16% of healthcare IT and compliance leaders admit compliance was never consulted before AI email tools were enabled.

Only 42% of healthcare organizations have signed a Business Associate Agreement (BAA) covering any AI assistant used in email.

Only 16% of healthcare organizations have trained most of their staff (75-100%) who have access to PHI on AI usage in email.

62% of healthcare IT and compliance leaders have observed staff experimenting with ChatGPT or similar tools even though they’re unsanctioned.

4 out of 5 rural healthcare leaders say their infrastructure cannot support advanced email security.

88% of rural healthcare leaders lack confidence that their current email platform is fully HIPAA compliant out of the box.

43% of healthcare email breaches were tied to Microsoft 365.

Only 1.1% of analyzed healthcare organizations had a low-risk email security posture.

Solara Medical Supplies had a $9.76 million settlement due to email security failures.

HIPAA fines exceeding $9 million were issued due to email security failures.

Only 2% of organizations implemented DMARC, SPF, and STARTTLS together for their email security.

Email security adoption showed strong progress, with 89% of organizations implementing DMARC (Domain-based Message Authentication, Reporting & Conformance).

Email security adoption showed strong progress, with 7% of organizations implementing both DMARC and SPF (Sender Policy Framework).

Only 2% of organizations implemented DMARC, SPF, and STARTTLS together for their email security.

1% of organizations had no email security controls.