BMS
Company Details
Linkedin ID:
bristol-myers-squibb
Website:
Employees number:
38,467
Number of followers:
1,665,425
NAICS:
3254
Industry Type:
Homepage:
bms.com
IP Addresses:
0
Company ID:
BRI_4781074
Scan Status:
In-progress
Bristol Myers Squibb Company CyberSecurity Posture
bms.com
At Bristol Myers Squibb, we work every day to transform patients’ lives through science. That work inspires some of the most interesting, meaningful, and life-changing careers you’ll experience. Join us and pursue innovative ideas alongside some of the brightest minds in biopharma, collaborating with a team rich in diversity of experiences, and perspectives. We have built a sustainable pipeline of potential therapies and are leveraging translational medicine and data analytics to understand how we can deliver the right medicine to the right patient, at the right time, to achieve the best outcome. Whether in a scientific, business or supporting function, a career at BMS means you’ll be inspired every day to grow and thrive through opportunities that are uncommon in scale and scope. Here, you’ll be on the cutting edge of powerful innovation in oncology, hematology, immunology, cardiovascular disease, and fibrosis, with colleagues united in the mission to help patients. Through the Bristol Myers Squibb Foundation, we also promote health equity and seek to improve health outcomes of populations disproportionately affected by serious diseases and conditions. Our mission is to give new hope to help patients prevail over serious disease – it drives everything we do. Review our Social Media Community Guidelines at: https://www.bms.com/social-media-community-guidelines.html
Bristol Myers Squibb A.I CyberSecurity Scoring
BMS Risk Score (AI oriented)Between 800 and 849
BMS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BMS Global Score (TPRM)XXXX
BMS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BMS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Bristol Myers Squibb
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving Bristol Myers Squibb (BMS) on June 30, 2023. The breach, discovered on May 31, 2023, involved a cyberattack (malware) that affected 2,231 Washington residents, compromising their names, Social Security numbers, and full dates of birth, among other information.
BMS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BMS
Incidents vs Pharmaceutical Manufacturing Industry Average (This Year)
No incidents recorded for Bristol Myers Squibb in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Bristol Myers Squibb in 2025.
Incident Types BMS vs Pharmaceutical Manufacturing Industry Avg (This Year)
No incidents recorded for Bristol Myers Squibb in 2025.
Incident History — BMS (X = Date, Y = Severity)
BMS cyber incidents detection timeline including parent company and subsidiaries
BMS Company Subsidiaries
At Bristol Myers Squibb, we work every day to transform patients’ lives through science. That work inspires some of the most interesting, meaningful, and life-changing careers you’ll experience. Join us and pursue innovative ideas alongside some of the brightest minds in biopharma, collaborating with a team rich in diversity of experiences, and perspectives. We have built a sustainable pipeline of potential therapies and are leveraging translational medicine and data analytics to understand how we can deliver the right medicine to the right patient, at the right time, to achieve the best outcome. Whether in a scientific, business or supporting function, a career at BMS means you’ll be inspired every day to grow and thrive through opportunities that are uncommon in scale and scope. Here, you’ll be on the cutting edge of powerful innovation in oncology, hematology, immunology, cardiovascular disease, and fibrosis, with colleagues united in the mission to help patients. Through the Bristol Myers Squibb Foundation, we also promote health equity and seek to improve health outcomes of populations disproportionately affected by serious diseases and conditions. Our mission is to give new hope to help patients prevail over serious disease – it drives everything we do. Review our Social Media Community Guidelines at: https://www.bms.com/social-media-community-guidelines.html
Loading...
