name, Social Security number, Names, Social Security Numbers, account numbers, employee records, medical information, Medical record number, admission date, Patient Codes, Location of services, patient records, Employee ID numbers, unit they were seen in, Clinical Information and insurance carrier name.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 19.0K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit, , Class action lawsuit settled for $675,000, , Potential investigation by Shamis & Gentile P.A. for compensation.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Nurses emphasized the importance of having a say in patient care decisions, staffing, and recruitment/retention of experienced nurses to improve patient safety.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Negotiate for safe staffing, safeguards against workplace violence and and prioritize patient care over profits in contract bargaining..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Texas AFL-CIO News Release, National Labor Relations Board (NLRB), Washington Attorney General, Class action lawsuit, Settlement Administrator (R1/Dignity Data Incident Settlement), St. Joseph Health Statement, Dignity Health, Class Action Settlement Notice, CommonSpirit Health website notice and California Office of the Attorney General.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.nlrb.gov .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Settled (no further details on root cause investigation).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Written notifications to affected patients, Settlement claims process, Nurses will elect a bargaining team and prepare to negotiate their first contract with NNOC/NNU., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an eligibility_criteria: ['Patients of Dignity Health St. Rose Dominican Hospital, Rosa de Lima Campus', 'Received written notification in/around March 2024', 'PII/PHI potentially accessed'], claim_options: ['Out-of-pocket expenses (up to $500)', 'Extraordinary losses (up to $2,500)', 'Pro rata cash payment', '2 years of three-bureau credit monitoring + CyEx Medical Shield Total'], deadlines: {'opt_out': '2025-10-13', 'claim_submission': '2025-11-11', 'final_approval_hearing': '2025-11-14'}, payout_methods: ['PayPal', 'Venmo', 'Zelle', 'Paper check (mail-only)'], required_documentation: ['Notice ID and PIN from settlement notice', 'Receipts/bills for out-of-pocket expenses', 'Police reports/statements for extraordinary losses'], and Notice posted on CommonSpirit Health website.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Software Error, Human Error, Human error in data transmission (emailing Excel workbook to unauthorized recipient), Nurses cited concerns over patient safety, staffing, and lack of decision-making influence in patient care..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Provided training sessions to staffTook disciplinary action, Settlement paymentsCredit/medical monitoring for affected individuals, Unionization to advocate for better staffing, patient care policies, and workplace safety measures..
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dignity-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
