Healthcare Phishing Statistics

IT leaders estimate only 5% of known phishing attacks are reported by healthcare employees to their security teams.

IT leaders estimate that only 5% of known phishing attacks in healthcare are actually reported by employees to security teams.

43% of small healthcare organisations reported experiencing a phishing or spoofing incident in the past year.

Solara Medical faced a $9.76 million class-action settlement following a phishing attack.

Phishing attacks now account for over 70% of healthcare data breaches as of 2024.

About 50% of small healthcare organisations lack anti-phishing controls beyond default spam filters.

Only half of small healthcare practices have phishing or spoofing protection enabled.

Salud Family Health had a phishing attack exposing 80,000+ records.

Healthcare was the third most targeted sector for email-based attacks in Q2 2025, accounting for 19% of attacks.

Only 53% of healthcare organizations run phishing simulations.

Only 5% of known phishing attacks are reported to healthcare security teams.

Solara Medical Supplies' $9.76 million settlement was due to a phishing-related breach affecting 114,000 patient records.

Nearly one-third of all healthcare email incidents were attributed to vendor and business associate email exposure, making it the most frequent attack pattern.

Stolen login credentials led to the most damaging email-related healthcare breaches in 2025, exposing more than 630,000 patient records.

Approximately 17% of healthcare email breaches were the result of phishing-driven mailbox takeovers.

Less than one-fifth of total healthcare email incidents involved identity abuse via stolen credentials, yet these remained the most damaging type of attack.