Microsoft(US:MSFT) Businesswireยท2025-09-05 21:39Core Insights - Cybercriminals are increasingly targeting Microsoft 365, which now accounts for 52% of all healthcare email breaches, up from 43% a year ago [1][4] - The report indicates a total of 107 healthcare email breaches in the first half of 2025, compromising over 1.6 million patient records [2][3] - The average cost of a healthcare data breach has reached $11 million, marking the healthcare sector as the most expensive industry for data breaches for the 14th consecutive year [3][10] Microsoft 365 Breaches - The rise in Microsoft 365 breaches represents a 21% increase year-over-year, indicating that cybercriminals are becoming more sophisticated [4] - Healthcare organizations using Microsoft 365 are facing significant security challenges as attackers refine their tactics [2][4] Financial Impact - The financial impact of healthcare breaches has reached unprecedented levels, with an average cost of $11 million per incident [3][10] - Business associates were involved in 16% of all email-related breaches, highlighting the risks associated with third-party relationships [11] Security Challenges - 79% of breached organizations had ineffective DMARC protection, a significant increase from 65% in 2024, indicating a lack of basic email authentication measures [5] - 41% of healthcare organizations are now classified as high-risk, up from 31% last year, suggesting worsening security conditions [7] Human Factor and Compliance - 81% of healthcare email breaches were classified as hacking or IT incidents, with credential compromise and phishing attacks being the most common threats [8] - Staff frustration with security protocols has led to dangerous workarounds, with 41% of healthcare providers admitting to bypassing secure messaging for productivity [9] Third-Party Risks - The Episource breach, affecting 5.4 million individuals, exemplifies the risks posed by third-party vendors in the healthcare sector [12]