Sanford Health
Company Details
Linkedin ID:
sanford-health
Website:
Employees number:
15,769
Number of followers:
70,229
NAICS:
62
Industry Type:
Homepage:
sanfordhealth.org
IP Addresses:
66
Company ID:
SAN_2961547
Scan Status:
Completed
Sanford Health Company CyberSecurity Posture
sanfordhealth.org
Sanford Health is the largest rural health system in the U.S. Our organization is dedicated to transforming the health care experience and providing access to world-class health care in America’s heartland. Headquartered in Sioux Falls, South Dakota, we serve more than one million patients and 220,000 health plan members across 250,000 square miles. Our integrated health system has 47 medical centers, 2,800 physicians and advanced practice providers, 170 clinical investigators and research scientists, more than 200 Good Samaritan Society senior care locations, and world clinics in eight countries around the globe. Learn more about our commitment to shaping the future of rural health care at sanfordhealth.org or Sanford Health News.
Sanford Health A.I CyberSecurity Scoring
Sanford Health Risk Score (AI oriented)Between 700 and 749
Sanford Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Sanford Health Global Score (TPRM)XXXX
Sanford Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Sanford Health Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Sanford Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: DMS Health Technologies, the imaging provider Sanford Health utilises for their mobile heart screen trucks, suffered from data security incident. Name, date of birth, date of service, physician name, and type of exam were all possibly compromised patient data. One of the several DMS contracted partners impacted by this incident is Sanford Health. DMS will inform the impacted patients and provide free identity monitoring services through Kroll to some of the affected individuals. The letter they get will contain those specifics. The data breach is being informed to more than 21,000 (21,211) Sanford Health patients, including 10,334 in North Dakota, 4,967 in Minnesota, 2,685 in South Dakota, 1,058 in Iowa, and a small number in 36 other states.
Sanford Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Sanford Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Sanford Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Sanford Health in 2025.
Incident Types Sanford Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Sanford Health in 2025.
Incident History — Sanford Health (X = Date, Y = Severity)
Sanford Health cyber incidents detection timeline including parent company and subsidiaries
Sanford Health Company Subsidiaries
Sanford Health is the largest rural health system in the U.S. Our organization is dedicated to transforming the health care experience and providing access to world-class health care in America’s heartland. Headquartered in Sioux Falls, South Dakota, we serve more than one million patients and 220,000 health plan members across 250,000 square miles. Our integrated health system has 47 medical centers, 2,800 physicians and advanced practice providers, 170 clinical investigators and research scientists, more than 200 Good Samaritan Society senior care locations, and world clinics in eight countries around the globe. Learn more about our commitment to shaping the future of rural health care at sanfordhealth.org or Sanford Health News.
Loading...
Sanford Health Similar Companies
Mercy Health
At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across
Molina Healthcare
Molina Healthcare is a FORTUNE 500 company that is focused exclusively on government-sponsored health care programs for families and individuals who qualify for government sponsored health care. Molina Healthcare contracts with state governments and serves as a health plan providing a wide range o
Advancing Health. Personalizing Care. Memorial Hermann Health System is a nonprofit, values-driven, community-owned health system dedicated to improving health. A fully integrated health system with more than 260 care delivery sites throughout the Greater Houston area, Memorial Hermann is committe
Adventist Health
Adventist Health is a faith-inspired, nonprofit integrated health system serving more than 100 communities on the West Coast and Hawaii with over 440 sites of care. Founded on Adventist heritage and values, Adventist Health provides care in hospitals, clinics, home care agencies, hospice agencies, a
The Netcare Group (JSE: NTC) offers a unique, comprehensive range of medical services across the healthcare spectrum, enabling us to serve the health and care needs of each individual who entrust their care to us. Our focus on implementing sophisticated digital systems will enable us to provide care
WellSpan Health
WellSpan Health’s vision is to reimagine healthcare through the delivery of comprehensive, equitable health and wellness solutions throughout our continuum of care. As an integrated delivery system focused on leading in value-based care, we encompass more than 2,500 employed providers, more than 250
AdventHealth is a connected network of care that helps people feel whole – body, mind and spirit. More than 100,000 team members across a national footprint provide whole-person care to nearly nine million people annually through more than 2,000 care sites that include hospitals, physician practices
NHG Health
NHG Health is a leading public healthcare provider in Singapore recognised for its quality clinical care and its commitment in enabling healthier lives through preventive health, innovative solutions and person-centred programmes tailored to every life stage. Our integrated health system, which span
The people of Memorial Sloan Kettering Cancer Center (MSK) are united by a singular mission: ending cancer for life. Our specialized care teams provide personalized, compassionate, expert care to patients of all ages. Informed by basic research done at our Sloan Kettering Institute, scientists acros
.png)
Sanford Health CyberSecurity News
November 05, 2025 08:00 AM
Sanford Health acquires South Dakota hospital
Sanford Health, one of the larger nonprofit health systems in America, continues to add to its footprint. Image: Prairie Lakes Healthcare...
November 03, 2025 08:00 AM
Communities That Care: The Power of Giving with Sanford Health
In this conversation, Sanford Health's Bill Gassen, president and CEO, and Deb Koski, chief philanthropy officer, discuss how a strong...
