WHO
Company Details
Linkedin ID:
world-health-organization
Website:
Employees number:
30,615
Number of followers:
6,094,439
NAICS:
92812
Industry Type:
Homepage:
who.int
IP Addresses:
0
Company ID:
WOR_7701737
Scan Status:
In-progress
World Health Organization Company CyberSecurity Posture
who.int
The World Health Organization's mission: to promote health, keep the world safe, and serve the vulnerable. Working through offices in more than 150 countries, WHO staff work side by side with governments and other partners to ensure the highest attainable level of health for all people. Stay connected with WHO: Facebook https://www.facebook.com/WHO Twitter http://www.twitter.com/who Instagram: @who Google+ https://www.google.com/+who YouTube http://www.youtube.com/who
World Health Organization A.I CyberSecurity Scoring
WHO Risk Score (AI oriented)Between 800 and 849
WHO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
WHO Global Score (TPRM)XXXX
WHO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
WHO Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
World Health Organization
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The login credentials of some staff members of the World Health Organization were accessed by hackers in March 2020. The compromised passwords contained access to a lot of sensitive information about the pandemic. The attack was the result of a successful phishing attempt that forced the organization to switch the infrastructure as a future precautionary step.
Healthcare organization
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Ryuk ransomware gang, active between 2018 and mid-2020, targeted organizations across various sectors, including healthcare during the Covid pandemic. The gang was responsible for numerous attacks, causing significant disruptions and financial losses. The recent extradition of a 33-year-old member of the Ryuk operation to the United States highlights the continued efforts to bring cybercriminals to justice. The gang's rebranding to Conti and subsequent splintering into smaller groups underscores the evolving threat landscape.
WHO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for WHO
Incidents vs International Affairs Industry Average (This Year)
No incidents recorded for World Health Organization in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for World Health Organization in 2025.
Incident Types WHO vs International Affairs Industry Avg (This Year)
No incidents recorded for World Health Organization in 2025.
Incident History — WHO (X = Date, Y = Severity)
WHO cyber incidents detection timeline including parent company and subsidiaries
WHO Company Subsidiaries
The World Health Organization's mission: to promote health, keep the world safe, and serve the vulnerable. Working through offices in more than 150 countries, WHO staff work side by side with governments and other partners to ensure the highest attainable level of health for all people. Stay connected with WHO: Facebook https://www.facebook.com/WHO Twitter http://www.twitter.com/who Instagram: @who Google+ https://www.google.com/+who YouTube http://www.youtube.com/who
Loading...
WHO Similar Companies
#ExchangeAlumni - Alumni Affairs - State Dept.
Welcome, exchange program alumni! We are Alumni Affairs, an office in the Bureau of Educational and Cultural Affairs (ECA) at the U.S. Department of State. We welcome alumni of all U.S. government exchange programs, from Fulbright to Gilman, IVLP, YALI, YSEALI, YLAI, and many more! We offer grant c
Established in 1951, the International Organization for Migration is the leading intergovernmental organization in the field of migration and is committed to the principle that humane and orderly migration benefits migrants and society. IOM works with its partners in the international community to
Bluesky Agency
THE RIGHT WAY TO ITALY. Italian Agency based in Venice-Italy performing general affairs by Public and Private Boards seeks international Partners to develop SMART TOURISM NETWORK. Multilingual staff. Contact us as above
UNDP
The United Nations Development Programme works in nearly 170 countries and territories, helping to achieve the eradication of poverty, and the reduction of inequalities and exclusion. We help countries to develop policies, leadership skills, partnering abilities, institutional capabilities and build
UNHCR, the UN Refugee Agency
UNHCR, the UN Refugee Agency, is a global organisation dedicated to saving lives, protecting rights and building a better future for people forced to flee their homes because of conflict and persecution. We lead international action to protect refugees, forcibly displaced communities and stateless
USAID is the lead U.S. Government agency that works to end extreme global poverty and enable resilient, democratic societies to realize their potential. U.S. foreign assistance has always had the twofold purpose of furthering America's interests while improving lives in the developing world. USAI
United Nations
Founded at the end of the Second World War, the United Nations is an international organization made up of 193 Member States committed to maintaining international peace and security. Every day the UN works to tackle global challenges and deliver results for those most in need. Giving life-sav
.png)
WHO CyberSecurity News
October 26, 2025 07:00 AM
Healthcare Data Breach Statistics
The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS)...
October 22, 2025 07:00 AM
Putting cybersecurity at the core of national security
Countries that integrate cybersecurity into their national security strategies and institutional governance will be best positioned to...
October 14, 2025 07:00 AM
WHO and the European Union launch collaboration to advance digitized health systems in sub-Saharan Africa
The World Health Organization (WHO) and the European Union (EU) announced today a new agreement to support the digital transformation of...
September 25, 2025 07:00 AM
Fourth High-level Meeting of the UN General Assembly on the prevention and control of NCDs and the promotion of mental health and wellbeing (HLM4)
On 25 September 2025, Heads of States and Government will meet at the UN General Assembly to set a new vision for the prevention and control...
September 22, 2025 07:00 AM
Strengthening Health Sector Resilience: PAHO Hosts Cybersecurity Readiness Workshop in Trinidad and Tobago
Port-of-Spain, 18 September 2025 (PAHO): In a decisive step toward fortifying the digital defenses of the national health system,...
