"The report revealed that 74% of the analyzed organizations either lacked a DMARC policy entirely or had it set to monitor-only mode, which does not block spoofed emails."
"Over half of the organizations failed to verify whether incoming messages came from authorized senders, leaving them vulnerable to email spoofing."
"None of the breached organizations enforced MTA-STS, which is crucial for ensuring encrypted connections between mail servers to prevent interception."
"Despite a drop in the total number of breached organizations from 180 in 2024 to 170 in 2025, the average email security configurations of those breached worsened significantly."
A report by Paubox analyzed 170 email-related healthcare breaches reported to the HHS in 2025. It found that 74% of organizations lacked a DMARC policy or had it in monitor-only mode. Over half failed to verify incoming messages from authorized senders. None enforced MTA-STS for encrypted connections. Microsoft 365 was used by 53% of breached organizations, with many having weak email authentication settings. Although the total number of breaches decreased, the average configuration of breached organizations worsened, with 41% in the highest risk category.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]