UNC Health
Company Details
Linkedin ID:
unchealth
Website:
Employees number:
19,676
Number of followers:
115,191
NAICS:
62
Industry Type:
Homepage:
unchealth.org
IP Addresses:
153
Company ID:
UNC_2728524
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
UNC Health Vendor Cyber Rating & Cyber Score
unchealth.orgOur mission is to improve the health and well-being of North Carolinians and others whom we serve. We accomplish this by providing leadership and excellence in the interrelated areas of patient care, education and research. UNC Health and its 40,000 teammates, continue to serve as North Carolina’s Health Care System, caring for patients from all 100 counties and beyond our borders. We continue to leverage the world class research conducted in the UNC School of Medicine, translating that innovation to life-saving and life-changing therapies, procedures, and techniques for the patients who rely on us. General terms of service for UNC Health social media: https://www.facebook.com/unchealthcare/about_details
UNC Health A.I CyberSecurity Scoring
UNC Health Risk Score (AI oriented)Between 750 and 799
UNC Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UNC Health Global Score (TPRM)XXXX
UNC Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UNC Health Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
UNC Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UNC Health Care faced a data breach incident that exposed 1,300 patients' data. Confidential medical information has been shared including Social Security numbers, sexually-transmitted disease information, and more. Patients whose information has been compromised were offered a variety of support services, including credit report monitoring and fraud resolution services, by UNC Health Care.
UNC Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UNC Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UNC Health in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UNC Health in 2026.
Incident Types UNC Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UNC Health in 2026.
Incident History — UNC Health (X = Date, Y = Severity)
UNC Health cyber incidents detection timeline including parent company and subsidiaries
UNC Health Company Subsidiaries
Our mission is to improve the health and well-being of North Carolinians and others whom we serve. We accomplish this by providing leadership and excellence in the interrelated areas of patient care, education and research. UNC Health and its 40,000 teammates, continue to serve as North Carolina’s Health Care System, caring for patients from all 100 counties and beyond our borders. We continue to leverage the world class research conducted in the UNC School of Medicine, translating that innovation to life-saving and life-changing therapies, procedures, and techniques for the patients who rely on us. General terms of service for UNC Health social media: https://www.facebook.com/unchealthcare/about_details
Loading...
UNC Health Similar Companies
Corewell Health
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,0
Adventist Health
Adventist Health is a faith-inspired, nonprofit integrated health system serving more than 100 communities on the West Coast and Hawaii with over 440 sites of care. Founded on Adventist heritage and values, Adventist Health provides care in hospitals, clinics, home care agencies, hospice agencies, a
Ascension
Answering God's call to bring health, healing and hope to all. Ascension is one of the nation’s leading non-profit and Catholic health systems, with a Mission of delivering compassionate, personalized care to all, with special attention to those most vulnerable. In FY2025, Ascension provided $1.7
M42 Health
M42 is an Abu Dhabi-based, global tech-enabled healthcare company operating at the forefront of medical advancement. The company is seeking to transform lives through innovative clinical solutions that can solve the world’s most critical health and diagnostic challenges. By harnessing unique medical
UT Southwestern Medical Center
UT Southwestern is an academic medical center, world-renowned for its research, regarded among the best in the country for medical education and for clinical and scientific training, and nationally recognized for the quality of care its faculty provides to patients at UT Southwestern’s University Ho
Fresenius Medical Care is the world’s leading provider of products and services for individuals with renal diseases. We aim to create a future worth living for chronically and critically ill patients – worldwide and every day. Thanks to our decades of experience in dialysis, our innovative research
Health Care Service Corporation
Health Care Service Corporation serves nearly 23 million people across the United States through its portfolio of health benefit solutions. HCSC provides health coverage options for employers large and small, individuals and families, and Medicare and Medicaid plans. HCSC also offers related health
Genesis
As a premier care provider since 1985, Genesis HealthCare is a holding company with subsidiaries that, on a combined basis, provide services to skilled nursing facilities and senior living communities. Genesis also specializes in contract rehabilitation therapy, respiratory therapy, physician servic
BJC Health
BJC Health System is one of the largest nonprofit health care organizations in the United States and the largest in the state of Missouri, serving urban, suburban, and rural communities across Missouri, southern Illinois, eastern Kansas, and the greater Midwest region. One of the largest employers i
.png)
UNC Health CyberSecurity News
March 25, 2026 03:23 PM
Durham hires technology director to lead digital services
Durham, North Carolina appoints Richard Barbee as Technology Solutions director to lead IT infrastructure, cybersecurity and digital...
March 23, 2026 10:48 PM
Durham, N.C., Finds Its New Technology Director in Academia
With more than a decade of experience managing enterprise infrastructure, cybersecurity initiatives and large-scale technology projects,...
