Inconsistent adoption of DMARC standards is leaving 60 percent of US healthcare organizations that have already reported breaches exposed to a second attack.
The study from Red Sift looks at breaches reported to the US Department of Health and Human Services (HHS) during 2023-2024 shows that of 101 companies analyzed, 61 percent remain unprotected, with 33 having no DMARC policy and 28 lacking any data on DMARC.
Only 39 percent (40 companies) have implemented some level of enforcement, with 24 adopting the strongest ‘reject’ policy and 16 using ‘quarantine.’
In addition, Red Sift’s analysis of the 100 largest EMEA healthcare companies by revenue reveals 49 percent are unprotected, with 26 companies demonstrating no DMARC policy and 23 companies listed as N/A (no data available). In contrast, 51 percent of companies have some level of enforcement, with 31 adopting the strongest ‘reject’ policy (23.8 percent) and 20 using the moderate ‘quarantine’ policy (15.8 percent).
Last year proved a challenging period for healthcare data security. The HHS data shows there was a slight reduction in the number of reported data breaches involving 500 or more records. By January 6, 2024, there were 703 major data breaches reported to the Office for Civil Rights (OCR), down 5.9 percent from the 747 reported in 2023.
However, the total number of compromised healthcare records reached 184,111,469, an increase of 9.4 percent from the previous year, affecting over half of the US population.
“Despite the increasing adoption of DMARC in multiple critical infrastructure sectors, uneven
implementation and relatively weak enforcement in healthcare leave significant gaps,
underscoring the urgent need for industry-wide commitment to robust cybersecurity
practices,” writes Sean S. Costigan, managing director, resilience strategy at Red Sift. “Organizations must therefore adopt a layered defense strategy, starting with necessary measures like email security and MFA, advancing to more comprehensive protections such as network mapping and continuous asset inventories.”
You can read more on the Red Sift blog.
Image credit: PeopleImages.com/depositphotos.com
![supply-chain-‘butterfly-effects’-what-are-they-and-how-do-you-navigate-them?-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/01/2936-supply-chain-butterfly-effects-what-are-they-and-how-do-you-navigate-them-qa.jpg)