Mercy Health Company Cyber Security Posture

mercy.com

At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across regions of Ohio and Kentucky, weโ€™re one of the largest health care systems in the country. At each of our more than 600 points of care, we deliver high-quality, compassionate care with one united purpose: to help our patients be well in mind, body and spirit.

Mercy Health Company Details

Linkedin ID:

mercyhealth-chp

Employees number:

14050 employees

Number of followers:

74559.0

NAICS:

62

Industry Type:

Hospitals and Health Care

Homepage:

mercy.com

IP Addresses:

Scan still pending

Company ID:

MER_1765720

Scan Status:

In-progress

AI scoreMercy Health Risk Score (AI oriented)

Between 800 and 900

This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.

globalscoreMercy Health Global Score
blurone
Ailogo

Mercy Health Company Scoring based on AI Models

Model NameDateDescriptionCurrent Score DifferenceScore
AVERAGE-Industry03-12-2025

This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers.

N/A

Between 800 and 900

Mercy Health Company Cyber Security News & History

Past Incidents
2
Attack Types
1
EntityTypeSeverityImpactSeenUrl IDDetailsView
Bon SecoursBreach100508/2016BON341622Link
Rankiteo Explanation :
Attack threatening the organization's existence

Description: Bon Secours Health System, based in Marriottsville, Md., suffered from a data breach incident after that 655,000 patients health information were exposed as a result of an error made by one of its business associates. The compromised information included names, social security numbers, insurance and banking information, and some clinical data. Bon Secours conducted a two-month internal investigation of the incident, and offered a year of credit monitoring and identity theft protection services without charge.

Mercy HealthBreach25101/2020MER21861222Link
Rankiteo Explanation :
Attack without any consequences

Description: Mercy Health Lorain Hospital Laboratory experienced HIPAA breach due to contractor invoice printing error. No actual or attempted access or misuse of patient or guarantor information has been discovered. Batches of medical invoices created and mailed by RCMโ€™s contracted mailing vendor were printed incorrectly. Instead of the name, street address, city, state, and zip code of the patient (or his/her guarantor) appearing in the clear address โ€œwindowโ€ of the envelope, what actually appeared were names, street addresses, and Social Security numbers.

Mercy Health Company Subsidiaries

SubsidiaryImage

At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across regions of Ohio and Kentucky, weโ€™re one of the largest health care systems in the country. At each of our more than 600 points of care, we deliver high-quality, compassionate care with one united purpose: to help our patients be well in mind, body and spirit.

Loading...

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mercyhealth-chp' -H 'apikey: YOUR_API_KEY_HERE'
newsone

Mercy Health Cyber Security News

2025-05-08T07:00:00.000Z
Navyโ€™s Military Sealift Command Upgrades IT to Ensure Health Care Continuity

The Navy's Military Sealift Command is modernizing its IT infrastructure and consolidating data centers to improve health care and saveย ...

2024-06-04T07:00:00.000Z
Mercy Health Agrees to Pay $1.8 Million to Settle Insider Data Breach Lawsuit

Mercy Health has agreed to a $1.8 million settlement to resolve all claims related to a 2020 HIPAA compliance data breach that affectedย ...

2024-09-09T07:00:00.000Z
Q&A: How redundancy enabled resilience after Crowdstrike outage

A hybrid cloud platform supported stroke patient care after the worldwide IT disruption knocked out its electronic health records.

2023-12-13T08:00:00.000Z
Mercy Medical Center alerts 97K patients at risk in security breach

Mercy Medical Center in Cedar Rapids has notified 97,000 patients about a security breach that might have compromised their personalย ...

2023-12-04T08:00:00.000Z
Mercy Health patients among giant data breach affecting 8.9 million people, company says

The hacking of PJ&A's network server affects more than 8.9 million people, according to the U.S. Department of Health and Human Services. Theย ...

2024-01-23T08:00:00.000Z
Bon Secours Mercy Health, vendor hit with lawsuit after data breach

The suit alleges the health system and a vendor failed to implement standards or promptly alert people whose data may have been exposedย ...

2024-06-11T08:18:56.000Z
Mercy Health data breach $1.8M class action settlement

Consumers could receive benefits from a $1.8 million Mercy Health data breach settlement resolving claims it failed to protect patients from a 2020 data breachย ...

2024-05-08T07:00:00.000Z
Ascension Health investigates cyber security issue, assures minimal patient impact

Ascension Health says it's investigating cyber security issues. The healthcare company says on Wednesday it detected unusual activity on select technologyย ...

