Over 60% of healthcare organizations remain unprotected against data breaches

Introduction

Red Sift’s analysis of healthcare organizations that reported large breaches to the Department of Health & Human Services (HHS) in 2023-2024 uncovered a troubling trend: post-breach, 61% remain unprotected against phishing and domain spoofing due to weak or nonexistent DMARC policies.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a widely recognized security standard that prevents attackers from impersonating organizations through email. However, despite experiencing a significant breach, many healthcare entities have yet to fully adopt this critical protection, leaving them vulnerable to further attacks.

What does the data tell us?

Research conducted by Red Sift found:

  • 61% of analyzed organizations lack protection, with 33 having no DMARC policy and 28 showing no data available.
  • Only 39% enforce DMARC, with 24 adopting “reject” (strongest protection) and 16 using “quarantine” (moderate security).
  • In EMEA, 49% of the 100 largest healthcare companies remain unprotected, while only 31% have a “reject” policy.

This snapshot represents a significant gap in DMARC adoption, and is likely indicative of sectoral cybersecurity immaturity that leaves most companies vulnerable to phishing and spoofing attacks. The most secure group, implementing a “reject” policy, points to better practices, but still represents less than one-fourth of the total analysis. 

Email is recognized as a primary vector for bad actors to gain access to people and networks. For the healthcare sector, poorly secure email often results in costly business email compromise attacks and ransomware. Healthcare organizations will need to implement more stringent security measures to ensure robust and proactive protections are in place to guard against potentially devastating cyberattacks and maintain the integrity and availability of critical healthcare services and patient data.

The rising impact of data breaches

Health records remain the most valuable type of data on the black market, making healthcare organizations prime targets. Threat actors seek maximum payout, and as such, cyberattacks on healthcare are surging. Phishing remains the leading attack vector, responsible for an estimated 90% of successful attacks. A 2024 IBM study reports that, globally, data breaches cost organizations an average of $4.9 million, with healthcare breaches costing nearly double that amount in the U.S. Additionally, over 190 million healthcare records were compromised in 2024 alone—a record-breaking number impacting over half of the U.S. population. More costly regulatory actions, fines, and class action lawsuits are deeply affecting the entire healthcare industry.

Largest US healthcare breaches 2023-2024: DMARC analysis 

Why DMARC matters for healthcare

DMARC is a proven solution to prevent phishing, domain spoofing, and Business Email Compromise (BEC) attacks. Organizations enforcing DMARC at a “reject” policy level significantly reduce the risk of email-based cyber threats.

Yet, many healthcare organizations remain unprotected, leaving sensitive patient data, financial information, and operational infrastructure exposed. The healthcare sector must prioritize stronger email security to prevent future breaches and protect critical systems from cybercriminals.

Securing the future of healthcare with OnDMARC 

Red Sift’s findings reveal an urgent need for greater DMARC adoption across healthcare organizations. Entities without DMARC should start by implementing a monitoring policy “p=none” before advancing to full enforcement “p=reject”. Those with “quarantine” policies should transition to “reject” promptly for maximum protection.

As email remains one of the most exploited entry points for cybercriminals, healthcare providers must take action now to close these security gaps, opting for a DMARC solutions provider such as Red Sift OnDMARC. Today’s new reality means implementing DMARC no longer just sits with IT—it is a critical step in safeguarding patient data, operational security, and brand reputation and should be discussed and executed at Board level.

Learn more about how Red Sift helps organizations achieve full DMARC compliance with Red Sift OnDMARC and strengthen your email security today.

This research first appeared in Betanews.

PUBLISHED BY

Red Sift

5 Mar. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
Email

What is social engineering and how can you prevent it?

Jack Lilley

Executive summary: Email phishing has evolved and criminals now use social engineering to impersonate executives, suppliers, and even government agencies, persuading recipients to approve payments or disclose credentials. Because human judgment sits at the heart of these attacks, technical controls that eliminate spoofed messages before they reach the inbox are essential. DMARC provides that…

Read more
Cybersecurity

Attackers are abusing Microsoft 365: Here’s how to stay protected

Jack Lilley

Executive summary: Varonis has surfaced an active phishing campaign that spoofs internal users by abusing Microsoft 365’s Direct Send feature. Because Direct Send doesn’t require authentication and is treated as “internal,” these messages often bypass the checks you rely on for outside mail. Microsoft now offers an opt-in switch, RejectDirectSend, to block the pathway,…

Read more
BEC

SVGs with JavaScript are bypassing traditional email security: Learn how to stay…

Jack Lilley

Executive summary: Hackers are hiding JavaScript inside SVG attachments that pass as harmless images, and slipping past Secure Email Gateways (SEGs). To stay secure, organizations need to enforce a DMARC policy of p=reject, easily implemented with Red Sift OnDMARC, to stop compromised SVGs before they reach the end user. Key takeaways: Scalable Vector Graphics…

Read more
DMARC

More than 50% of US banks remain vulnerable to phishing attacks

Stuart Rogers

Executive summary: Over half of major U.S. banks remain exposed to phishing attacks because of weak or absent DMARC enforcement, despite rising cybercrime losses and increasingly sophisticated email threats. Operational challenges, regulatory gaps, and underestimation of risk hinder stronger protections, putting customer trust and financial stability in jeopardy. Key takeaways Email remains the primary…

Read more