UHS
Company Details
Linkedin ID:
uhs
Website:
Employees number:
10,784
Number of followers:
84,686
NAICS:
62
Industry Type:
Homepage:
uhs.com
IP Addresses:
0
Company ID:
UHS_2344169
Scan Status:
In-progress
UHS Company CyberSecurity Posture
uhs.com
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance, growing since its inception into a Fortune 300 corporation. Headquartered in King of Prussia, PA, UHS has 99,000 employees. Through its subsidiaries, UHS operates 29 acute care hospitals, 331 behavioral health facilities, 60 outpatient and other facilities in 39 U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com UHS is a registered trademark of UHS of Delaware, Inc., a subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company that operates through its subsidiaries. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent there is any reference to “UHS” or “UHS facilities” on this website, including any statements, articles or other publications contained herein which relates to healthcare or management operations, they are referring to Universal Health Services, Inc.’s subsidiaries. Further, the terms “we,” “us,” “our” or “the company” in such context similarly refer to the operations of the subsidiaries of Universal Health Services, Inc. Any reference to employment at UHS or employees of UHS refers to employment with one of the subsidiaries of Universal Health Services, Inc.
UHS A.I CyberSecurity Scoring
UHS Risk Score (AI oriented)Between 700 and 749
UHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UHS Global Score (TPRM)XXXX
UHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UHS Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
UHS
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names dates of birth Numbers to call Numbers for patient accounts and medical records Details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
UHS
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: The systems of the famous healthcare facility, Universal Health Services, were targeted by the Rayuk ransomware group in September 2020. The attackers hit the systems, disabled multiple antivirus programs, and logged the systems out. The attack caused the doctors to wait for a longer period for lab test results and even resulted in four casualties. The healthcare immediately took action and removed the encrypted files and restored the systems.
UHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UHS
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UHS in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UHS in 2025.
Incident Types UHS vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UHS in 2025.
Incident History — UHS (X = Date, Y = Severity)
UHS cyber incidents detection timeline including parent company and subsidiaries
UHS Company Subsidiaries
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance, growing since its inception into a Fortune 300 corporation. Headquartered in King of Prussia, PA, UHS has 99,000 employees. Through its subsidiaries, UHS operates 29 acute care hospitals, 331 behavioral health facilities, 60 outpatient and other facilities in 39 U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com UHS is a registered trademark of UHS of Delaware, Inc., a subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company that operates through its subsidiaries. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent there is any reference to “UHS” or “UHS facilities” on this website, including any statements, articles or other publications contained herein which relates to healthcare or management operations, they are referring to Universal Health Services, Inc.’s subsidiaries. Further, the terms “we,” “us,” “our” or “the company” in such context similarly refer to the operations of the subsidiaries of Universal Health Services, Inc. Any reference to employment at UHS or employees of UHS refers to employment with one of the subsidiaries of Universal Health Services, Inc.
Loading...
