"Small" violations can cost healthcare practices anywhere from $25,000 to $9.76 million per incident.

Phishing attacks now account for over 70% of healthcare data breaches as of 2024.

About 50% of small healthcare organisations lack anti-phishing controls beyond default spam filters.

Nearly 99% of small healthcare organisations have not implemented secure email transfer protocols.

98% of small healthcare practices claim their platforms "encrypt emails by default".

Sunrise Community Health experienced an email compromise affecting 54,000+ patients.

Only half of small healthcare practices have phishing or spoofing protection enabled.

The average small healthcare employee has access to more than 5,500 sensitive files.

Salud Family Health had a phishing attack exposing 80,000+ records.

One-third of small healthcare practices report not having enough time for compliance tasks.

One-third of small healthcare practices have no clear policies or procedures in place.

Agape Health paid $25,000 for emailing protected health information unencrypted.

70% of vulnerabilities detected in healthcare systems were categorised as Medium and High severity issues.

Outdated or unpatched software leaves critical healthcare devices vulnerable to exploitation.

In Sweden, 74,000+ internet-connected healthcare devices and systems are exposed, endangering patient data.

In South Africa, 172,000+ internet-connected healthcare devices and systems are exposed, endangering patient data.

In the United States, 174,000+ internet-connected healthcare devices and systems are exposed, endangering patient data.

Many healthcare systems lack even basic authentication, and some use factory-default or weak passwords like, "admin" or "123456."

In France, 75,000+ internet-connected healthcare devices and systems are exposed, endangering patient data.

In Japan, 48,000+ internet-connected healthcare devices and systems are exposed, endangering patient data.