Approximately 3 million email addresses in the healthcare sector may be at risk of exposure to cyberattacks due to unverified email delivery practices.

43.3% of healthcare email breaches involved Microsoft 365.

IT leaders estimate only 5% of known phishing attacks are reported by healthcare employees to their security teams.

There was a 264% increased surge of ransomware attacks on healthcare organizations.

Barracuda, Mimecast, and Proofpoint account for 26.7% of healthcare email breaches in 2024.

1.1% of healthcare organizations analyzed had a 'Low Risk' email security posture.

68.8% of healthcare organizations analyzed had a 'Medium Risk' email security posture.

31.1% of healthcare organizations analyzed had a 'High Risk' email security posture.

Email-related incidents increased by 57%.

64% of organizations fell victim to external attacks that exploited employees through email.

42.72% of IT decision-makers at financial services firms reported that email security is currently fully or partially managed by an MSP or MSSP.

25% of healthcare organizations have not formally approved any staff use of AI in email.

94% of healthcare organizations have begun updating security policies to address generative AI threats in email.

69% of healthcare IT leaders feel pressured to adopt AI faster than they can secure it.

75% of healthcare organizations say AI has added confusion, not clarity, to email compliance.

58% of healthcare organizations have not signed a BAA for an AI email tool so far.

Only 16% of healthcare organizations have trained most of their staff (75-100%) who have access to PHI on AI usage in email.

62% of healthcare IT and compliance leaders have observed staff experimenting with ChatGPT or similar tools even though they’re unsanctioned.

21% of respondents from healthcare organizations believe a Business Associate Agreement (BAA) isn’t required for an AI email assistant.

95% of healthcare organizations report staff are already using AI tools.