UHS Similar Companies
R1 RCM
R1 is the leader in healthcare revenue management, helping providers achieve new levels of performance through smart orchestration. A pioneer in the industry, R1 created the first Healthcare Revenue Operating System: a modular, intelligent platform that integrates automation, AI, and human expertise
Kindred
Kindred’s mission is to help our patients reach their highest potential for health and healing with intensive medical and rehabilitative care through a compassionate patient experience. Kindred’s 61 long-term acute care hospitals (LTACHs), along with 18 community-based, short-term acute care hospit
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
Alberta Health Services
Alberta Health Services (AHS) is proud to be part of Canada’s first and largest provincewide, integrated health system, responsible for delivering health services to more than 4.5 million people living in Alberta, as well as occasionally to some residents of other provinces and territories Our skil
The University of Texas Medical Branch
ABOUT THE UNIVERSITY OF TEXAS MEDICAL BRANCH: Texas' first academic health center opened its doors in 1891 and today has four campuses, five health sciences schools, six institutes for advanced study, a research enterprise that includes one of only two national laboratories dedicated to the safe stu
As the largest nonprofit health system in the Mountain West, Intermountain Health is dedicated to creating healthier communities and helping our patients and caregivers thrive. It’s time to think of health in a whole new way, and by partnering with our patients and communities, providing expert
Amsterdam UMC
At Amsterdam UMC, more than 15,000 professionals strive to provide good and accessible care. For the generations of today and tomorrow. The two medical university centers in Amsterdam, AMC and VUmc, are working together towards a future in which we prevent illnesses and make the best treatment avail
Northside Hospital
Northside Hospital — a certified Great Place To Work® — is one of Georgia’s top health systems. We have acute-care hospitals in Atlanta, Canton, Cumming, Duluth and Lawrenceville and hundreds of outpatient locations across the state. Northside Hospital leads the U.S. in newborn deliveries and is amo
Mount Sinai Health System
The Mount Sinai Health System is an integrated health system committed to providing distinguished care, conducting transformative research, and advancing biomedical education. Structured around seven hospital campuses and a single medical school, the Health System has an extensive ambulatory netwo
.png)
UHS CyberSecurity News
September 24, 2025 09:17 AM
What Is RYUK Ransomware?
Ryuk is ransomware version attributed to the hacker group WIZARD SPIDER that has compromised governments, academia, healthcare, manufacturing,...
May 28, 2025 07:00 AM
NHS trusts' data 'stolen' in cyberattack
University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were exposed,...
May 25, 2025 07:00 AM
UHS’s Kim Sassaman Named Among CISOs Connect’s™ Top 100 CISOs 2025
Posted by cfelixcpa | May 25, 2025 | SF STAT! | 0 |. UHS's Kim Sassaman Named Among CISOs Connect's™ Top 100 CISOs 2025. image_pdf image_print.
March 04, 2025 08:00 AM
Key Themes from Hospital Earnings Season: Breaking down HCA, Tenet, UHS, CHS, and Ardent Commentary
Breaking down major publicly traded hospital operator themes across utilization, revenue and payor mix, expenses, growth, and more.
July 31, 2024 07:00 AM
UHS employees recognized by Becker’s Hospital Review
Associate Chief Information Officer Kara Hines and Chief Revenue Cycle Officer Kenneth Hogue of UHS were recently named “Rising Stars: 42 healthcare leaders...
May 29, 2024 04:21 AM
Ryuk Ransomware Attacks: Hospitals Targeted
Ryuk ransomware attacks vastly increased during 2020. From almost obscurity in 2019, Ryuk now accounts for a third of all ransomware attacks.
March 13, 2024 07:00 AM
Change Healthcare cyberattack isn't threatening major for-profit systems' bottom lines, execs say
Senior leadership at major for-profit systems say they're shielded from the liquidity and administrative issues plaguing providers across...
March 06, 2024 08:00 AM
Sven Hahues Named University of Houston System CISO
Sven Hahues will lead the University of Houston System's (UHS) information security initiatives as the new chief information security officer (CISO).
February 26, 2024 08:00 AM
Untitled Document
It is with great excitement that we announce the appointment of Sven Hahues as the new Chief Information Security Officer (CISO) for the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UHS CyberSecurity History Information
Official Website of UHS
The official website of UHS is http://www.uhs.com.
UHS’s AI-Generated Cybersecurity Score
According to Rankiteo, UHS’s AI-generated cybersecurity score is 719, reflecting their Moderate security posture.
How many security badges does UHS’ have ?
According to Rankiteo, UHS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UHS have SOC 2 Type 1 certification ?
According to Rankiteo, UHS is not certified under SOC 2 Type 1.
Does UHS have SOC 2 Type 2 certification ?
According to Rankiteo, UHS does not hold a SOC 2 Type 2 certification.
Does UHS comply with GDPR ?
According to Rankiteo, UHS is not listed as GDPR compliant.
Does UHS have PCI DSS certification ?