BMS Similar Companies
Catalent
Championing the missions that matter™. Catalent, Inc. is a leading global contract development and manufacturing organization (CDMO) and trusted partner to pharma, biotech, and consumer health companies worldwide. We put patients first in everything we do, helping people live better and healthier li
Parexel
Parexel is among the world’s largest clinical research organizations (CROs), providing the full range of Phase I to IV clinical development services to help life-saving treatments reach patients faster. Leveraging the breadth of our clinical, regulatory and therapeutic expertise, our team of more th
Merck
At Merck, known as MSD outside of the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important medicines and vaccine
MANKIND PHARMA LTD
Mankind Pharma, one of the top 5 leading pharmaceutical companies in India, started its journey in 1995. Today, we have an employee base of over 20,000 and are racing towards $1 Billion. At Mankind, we aspire to aid the community in leading a healthy life by formulating, developing, commercializing,
Takeda
We strive to transform lives. While the science we advance is constantly evolving, our core purpose is enduring. For more than two centuries, our values have guided us to do what’s right for patients and for society. We know that changing lives requires us to do things differently. We start by list
PT Kalbe Farma, Tbk
Established in 1966, PT Kalbe Farma Tbk. (“the Company” or “Kalbe”) has gone a long way from its humble beginnings as a garage-operated pharmaceutical business in North Jakarta. It has expanded by strategic acquisitions of pharmaceutical companies, building a leading brand positioning and reaching t
Dr. Reddy's Laboratories
Established in 1984, we are a global pharmaceutical company headquartered in Hyderabad, India. Driven by our purpose of ‘Good Health Can’t Wait’, we work to provide access to affordable and innovative medicines. We offer a portfolio of products and services including APIs, generics, branded generics
Merck KGaA, Darmstadt, Germany
We are Merck KGaA, Darmstadt, Germany and its global affiliates. We are a leading global science and technology company headquartered in Germany. We are curious explorers, courageous pioneers, and ingenious inventors. Our colleagues across the globe love innovating with science and technology to e
Sandoz
Sandoz is the global leader in generic and biosimilar medicines. Our Purpose is to pioneer access to medicines for patients globally. We are on a mission to drive innovation in the healthcare industry by freeing up resources sustainably and responsibly while continuing to address global health c
.png)
BMS CyberSecurity News
November 26, 2025 08:58 AM
Marquis Who's Who Honors Niranjana Raghunathan for Expertise in Laboratory Information Management Systems
Niranjana Raghunathan is recognized for her contributions to GSK plc in advancing systems and enhancing research.
November 12, 2025 08:00 AM
Privacy notice center
BMS aims to collect, use, and share information that we obtain about you in a manner consistent with our company values.
November 11, 2025 04:23 PM
Sydney Klein
Sydney Klein is Global Chief Information Security Officer and Head of Enterprise IT at Bristol Myers Squibb (BMS) where she leads cybersecurity,...
October 30, 2025 07:00 AM
Bristol Myers Squibb Profit Soars, Raises Revenue Guidance
The pharmaceutical giant's revenue rose to $12.2 billion in the third quarter.
October 25, 2025 07:00 AM
Bristol-Myers Squibb Stock Forecast: Where Analysts See the Stock Going by 2027
Here's why analysts believe Bristol-Myers Squibb (NYSE: BMY) stock could see about 4% upside by 2027, driven by steady margins,...
October 01, 2025 07:00 AM
Bristol Myers, Takeda to pool data for AI-based drug discovery
Bristol Myers Squibb , Takeda Pharmaceuticals and Astex Pharmaceuticals are coming together to share proprietary data for training an...
September 23, 2025 07:00 AM
Buy Bristol Myers Squibb Stock At $45?
Bristol-Myers Squibb (NYSE: BMY) has considerably lagged behind the overall market, with its stock decreasing by 20% this year,...
September 22, 2025 07:00 AM
Bristol Myers plans UK launch of schizophrenia drug Cobenfy, matching US price
Bristol Myers Squibb (BMS) plans to launch schizophrenia drug Cobenfy in the UK next year at a price matching its U.S. list price,...