2024-07-19T07:00:00.000Z
Doctors revert to pen and paper after CrowdStrike's outage hits hospitals: โ€˜Every single computer was downโ€™

Many hospitals and labs across the US and globally have had their systems shut down, leading some hospitals to cancel or delay procedures and surgeries.

similarCompanies

Mercy Health Similar Companies

Aster DM Healthcare

From a single medical centre to a performance-driven healthcare enterprise spread across more than 366 medical establishments, including 34 hospitals, 131 clinics and 502 pharmacies in 7 countries and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across th

MD Anderson Cancer Center

The University of Texas MD Anderson Cancer Center is one of the world's most respected centers devoted exclusively to cancer patient care, research, education and prevention. MD Anderson provides cancer care at several convenient locations throughout the Greater Houston Area and collaborates with co

BayCare Health System

BayCare is a leading not-for-profit health care system that connects individuals and families to a wide range of services at 16 hospitals and hundreds of other convenient locations throughout the Tampa Bay and central Florida regions. Inpatient and outpatient services include acute care, primary car

Guy's and St Thomas'โ€‹ NHS Foundation Trust

One of the largest Trusts in the UK, Guyโ€™s and St Thomasโ€™ NHS Foundation Trust comprises five of the UKโ€™s best known hospitals โ€“ Guyโ€™s, St Thomasโ€™, Evelina London Childrenโ€™s Hospital, Royal Brompton and Harefield โ€“ as well as community services in Lambeth and Southwark, all with a long history of hi

One of the nationโ€™s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. has built an impressive record of achievement and performance. Growing steadily since our inception into an esteemed Fortune 300 corporation, our annual revenues during 2024

Piedmont

At Piedmont, we deliver healthcare marked by compassion and sustainable excellence in a progressive environment, guided by physicians, delivered by exceptional professionals and inspired by the communities we serve. Piedmont is a not-for-profit, community health system comprised of 23 hospitals and

faq

Frequently Asked Questions (FAQ) on Cybersecurity Incidents

Mercy Health CyberSecurity History Information

Total Incidents: According to Rankiteo, Mercy Health has faced 2 incidents in the past.

Incident Types: The types of cybersecurity incidents that have occurred include ['Breach'].

Total Financial Loss: The total financial loss from these incidents is estimated to be {total_financial_loss}.

Cybersecurity Posture: The company's overall cybersecurity posture is described as At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across regions of Ohio and Kentucky, weโ€™re one of the largest health care systems in the country. At each of our more than 600 points of care, we deliver high-quality, compassionate care with one united purpose: to help our patients be well in mind, body and spirit..

Detection and Response: The company detects and responds to cybersecurity incidents through {description_of_detection_and_response_process}.

Incident Details

Incident 1: Ransomware Attack

Title: {Incident_Title}

Description: {Brief_description_of_the_incident}

Date Detected: {Detection_Date}

Date Publicly Disclosed: {Disclosure_Date}

Date Resolved: {Resolution_Date}

Type: {Type_of_Attack}

Attack Vector: {Attack_Vector}

Vulnerability Exploited: {Vulnerability}

Threat Actor: {Threat_Actor}

Motivation: {Motivation}

Incident 2: Data Breach

Title: {Incident_Title}

Description: {Brief_description_of_the_incident}

Date Detected: {Detection_Date}

Date Publicly Disclosed: {Disclosure_Date}

Date Resolved: {Resolution_Date}

Type: {Type_of_Attack}

Attack Vector: {Attack_Vector}

Vulnerability Exploited: {Vulnerability}

Threat Actor: {Threat_Actor}

Motivation: {Motivation}

Common Attack Types: The most common types of attacks the company has faced are ['Breach'].

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through {description_of_identification_process}.

Impact of the Incidents

Incident 1: Ransomware Attack

Financial Loss: {Financial_Loss}

Data Compromised: {Data_Compromised}

Systems Affected: {Systems_Affected}

Downtime: {Downtime}

Operational Impact: {Operational_Impact}

Conversion Rate Impact: {Conversion_Rate_Impact}

Revenue Loss: {Revenue_Loss}

Customer Complaints: {Customer_Complaints}

Brand Reputation Impact: {Brand_Reputation_Impact}

Legal Liabilities: {Legal_Liabilities}

Identity Theft Risk: {Identity_Theft_Risk}

Payment Information Risk: {Payment_Information_Risk}

Incident 2: Data Breach

Financial Loss: {Financial_Loss}

Data Compromised: {Data_Compromised}

Systems Affected: {Systems_Affected}

Downtime: {Downtime}

Operational Impact: {Operational_Impact}

Conversion Rate Impact: {Conversion_Rate_Impact}

Revenue Loss: {Revenue_Loss}

Customer Complaints: {Customer_Complaints}

Brand Reputation Impact: {Brand_Reputation_Impact}

Legal Liabilities: {Legal_Liabilities}

Identity Theft Risk: {Identity_Theft_Risk}

Payment Information Risk: {Payment_Information_Risk}

Average Financial Loss: The average financial loss per incident is {average_financial_loss}.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are {list_of_commonly_compromised_data_types}.

