By Robert Hackett, Fortune

The health insurer has far safer email practices than its peers, according to a new survey.

The health care industry is still reeling after two companies announced big data breaches in the past year. Earlier this month hackers stole up to 80 million customer records from Anthem, the second largest health insurer in the U.S. In August hackers stole up to 4.5 million patient records from Community Health Systems, a Tennessee hospital operator. So how seriously are such companies taking their customers’ security?

Agari, an email security company, released results from a survey assessing the security of 147 businesses’ email communications. The poll found that the health care industry severely lags—except for one company: Aetna

An email purportedly sent from a typical health insurance company is, for instance, four times likelier to be fraudulent than an email that claims to be from a social media company.

“The poor folks in health care have traditionally not had much digital interaction. They’re the ones furthest behind by a country mile,” says Patrick Peterson, Agari founder and CEO.

The “state of email trust” survey, which ranks businesses based on their implementation of email security protocols, found that Aetna scored a perfect 100%. (Of the banks, Chase and Capital One also scored perfectly.) None of the other 13 health care companies surveyed even broke out of the “vulnerable” category, all falling below the middle mark. In fact, the average score for the sector was a pitiful 17%.

“If it wasn’t for Aetna the score would be half or quarter of that,” Peterson says, adding: “Anthem, quite unsurprisingly, did very poorly.”

In comparison, the industry with the highest ranked email security practices was social media at 67%. On the other hand, the second lowest scoring industry was European megabanks, which scored 33%.

Read the full story in Fortune