September 08, 2025 07:00 AM
Healthcare Industry To Spend $125 Billion On Cybersecurity From 2020 to 2025
The global healthcare cybersecurity market will grow by 15 percent year-over-year over the next five years, and reach $125 billion cumulatively over a five-...
September 02, 2025 07:00 AM
PAHO/WHO and The Bahamas Ministry of Health and Wellness Hosts AI and Cybersecurity Workshop in The Bahamas
Sept. 2nd, 2025, Nassau, The Bahamas - The Pan American Health Organization/World Health Organization (PAHO/WHO), in collaboration with The...
July 29, 2025 07:00 AM
2025 Global Conference on Climate and Health
The 2025 Global Conference on Climate and Health will take place in Brasília, Brazil, hosted by the Government of Brazil, the WHO,...
July 21, 2025 07:00 AM
World Health Organization CISO on securing global health emergencies
During health emergencies, strong cybersecurity protects systems from rising cyber threats that exploit urgent situations.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
WHO CyberSecurity History Information
Official Website of World Health Organization
The official website of World Health Organization is http://www.who.int.
World Health Organization’s AI-Generated Cybersecurity Score
According to Rankiteo, World Health Organization’s AI-generated cybersecurity score is 806, reflecting their Good security posture.
How many security badges does World Health Organization’ have ?
According to Rankiteo, World Health Organization currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does World Health Organization have SOC 2 Type 1 certification ?
According to Rankiteo, World Health Organization is not certified under SOC 2 Type 1.
Does World Health Organization have SOC 2 Type 2 certification ?
According to Rankiteo, World Health Organization does not hold a SOC 2 Type 2 certification.
Does World Health Organization comply with GDPR ?
According to Rankiteo, World Health Organization is not listed as GDPR compliant.
Does World Health Organization have PCI DSS certification ?
According to Rankiteo, World Health Organization does not currently maintain PCI DSS compliance.
Does World Health Organization comply with HIPAA ?
According to Rankiteo, World Health Organization is not compliant with HIPAA regulations.
Does World Health Organization have ISO 27001 certification ?
According to Rankiteo,World Health Organization is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of World Health Organization
World Health Organization operates primarily in the International Affairs industry.
Number of Employees at World Health Organization
World Health Organization employs approximately 30,615 people worldwide.
Subsidiaries Owned by World Health Organization
World Health Organization presently has no subsidiaries across any sectors.
World Health Organization’s LinkedIn Followers
World Health Organization’s official LinkedIn profile has approximately 6,094,439 followers.
NAICS Classification of World Health Organization
World Health Organization is classified under the NAICS code 92812, which corresponds to International Affairs.
World Health Organization’s Presence on Crunchbase
No, World Health Organization does not have a profile on Crunchbase.
World Health Organization’s Presence on LinkedIn
Yes, World Health Organization maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/world-health-organization.
Cybersecurity Incidents Involving World Health Organization
As of December 11, 2025, Rankiteo reports that World Health Organization has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
World Health Organization has an estimated 959 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at World Health Organization ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Ransomware.
What was the total financial impact of these incidents on World Health Organization ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $150 million.
How does World Health Organization detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with switch the infrastructure, and .
Incident Details
Can you provide details on each incident ?
Title: World Health Organization Credential Breach
Description: The login credentials of some staff members of the World Health Organization were accessed by hackers in March 2020. The compromised passwords contained access to a lot of sensitive information about the pandemic. The attack was the result of a successful phishing attempt that forced the organization to switch the infrastructure as a future precautionary step.
Date Detected: March 2020
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Human
Title: Extradition of Ryuk Ransomware Operator
Description: A member of the Ryuk ransomware operation, specializing in gaining initial access to corporate networks, has been extradited to the United States.
Date Publicly Disclosed: 2025-06-18
Type: Ransomware
Attack Vector: Initial Access
Threat Actor: Ryuk Ransomware Operation
Motivation: Financial GainData Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach WOR201411222
Data Compromised: Sensitive information about the pandemic
Incident : Ransomware WOR903061925
Financial Loss: $150 million
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $75.00 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Login credentials.
Which entities were affected by each incident ?
Incident : Data Breach WOR201411222
Entity Name: World Health Organization
Entity Type: Organization
Industry: Health
Incident : Ransomware WOR903061925
Location: FranceNorwayGermanythe NetherlandsCanadaUSA
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach WOR201411222
Remediation Measures: Switch the infrastructure
Incident : Ransomware WOR903061925
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach WOR201411222
Type of Data Compromised: Login credentials
Sensitivity of Data: High
Incident : Ransomware WOR903061925
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Switch the infrastructure, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware WOR903061925
Ransom Paid: $150 million
Ransomware Strain: Ryuk
Data Encryption: True
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware WOR903061925
References
Where can I find more information about each incident ?
Incident : Ransomware WOR903061925
Source: BleepingComputer
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware WOR903061925
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach WOR201411222
Entry Point: Phishing email
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach WOR201411222
Root Causes: Phishing email
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Ryuk Ransomware Operation.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on March 2020.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-06-18.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $150 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Sensitive information about the pandemic.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Sensitive information about the pandemic.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was $150 million.
Regulatory Compliance
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is BleepingComputer.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=world-health-organization' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