August 26, 2025 02:27 PM
Cash leadership office for Bristol Myers Squibb
EY-Parthenon team helped BMS establish a cash leadership office as part of an award-winning Treasury transformation. Learn more in this case study.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BMS CyberSecurity History Information
Official Website of Bristol Myers Squibb
The official website of Bristol Myers Squibb is http://www.bms.com.
Bristol Myers Squibb’s AI-Generated Cybersecurity Score
According to Rankiteo, Bristol Myers Squibb’s AI-generated cybersecurity score is 821, reflecting their Good security posture.
How many security badges does Bristol Myers Squibb’ have ?
According to Rankiteo, Bristol Myers Squibb currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Bristol Myers Squibb have SOC 2 Type 1 certification ?
According to Rankiteo, Bristol Myers Squibb is not certified under SOC 2 Type 1.
Does Bristol Myers Squibb have SOC 2 Type 2 certification ?
According to Rankiteo, Bristol Myers Squibb does not hold a SOC 2 Type 2 certification.
Does Bristol Myers Squibb comply with GDPR ?
According to Rankiteo, Bristol Myers Squibb is not listed as GDPR compliant.
Does Bristol Myers Squibb have PCI DSS certification ?
According to Rankiteo, Bristol Myers Squibb does not currently maintain PCI DSS compliance.
Does Bristol Myers Squibb comply with HIPAA ?
According to Rankiteo, Bristol Myers Squibb is not compliant with HIPAA regulations.
Does Bristol Myers Squibb have ISO 27001 certification ?
According to Rankiteo,Bristol Myers Squibb is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Bristol Myers Squibb
Bristol Myers Squibb operates primarily in the Pharmaceutical Manufacturing industry.
Number of Employees at Bristol Myers Squibb
Bristol Myers Squibb employs approximately 38,467 people worldwide.
Subsidiaries Owned by Bristol Myers Squibb
Bristol Myers Squibb presently has no subsidiaries across any sectors.
Bristol Myers Squibb’s LinkedIn Followers
Bristol Myers Squibb’s official LinkedIn profile has approximately 1,665,425 followers.
NAICS Classification of Bristol Myers Squibb
Bristol Myers Squibb is classified under the NAICS code 3254, which corresponds to Pharmaceutical and Medicine Manufacturing.
Bristol Myers Squibb’s Presence on Crunchbase
Yes, Bristol Myers Squibb has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/bristol-myers-squibb.
Bristol Myers Squibb’s Presence on LinkedIn
Yes, Bristol Myers Squibb maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/bristol-myers-squibb.
Cybersecurity Incidents Involving Bristol Myers Squibb
As of December 11, 2025, Rankiteo reports that Bristol Myers Squibb has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Bristol Myers Squibb has an estimated 5,412 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Bristol Myers Squibb ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Bristol Myers Squibb Data Breach
Description: A data breach involving Bristol Myers Squibb (BMS) was reported by the Washington State Office of the Attorney General on June 30, 2023. The breach, discovered on May 31, 2023, involved a cyberattack (malware) that affected 2,231 Washington residents, compromising their names, Social Security numbers, and full dates of birth, among other information.
Date Detected: 2023-05-31
Date Publicly Disclosed: 2023-06-30
Type: Data Breach
Attack Vector: Malware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BRI533080525
Data Compromised: Names, Social security numbers, Full dates of birth
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Full Dates Of Birth and .
Which entities were affected by each incident ?
Incident : Data Breach BRI533080525
Entity Name: Bristol Myers Squibb
Entity Type: Company
Industry: Pharmaceuticals
Customers Affected: 2231
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BRI533080525
Type of Data Compromised: Names, Social security numbers, Full dates of birth
Number of Records Exposed: 2231
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach BRI533080525
Source: Washington State Office of the Attorney General
Date Accessed: 2023-06-30
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2023-06-30.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-31.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-06-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, Full dates of birth and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Names and Full dates of birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 224.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Washington State Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=bristol-myers-squibb' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