Incident 1: Ransomware Attack

Entity Name: {Entity_Name}

Entity Type: {Entity_Type}

Industry: {Industry}

Location: {Location}

Size: {Size}

Customers Affected: {Customers_Affected}

Incident 2: Data Breach

Entity Name: {Entity_Name}

Entity Type: {Entity_Type}

Industry: {Industry}

Location: {Location}

Size: {Size}

Customers Affected: {Customers_Affected}

Response to the Incidents

Incident 1: Ransomware Attack

Incident Response Plan Activated: {Yes/No}

Third Party Assistance: {Yes/No}

Law Enforcement Notified: {Yes/No}

Containment Measures: {Containment_Measures}

Remediation Measures: {Remediation_Measures}

Recovery Measures: {Recovery_Measures}

Communication Strategy: {Communication_Strategy}

Adaptive Behavioral WAF: {Adaptive_Behavioral_WAF}

On-Demand Scrubbing Services: {On_Demand_Scrubbing_Services}

Network Segmentation: {Network_Segmentation}

Enhanced Monitoring: {Enhanced_Monitoring}

Incident 2: Data Breach

Incident Response Plan Activated: {Yes/No}

Third Party Assistance: {Yes/No}

Law Enforcement Notified: {Yes/No}

Containment Measures: {Containment_Measures}

Remediation Measures: {Remediation_Measures}

Recovery Measures: {Recovery_Measures}

Communication Strategy: {Communication_Strategy}

Adaptive Behavioral WAF: {Adaptive_Behavioral_WAF}

On-Demand Scrubbing Services: {On_Demand_Scrubbing_Services}

Network Segmentation: {Network_Segmentation}

Enhanced Monitoring: {Enhanced_Monitoring}

Incident Response Plan: The company's incident response plan is described as {description_of_incident_response_plan}.

Third-Party Assistance: The company involves third-party assistance in incident response through {description_of_third_party_involvement}.

Data Breach Information

Incident 2: Data Breach

Type of Data Compromised: {Type_of_Data}

Number of Records Exposed: {Number_of_Records}

Sensitivity of Data: {Sensitivity_of_Data}

Data Exfiltration: {Yes/No}

Data Encryption: {Yes/No}

File Types Exposed: {File_Types}

Personally Identifiable Information: {Yes/No}

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: {description_of_prevention_measures}.

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through {description_of_handling_process}.

Ransomware Information

Incident 1: Ransomware Attack

Ransom Demanded: {Ransom_Amount}

Ransom Paid: {Ransom_Paid}

Ransomware Strain: {Ransomware_Strain}

Data Encryption: {Yes/No}

Data Exfiltration: {Yes/No}

Ransom Payment Policy: The company's policy on paying ransoms in ransomware incidents is described as {description_of_ransom_payment_policy}.

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through {description_of_data_recovery_process}.

Regulatory Compliance

Ransomware Logo

Incident 1: Ransomware Attack

Regulations Violated: {Regulations_Violated}

Fines Imposed: {Fines_Imposed}

Legal Actions: {Legal_Actions}

Regulatory Notifications: {Regulatory_Notifications}

Data Breach Logo

Incident 2: Data Breach

Regulations Violated: {Regulations_Violated}

Fines Imposed: {Fines_Imposed}

Legal Actions: {Legal_Actions}

Regulatory Notifications: {Regulatory_Notifications}

Regulatory Frameworks: The company complies with the following regulatory frameworks regarding cybersecurity: {list_of_regulatory_frameworks}.

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through {description_of_compliance_measures}.

Lessons Learned and Recommendations

Incident 1: Ransomware Attack

Lessons Learned: {Lessons_Learned}

Incident 2: Data Breach

Lessons Learned: {Lessons_Learned}

Incident 1: Ransomware Attack

Recommendations: {Recommendations}

Incident 2: Data Breach

Recommendations: {Recommendations}

Key Lessons Learned: The key lessons learned from past incidents are {list_of_key_lessons_learned}.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: {list_of_implemented_recommendations}.

