Introduction
Red Sift’s analysis of healthcare organizations that reported large breaches to the Department of Health & Human Services (HHS) in 2023-2024 uncovered a troubling trend: post-breach, 61% remain unprotected against phishing and domain spoofing due to weak or nonexistent DMARC policies.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a widely recognized security standard that prevents attackers from impersonating organizations through email. However, despite experiencing a significant breach, many healthcare entities have yet to fully adopt this critical protection, leaving them vulnerable to further attacks.
What does the data tell us?
Research conducted by Red Sift found:
- 61% of analyzed organizations lack protection, with 33 having no DMARC policy and 28 showing no data available.
- Only 39% enforce DMARC, with 24 adopting “reject” (strongest protection) and 16 using “quarantine” (moderate security).
- In EMEA, 49% of the 100 largest healthcare companies remain unprotected, while only 31% have a “reject” policy.
This snapshot represents a significant gap in DMARC adoption, and is likely indicative of sectoral cybersecurity immaturity that leaves most companies vulnerable to phishing and spoofing attacks. The most secure group, implementing a “reject” policy, points to better practices, but still represents less than one-fourth of the total analysis.
Email is recognized as a primary vector for bad actors to gain access to people and networks. For the healthcare sector, poorly secure email often results in costly business email compromise attacks and ransomware. Healthcare organizations will need to implement more stringent security measures to ensure robust and proactive protections are in place to guard against potentially devastating cyberattacks and maintain the integrity and availability of critical healthcare services and patient data.
The rising impact of data breaches
Health records remain the most valuable type of data on the black market, making healthcare organizations prime targets. Threat actors seek maximum payout, and as such, cyberattacks on healthcare are surging. Phishing remains the leading attack vector, responsible for an estimated 90% of successful attacks. A 2024 IBM study reports that, globally, data breaches cost organizations an average of $4.9 million, with healthcare breaches costing nearly double that amount in the U.S. Additionally, over 190 million healthcare records were compromised in 2024 alone—a record-breaking number impacting over half of the U.S. population. More costly regulatory actions, fines, and class action lawsuits are deeply affecting the entire healthcare industry.
Largest US healthcare breaches 2023-2024: DMARC analysis
Why DMARC matters for healthcare
DMARC is a proven solution to prevent phishing, domain spoofing, and Business Email Compromise (BEC) attacks. Organizations enforcing DMARC at a “reject” policy level significantly reduce the risk of email-based cyber threats.
Yet, many healthcare organizations remain unprotected, leaving sensitive patient data, financial information, and operational infrastructure exposed. The healthcare sector must prioritize stronger email security to prevent future breaches and protect critical systems from cybercriminals.
Securing the future of healthcare with OnDMARC
Red Sift’s findings reveal an urgent need for greater DMARC adoption across healthcare organizations. Entities without DMARC should start by implementing a monitoring policy “p=none” before advancing to full enforcement “p=reject”. Those with “quarantine” policies should transition to “reject” promptly for maximum protection.
As email remains one of the most exploited entry points for cybercriminals, healthcare providers must take action now to close these security gaps, opting for a DMARC solutions provider such as Red Sift OnDMARC. Today’s new reality means implementing DMARC no longer just sits with IT—it is a critical step in safeguarding patient data, operational security, and brand reputation and should be discussed and executed at Board level.
Learn more about how Red Sift helps organizations achieve full DMARC compliance with Red Sift OnDMARC and strengthen your email security today.
This research first appeared in Betanews.
