-

New Paubox Report Reveals 60% of Healthcare Orgs Admit Email Security Failure

SAN FRANCISCO--(BUSINESS WIRE)--A new Paubox report uncovers significant email security vulnerabilities in healthcare. This report reveals that 60% of healthcare organizations surveyed experienced email-related security incidents last year that exposed sensitive patient data. Despite this, most attacks go unreported. Only 5% of known phishing attacks and 4% of known HIPAA email violations are reported to security teams.

Only 5% of known phishing attacks and 4% of known HIPAA email violations are reported to security teams.

Share

Why this matters: Email remains healthcare’s most vulnerable cyberattack entry point, and IT leaders don’t have a handle on it. Andrea Palm, Deputy Secretary of Health and Human Services, emphasizes: “Cyber attacks directly compromise patient safety, making robust email security essential.”

Report highlights:

  • 60% of healthcare IT leaders reported email security breaches or security incidents last year.
  • Only 5% of known phishing attacks are reported to security teams.
  • Healthcare IT teams aren’t just dealing with spam or hackers—they’re dealing with infrastructure that undermines their mission.
  • IT leaders underestimate the costs of a HIPAA violation by a factor of four.

You might think that the gap between incidents and reporting points to a critical training or culture issue. However, 90% of healthcare organizations conduct regular employee training on email security best practices.

Hoala Greevy, CEO of Paubox, states: “Healthcare doesn’t need more patchwork fixes—it needs a mindset shift. Patients expect secure, convenient communication, and it’s on us to meet that standard. With AI, automation, and built-in encryption, we can proactively defend patient data before threats ever hit the inbox. That’s exactly what we built ExecProtect+ to do—eliminate risk at the source, not after the damage is done.”

Download the full report here: https://hubs.la/Q03hcR7X0

For media inquiries, expert commentary, or interview requests, please contact Dawn Halpin at Paubox at press@paubox.com or 415-795-7396.

About Paubox

Paubox offers HIPAA compliant communication solutions that empower healthcare organizations of any size to simply and securely communicate. Our suite of solutions includes HIPAA compliant encrypted email, inbound email security, HIPAA compliant email marketing, and HIPAA compliant email API for transactional communications. Our customers love our HITRUST certified solutions and we have industry-topping G2 ratings (4.9/5 stars). Learn more at paubox.com

Contacts

Media Contact:
Dawn Halpin
press@paubox.com

Industry:

Paubox

Release Summary
A new Paubox report reveals that 60% of healthcare organizations surveyed experienced email-related security incidents last year.
Release Versions
English

Contacts

Media Contact:
Dawn Halpin
press@paubox.com

Social Media Profiles
Paubox on LinkedIn
Paubox on YouTube
More News From Paubox

Even After an Email Breach, Most Healthcare Organizations Don’t Configure Their Email Correctly

SAN FRANCISCO--(BUSINESS WIRE)--Healthcare organizations may think they’re HIPAA compliant, but a new report from email security company Paubox shows that many are silently sending protected health information without encryption, many without even knowing it. What healthcare gets wrong about HIPAA and email security, calls out a dangerous disconnect: “Most healthcare organizations have policies and tools that appear to check every HIPAA box. The issue is a disconnect between configuration and v...

Shadow AI Is Outpacing Healthcare Security, New Paubox Report Warns

SAN FRANCISCO--(BUSINESS WIRE)--Artificial intelligence is being woven into daily workflows across hospitals, clinics, and health systems, before most organizations have figured out how to secure it, which leaves patient data at risk. The latest research from Paubox, the leader in HIPAA compliant email security, found that 95% of healthcare organizations say employees with access to protected health information (PHI) are already using AI tools in email, yet one in four admit they have not forma...

Microsoft 365 Still Weakest Link as Healthcare Email Breaches Continue on Pace With 2024, New Paubox Report Warns

SAN FRANCISCO--(BUSINESS WIRE)--Cybercriminals are increasingly targeting Microsoft 365 environments, with the world's most widely-used business email platform now accounting for 52% of all healthcare email breaches—a dramatic surge from 43% just one year ago. The alarming trend is detailed in Paubox's newly released report, “2025 mid-year email breach data reveals there’s no slowing down”, which analyzed 107 email-related healthcare data breaches that occurred in the first half of 2025. The fi...
Back to Newsroom