References

Incident 1: Ransomware Attack

Source: {Source}

URL: {URL}

Date Accessed: {Date_Accessed}

Incident 2: Data Breach

Source: {Source}

URL: {URL}

Date Accessed: {Date_Accessed}

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at {list_of_additional_resources}.

Investigation Status

Incident 1: Ransomware Attack

Investigation Status: {Investigation_Status}

Incident 2: Data Breach

Investigation Status: {Investigation_Status}

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through {description_of_communication_process}.

Stakeholder and Customer Advisories

Incident 1: Ransomware Attack

Stakeholder Advisories: {Stakeholder_Advisories}

Customer Advisories: {Customer_Advisories}


Incident 2: Data Breach

Stakeholder Advisories: {Stakeholder_Advisories}

Customer Advisories: {Customer_Advisories}

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: {description_of_advisories_provided}.

Initial Access Broker

Incident 1: Ransomware Attack

Entry Point: {Entry_Point}

Reconnaissance Period: {Reconnaissance_Period}

Backdoors Established: {Backdoors_Established}

High Value Targets: {High_Value_Targets}

Data Sold on Dark Web: {Yes/No}

Incident 2: Data Breach

Entry Point: {Entry_Point}

Reconnaissance Period: {Reconnaissance_Period}

Backdoors Established: {Backdoors_Established}

High Value Targets: {High_Value_Targets}

Data Sold on Dark Web: {Yes/No}

Monitoring and Mitigation of Initial Access Brokers: The company monitors and mitigates the activities of initial access brokers through {description_of_monitoring_and_mitigation_measures}.

Post-Incident Analysis

Incident 1: Ransomware Attack

Root Causes: {Root_Causes}

Corrective Actions: {Corrective_Actions}

Incident 2: Data Breach

Root Causes: {Root_Causes}

Corrective Actions: {Corrective_Actions}

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as {description_of_post_incident_analysis_process}.

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: {list_of_corrective_actions_taken}.

Additional Questions

General Information

Ransom Payment History: The company has {paid/not_paid} ransoms in the past.

Last Ransom Demanded: The amount of the last ransom demanded was {last_ransom_amount}.

Last Attacking Group: The attacking group in the last incident was {last_attacking_group}.

Incident Details

Most Recent Incident Detected: The most recent incident detected was on {most_recent_incident_detected_date}.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on {most_recent_incident_publicly_disclosed_date}.

Most Recent Incident Resolved: The most recent incident resolved was on {most_recent_incident_resolved_date}.

Impact of the Incidents

Highest Financial Loss: The highest financial loss from an incident was {highest_financial_loss}.

Most Significant Data Compromised: The most significant data compromised in an incident was {most_significant_data_compromised}.

Most Significant System Affected: The most significant system affected in an incident was {most_significant_system_affected}.

Response to the Incidents

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was {third_party_assistance_in_most_recent_incident}.

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were {containment_measures_in_most_recent_incident}.

Data Breach Information

Most Sensitive Data Compromised: The most sensitive data compromised in a breach was {most_sensitive_data_compromised}.

Number of Records Exposed: The number of records exposed in the most significant breach was {number_of_records_exposed}.

Ransomware Information

Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was {highest_ransom_demanded}.

Highest Ransom Paid: The highest ransom paid in a ransomware incident was {highest_ransom_paid}.

Regulatory Compliance

Highest Fine Imposed: The highest fine imposed for a regulatory violation was {highest_fine_imposed}.

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was {most_significant_legal_action}.

Lessons Learned and Recommendations

Most Significant Lesson Learned: The most significant lesson learned from past incidents was {most_significant_lesson_learned}.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was {most_significant_recommendation_implemented}.

References

Most Recent Source: The most recent source of information about an incident is {most_recent_source}.

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is {most_recent_url}.

Investigation Status

Current Status of Most Recent Investigation: The current status of the most recent investigation is {current_status_of_most_recent_investigation}.

Stakeholder and Customer Advisories

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was {most_recent_stakeholder_advisory}.

Most Recent Customer Advisory: The most recent customer advisory issued was {most_recent_customer_advisory}.

Initial Access Broker

Most Recent Entry Point: The most recent entry point used by an initial access broker was {most_recent_entry_point}.

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was {most_recent_reconnaissance_period}.

Post-Incident Analysis

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was {most_significant_root_cause}.

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was {most_significant_corrective_action}.

What Do We Measure?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
Users Love Us Badge