Over 60% of healthcare organizations remain unprotected against data breaches

Introduction

Red Sift’s analysis of healthcare organizations that reported large breaches to the Department of Health & Human Services (HHS) in 2023-2024 uncovered a troubling trend: post-breach, 61% remain unprotected against phishing and domain spoofing due to weak or nonexistent DMARC policies.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a widely recognized security standard that prevents attackers from impersonating organizations through email. However, despite experiencing a significant breach, many healthcare entities have yet to fully adopt this critical protection, leaving them vulnerable to further attacks.

What does the data tell us?

Research conducted by Red Sift found:

  • 61% of analyzed organizations lack protection, with 33 having no DMARC policy and 28 showing no data available.
  • Only 39% enforce DMARC, with 24 adopting “reject” (strongest protection) and 16 using “quarantine” (moderate security).
  • In EMEA, 49% of the 100 largest healthcare companies remain unprotected, while only 31% have a “reject” policy.

This snapshot represents a significant gap in DMARC adoption, and is likely indicative of sectoral cybersecurity immaturity that leaves most companies vulnerable to phishing and spoofing attacks. The most secure group, implementing a “reject” policy, points to better practices, but still represents less than one-fourth of the total analysis. 

Email is recognized as a primary vector for bad actors to gain access to people and networks. For the healthcare sector, poorly secure email often results in costly business email compromise attacks and ransomware. Healthcare organizations will need to implement more stringent security measures to ensure robust and proactive protections are in place to guard against potentially devastating cyberattacks and maintain the integrity and availability of critical healthcare services and patient data.

The rising impact of data breaches

Health records remain the most valuable type of data on the black market, making healthcare organizations prime targets. Threat actors seek maximum payout, and as such, cyberattacks on healthcare are surging. Phishing remains the leading attack vector, responsible for an estimated 90% of successful attacks. A 2024 IBM study reports that, globally, data breaches cost organizations an average of $4.9 million, with healthcare breaches costing nearly double that amount in the U.S. Additionally, over 190 million healthcare records were compromised in 2024 alone—a record-breaking number impacting over half of the U.S. population. More costly regulatory actions, fines, and class action lawsuits are deeply affecting the entire healthcare industry.

Largest US healthcare breaches 2023-2024: DMARC analysis 

Why DMARC matters for healthcare

DMARC is a proven solution to prevent phishing, domain spoofing, and Business Email Compromise (BEC) attacks. Organizations enforcing DMARC at a “reject” policy level significantly reduce the risk of email-based cyber threats.

Yet, many healthcare organizations remain unprotected, leaving sensitive patient data, financial information, and operational infrastructure exposed. The healthcare sector must prioritize stronger email security to prevent future breaches and protect critical systems from cybercriminals.

Securing the future of healthcare with OnDMARC 

Red Sift’s findings reveal an urgent need for greater DMARC adoption across healthcare organizations. Entities without DMARC should start by implementing a monitoring policy “p=none” before advancing to full enforcement “p=reject”. Those with “quarantine” policies should transition to “reject” promptly for maximum protection.

As email remains one of the most exploited entry points for cybercriminals, healthcare providers must take action now to close these security gaps, opting for a DMARC solutions provider such as Red Sift OnDMARC. Today’s new reality means implementing DMARC no longer just sits with IT—it is a critical step in safeguarding patient data, operational security, and brand reputation and should be discussed and executed at Board level.

Learn more about how Red Sift helps organizations achieve full DMARC compliance with Red Sift OnDMARC and strengthen your email security today.

This research first appeared in Betanews.

PUBLISHED BY

Sean Costigan

5 Mar. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more