Healthcare's email security maturity gap

How 170 healthcare IT leaders rate their programs, what their controls actually do, and why breaches keep happening

Download Free Report
REPORT

2025 healthcare email security report

Key insights from 180 email-related healthcare breaches and actionable steps to protect your organization.

 

Download the report

Cybersecurity graphic
REPORT

2025 healthcare email security report

Key insights from 180 email-related healthcare breaches and actionable steps to protect your organization.


Download the report

2025-03-07_REPORT_StateofSecurity-1

Top takeaways

The Healthcare Email Security Maturity Index scored 170 U.S. healthcare IT leaders across eight dimensions of email security and mapped each organization to one of four maturity tiers.

Group 97-1
170

170 U.S. healthcare IT leaders scored across eight dimensions of email security

Group 131
58%

58% of healthcare organizations were breached through email in the past 24 months. 23% were breached more than once.

Group 131
47%

47% of breached organizations named strengthening encryption as their #1 post-breach action, ahead of training (44%) or new tooling (42%).

Group 131
64%

64% of healthcare organizations have been hit by an AI-generated email attack. Only 38% have AI-based defenses fully deployed and monitored.

Key resources

COMPLETE REPORT
Group 133
Healthcare email security maturity index 2026
How 170 healthcare IT leaders rate their programs, what their controls actually do, and why breaches keep happening.
Download the report
EXECUTIVE SUMMARY
Group 133
Healthcare email security maturity index 2026
Seven of eight email security dimensions scored Proactive or Leading. The eighth, encryption, is doing outsized damage. Here's what the data shows.
View executive summary
INFOGRAPHIC
Group 133
The encryption gap behind healthcare email breaches
A single-page visual breakdown of the eight maturity dimensions, where they score, and which one keeps showing up in breach data.
View infographic
EXCERPT
Group 133
The self-detection paradox
100% of healthcare IT leaders rate their breach detection as Excellent or Good. 58% of them got breached anyway. Both numbers come from the same 170 respondents.
View report excerpt
EXCERPT
Group 133
Portal friction is manufacturing the next breach
48% of healthcare organizations always require recipients to log in to a portal to read encrypted email. More than 1 in 3 report clinical staff bypassing the workflow.
View report excerpt
EXCERPT
Group 133
AI attacks are mainstream. AI defenses are not.
64% of healthcare organizations have been hit by an AI-generated email attack. Only 38% have AI-based defenses fully deployed and actively monitored.
View report excerpt