October 31, 2025 07:00 AM
Sanford Health, Prairie Lakes Healthcare System announce combination
Sanford Health and Prairie Lakes have announced a combination for a 10-county region, including northeast South Dakota and western...
October 09, 2025 07:00 AM
Griffiths to ease out of DSU leadership after decade at helm of cybersecurity hub
Leadership changes coming for Madison-based school that became renowned technology & cybersecurity research hub during José-Marie Griffiths'...
September 13, 2025 07:00 AM
Sanford Health Plan Strengthens Board with Five New Members
Five leaders with decades of experience in health care, business, technology and education have joined the Sanford Health Plan Board of Directors.
September 04, 2025 07:00 AM
Why Sanford Health has acquired a pharmacy chain
The South Dakota health system is adding Lewis Drug, a family-owned chain of drug stores. Sanford CEO Bill Gassen says the aim is to improve...
August 28, 2025 07:00 AM
Sanford Health expands through Lewis Drug merger
Lewis Drug, a retailer and pharmacy company, will become part of Sanford Health.
July 31, 2025 07:00 AM
Here’s who’s pledged to improve medical data sharing
Dozens of organizations, including 11 health systems, have agreed to work together to help improve the sharing of medical data across...
July 31, 2025 07:00 AM
CMS taps tech firms for new patient health data ecosystem
The Trump administration initiative brings together Big Tech, health IT vendors, and provider and payer systems in an API-powered effort to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Sanford Health CyberSecurity History Information
Official Website of Sanford Health
The official website of Sanford Health is http://www.sanfordhealth.org.
Sanford Health’s AI-Generated Cybersecurity Score
According to Rankiteo, Sanford Health’s AI-generated cybersecurity score is 740, reflecting their Moderate security posture.
How many security badges does Sanford Health’ have ?
According to Rankiteo, Sanford Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Sanford Health have SOC 2 Type 1 certification ?
According to Rankiteo, Sanford Health is not certified under SOC 2 Type 1.
Does Sanford Health have SOC 2 Type 2 certification ?
According to Rankiteo, Sanford Health does not hold a SOC 2 Type 2 certification.
Does Sanford Health comply with GDPR ?
According to Rankiteo, Sanford Health is not listed as GDPR compliant.
Does Sanford Health have PCI DSS certification ?
According to Rankiteo, Sanford Health does not currently maintain PCI DSS compliance.
Does Sanford Health comply with HIPAA ?
According to Rankiteo, Sanford Health is not compliant with HIPAA regulations.
Does Sanford Health have ISO 27001 certification ?
According to Rankiteo,Sanford Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Sanford Health
Sanford Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at Sanford Health
Sanford Health employs approximately 15,769 people worldwide.
Subsidiaries Owned by Sanford Health
Sanford Health presently has no subsidiaries across any sectors.
Sanford Health’s LinkedIn Followers
Sanford Health’s official LinkedIn profile has approximately 70,229 followers.
NAICS Classification of Sanford Health
Sanford Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Sanford Health’s Presence on Crunchbase
No, Sanford Health does not have a profile on Crunchbase.
Sanford Health’s Presence on LinkedIn
Yes, Sanford Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sanford-health.
Cybersecurity Incidents Involving Sanford Health
As of December 11, 2025, Rankiteo reports that Sanford Health has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Sanford Health has an estimated 30,929 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Sanford Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Sanford Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with kroll, and communication strategy with dms will inform the impacted patients and provide free identity monitoring services through kroll to some of the affected individuals. the letter they receive will contain those specifics...
Incident Details
Can you provide details on each incident ?
Title: Data Security Incident at DMS Health Technologies
Description: DMS Health Technologies, the imaging provider for Sanford Health's mobile heart screen trucks, suffered a data security incident. Patient data including name, date of birth, date of service, physician name, and type of exam were potentially compromised. Sanford Health is one of the several DMS contracted partners impacted by this incident.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SAN113016923
Data Compromised: Name, Date of birth, Date of service, Physician name, Type of exam
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Name, Date Of Birth, Date Of Service, Physician Name, Type Of Exam and .
Which entities were affected by each incident ?
Incident : Data Breach SAN113016923
Entity Name: Sanford Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: North DakotaMinnesotaSouth DakotaIowa36 other states
Customers Affected: {'state': 'North Dakota', 'number': 10334}, {'state': 'Minnesota', 'number': 4967}, {'state': 'South Dakota', 'number': 2685}, {'state': 'Iowa', 'number': 1058}, {'state': 'Other', 'number': 'small number'}
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach SAN113016923
Third Party Assistance: Kroll.
Communication Strategy: DMS will inform the impacted patients and provide free identity monitoring services through Kroll to some of the affected individuals. The letter they receive will contain those specifics.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SAN113016923
Type of Data Compromised: Name, Date of birth, Date of service, Physician name, Type of exam
Number of Records Exposed: 21211
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through DMS will inform the impacted patients and provide free identity monitoring services through Kroll to some of the affected individuals. The letter they receive will contain those specifics..
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Name, Date of Birth, Date of Service, Physician Name, Type of Exam and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was kroll, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Date of Service, Type of Exam, Name, Date of Birth and Physician Name.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 223.0.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sanford-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