March 21, 2026 03:00 PM
Hicks helps lead UNCP’s first cybersecurity graduates
PEMBROKE — When Phillip Hicks arrived at UNC Pembroke as a freshman, the university's cybersecurity program was still in its trial phase.
March 09, 2026 07:00 AM
New UNC Health Pardee office in Brevard opens to patients
A new UNC Health Pardee medical office building, constructed in just over a year, welcomed patients March 9.
February 19, 2026 08:00 AM
UMMC computer systems down after cyberattack
The University of Mississippi Medical Center closed all its statewide clinics and canceled many appointments Thursday and Friday after a...
February 17, 2026 08:00 AM
UNC Health to install Mevion’s proton therapy system
UNC Health is deploying Mevion Medical System's S250-FIT Proton Therapy System to expand access to proton technology in cancer treatment.
February 09, 2026 08:00 AM
Signature Performance $8.5M Data Breach Settlement
Individuals who received a notification from Signature Performance Inc., Adventist Health Tulare and Adventist Health System/West,...
January 23, 2026 08:00 AM
UNC Charlotte launches National Defense and Intelligence Innovation Institute
UNC Charlotte's new NDI3 institute integrates AI, cybersecurity and health research to accelerate mission-ready solutions for national...
December 15, 2025 08:00 AM
UNCG Spartan Cyber Guardian Academy Supports Students, Community
UNC Greensboro's Spartan Cyber Guardian Academy offers free cybersecurity training and services to nonprofits, funded by a $1M Google grant.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UNC Health CyberSecurity History Information
Official Website of UNC Health
The official website of UNC Health is https://www.unchealth.org/.
UNC Health’s AI-Generated Cybersecurity Score
According to Rankiteo, UNC Health’s AI-generated cybersecurity score is 779, reflecting their Fair security posture.
How many security badges does UNC Health’ have ?
According to Rankiteo, UNC Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has UNC Health been affected by any supply chain cyber incidents ?
According to Rankiteo, UNC Health has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does UNC Health have SOC 2 Type 1 certification ?
According to Rankiteo, UNC Health is not certified under SOC 2 Type 1.
Does UNC Health have SOC 2 Type 2 certification ?
According to Rankiteo, UNC Health does not hold a SOC 2 Type 2 certification.
Does UNC Health comply with GDPR ?
According to Rankiteo, UNC Health is not listed as GDPR compliant.
Does UNC Health have PCI DSS certification ?
According to Rankiteo, UNC Health does not currently maintain PCI DSS compliance.
Does UNC Health comply with HIPAA ?
According to Rankiteo, UNC Health is not compliant with HIPAA regulations.
Does UNC Health have ISO 27001 certification ?
According to Rankiteo,UNC Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UNC Health
UNC Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at UNC Health
UNC Health employs approximately 19,676 people worldwide.
Subsidiaries Owned by UNC Health
UNC Health presently has no subsidiaries across any sectors.
UNC Health’s LinkedIn Followers
UNC Health’s official LinkedIn profile has approximately 115,191 followers.
NAICS Classification of UNC Health
UNC Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UNC Health’s Presence on Crunchbase
No, UNC Health does not have a profile on Crunchbase.
UNC Health’s Presence on LinkedIn
Yes, UNC Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/unchealth.
Cybersecurity Incidents Involving UNC Health
As of March 30, 2026, Rankiteo reports that UNC Health has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
UNC Health has an estimated 32,297 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UNC Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: UNC Health Care Data Breach
Description: UNC Health Care faced a data breach incident that exposed 1,300 patients' data. Confidential medical information has been shared including Social Security numbers, sexually-transmitted disease information, and more.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UNC93815722
Data Compromised: Social security numbers, Sexually-transmitted disease information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, Sexually-Transmitted Disease Information and .
Which entities were affected by each incident ?
Incident : Data Breach UNC93815722
Entity Name: UNC Health Care
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 1300
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UNC93815722
Type of Data Compromised: Social security numbers, Sexually-transmitted disease information
Number of Records Exposed: 1300
Sensitivity of Data: high
Personally Identifiable Information: Social Security numbers
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, Sexually-transmitted disease information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers and Sexually-transmitted disease information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 130.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
References
- https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
- https://lists.security.metacpan.org/cve-announce/msg/37638919/
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
- https://metacpan.org/release/SHAY/perl-5.40.4/changes
- https://metacpan.org/release/SHAY/perl-5.42.2/changes
- https://www.cve.org/CVERecord?id=CVE-2026-3381
Description
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.
Risk Information
cvss3
Base: 8.3
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=unchealth' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
