2025 mid-year email breach data reveals there's no slowing down

The largest single email breach, affecting United Seating and Mobility, exposed over half a million records.

More than 1.6 million patient records were compromised across all analysed email-related healthcare incidents that occurred in the first half of 2025.

Incidents involving Mimecast email customers accounted for 8% in healthcare.

Incidents involving Barracuda email customers accounted for 5% in healthcare.

79% of breached healthcare organizations have ineffective DMARC protection. This is up dramatically from 65% in 2024.

Incidents involving Proofpoint email customers accounted for 6% in healthcare.

Business associates (including billing vendors, imaging firms, and outsourced IT providers) were involved in 17 of the 107 email-related breaches in healthcare. This represents 16% of all incidents.

41% of healthcare organizations are now classified as high-risk. This compares to just 31% last year.

Cyberattacks are cited as the leading cause of critical workflow disruptions by 50% of healthcare organizations.

IT leaders estimate that only 5% of known phishing attacks in healthcare are actually reported by employees to security teams.

The sharp rise in Microsoft 365 email breaches in healthcare represents a 21% increase year-over-year.

The Episource breach affected 5.4 million individuals

81% of healthcare email breaches were classified as hacking or IT incidents.

Microsoft 365 environments now account for 52% of all healthcare email breaches. This represents a dramatic surge from 43% just one year ago.

The average healthcare email breach exposed nearly 16,000 individual records in the first half of 2025.