107 email-related HIPAA breaches were reported to the Department of Health and Human Services in just the first half of 2025.

In one enforcement case, a clinic was fined $25,000 for a single message that contained protected health information (PHI) and was sent to the wrong person without encryption

41% of healthcare IT and compliance leaders feel confident they could detect improper AI use before a HIPAA violation occurs.

39% of organizations adhere to HIPAA for API development and deployment.

13 S&P 500 companies warn of sensitive exposure under the General Data Protection Regulation, Health Insurance Portability and Accountability Act, and California privacy laws (CCPA/CPRA) related to privacy.

More than 80% of small healthcare practices expressed confidence in their current HIPAA compliance posture.

64% of small healthcare practices believe patient portals are required for HIPAA compliance.

98% of small healthcare organisations falsely believe they are HIPAA compliant.

73% of rural healthcare organisations struggle to maintain HIPAA compliance due to staffing and funding gaps.

88% of rural healthcare leaders lack confidence that their current email platform is fully HIPAA compliant out of the box.

Only 22% of all AI applications are in adherence to one or more compliance certifications such as HIPAA, PCI, ISO, FISMA, and FedRAMP.

Only 4% of known HIPAA email violations are reported to healthcare security teams.

IT leaders at healthcare organizations underestimate the costs of a HIPAA violation by a factor of four.

HIPAA fines exceeding $9 million were issued due to email security failures.