According to Rankiteo, UHS does not currently maintain PCI DSS compliance.
Does UHS comply with HIPAA ?
According to Rankiteo, UHS is not compliant with HIPAA regulations.
Does UHS have ISO 27001 certification ?
According to Rankiteo,UHS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UHS
UHS operates primarily in the Hospitals and Health Care industry.
Number of Employees at UHS
UHS employs approximately 10,784 people worldwide.
Subsidiaries Owned by UHS
UHS presently has no subsidiaries across any sectors.
UHS’s LinkedIn Followers
UHS’s official LinkedIn profile has approximately 84,686 followers.
NAICS Classification of UHS
UHS is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UHS’s Presence on Crunchbase
No, UHS does not have a profile on Crunchbase.
UHS’s Presence on LinkedIn
Yes, UHS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/uhs.
Cybersecurity Incidents Involving UHS
As of December 11, 2025, Rankiteo reports that UHS has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
UHS has an estimated 30,928 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UHS ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does UHS detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with removed encrypted files, containment measures with restored systems, and third party assistance with kroll, and remediation measures with one year of identity monitoring services from kroll..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on Universal Health Services
Description: The systems of the famous healthcare facility, Universal Health Services, were targeted by the Rayuk ransomware group in September 2020. The attackers hit the systems, disabled multiple antivirus programs, and logged the systems out. The attack caused the doctors to wait for a longer period for lab test results and even resulted in four casualties. The healthcare immediately took action and removed the encrypted files and restored the systems.
Date Detected: September 2020
Type: Ransomware
Threat Actor: Rayuk ransomware group
Title: Ransomware Attack on ESO Solutions
Description: A ransomware attack occurred against ESO Solutions, a significant software provider for emergency services and healthcare. This incident resulted from unauthorised data access and system encryption across many enterprise platforms. Depending on the information patients have shared with their healthcare providers using ESO's software, a range of personal data was exposed in the hack. Among the compromised data are: complete names, dates of birth, phone numbers, patient account numbers, medical records, details of the injury, diagnosis, treatment, and procedure, and Social Security numbers. It was established that patient data connected to U.S. hospitals and clinics that ESO serves as a client was compromised. All notified parties will receive a year of identity monitoring services from Kroll through ESO to assist in reducing risks.
Type: Ransomware Attack
Attack Vector: Unauthorised Data Access and System Encryption
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware UHS194910422
Operational Impact: Longer wait times for lab test resultsFour casualties
Incident : Ransomware Attack UHS8515124
Data Compromised: Complete names, Dates of birth, Phone numbers, Patient account numbers, Medical records, Details of injury, diagnosis, treatment, and procedure, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Medical Records and .
Which entities were affected by each incident ?
Incident : Ransomware UHS194910422
Entity Name: Universal Health Services
Entity Type: Healthcare facility
Industry: Healthcare
Incident : Ransomware Attack UHS8515124
Entity Name: ESO Solutions
Entity Type: Software Provider
Industry: Healthcare and Emergency Services
Customers Affected: U.S. hospitals and clinics
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware UHS194910422
Containment Measures: Removed encrypted filesRestored systems
Incident : Ransomware Attack UHS8515124
Third Party Assistance: Kroll
Remediation Measures: One year of identity monitoring services from Kroll
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack UHS8515124
Type of Data Compromised: Personal information, Medical records
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: One year of identity monitoring services from Kroll.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by removed encrypted files, restored systems and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware UHS194910422
Ransomware Strain: Rayuk
Incident : Ransomware Attack UHS8515124
Data Encryption: True
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Rayuk ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on September 2020.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Complete names, Dates of birth, Phone numbers, Patient account numbers, Medical records, Details of injury, diagnosis, treatment, and procedure, Social Security numbers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Removed encrypted filesRestored systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Phone numbers, Complete names, Social Security numbers, Patient account numbers, Details of injury, diagnosis, treatment, and procedure, Medical records and Dates of birth.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=uhs' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
