Healthcare IT Leaders Gave Themselves a Perfect Breach Detection Score. 58% of Them Got Breached Anyway, Paubox Finds
Healthcare IT Leaders Gave Themselves a Perfect Breach Detection Score. 58% of Them Got Breached Anyway, Paubox Finds
New Paubox research finds healthcare IT leaders confident in their defenses while encryption gaps drive breaches across the industry.
SAN FRANCISCO--(BUSINESS WIRE)--Healthcare IT leaders are giving themselves top marks on email breach detection while their organizations keep getting breached, according to new research from Paubox. In a survey of 170 U.S. healthcare IT leaders, 100% rated their real-time breach detection as Excellent or Good. In the same sample, 58% admitted their organization had been breached through email in the past two years.
“Recipient experience is not secondary to security,” said Hoala Greevy, founder and CEO of Paubox. “When more than a third of clinical staff are working around the encryption control, the control is not working.”
Share
The findings come from the Healthcare Email Security Maturity Index 2026, published today by Paubox, a HIPAA compliant email security company. The Maturity Index scored each organization across eight dimensions of email security and surfaced the gap between what leaders believe their controls do and what the data shows.
The scoring exposed encryption as the weakest dimension. Breached organizations themselves told Paubox what needed to change: 47% named strengthening encryption policies as their top post-breach action, ahead of phishing simulation training or changing email providers.
The encryption tools healthcare relies on are pushing staff to work around them. 48% of healthcare organizations always require email recipients to log in to a portal to read encrypted messages. Among those, more than 1 in 3 report clinical staff bypassing the workflow entirely.
“Recipient experience is not secondary to security,” said Hoala Greevy, founder and CEO of Paubox. “When more than a third of clinical staff are working around the encryption control, the control is not working.”
Healthcare data breaches carry the highest cost of any industry at $7.42 million per incident, according to IBM Security. Phishing is the leading initial access vector.
The report’s closing roadmap urges healthcare organizations to make encryption the default for outbound protected health information, replace legacy portals with a secure message center, and treat automation as a security control rather than a productivity feature.
The full Healthcare Email Security Maturity Index 2026 is available now at https://hubs.la/Q04dDF2C0.
About Paubox
Paubox is a leader in HIPAA compliant email security for healthcare. Trusted by more than 8,000 organizations, including Cost Plus Drugs, Rippling, and Covenant Health, Paubox works with your existing platform to secure every email sent and received. Paubox is rated #1 on G2 and is recognized on G2’s 2026 Best Healthcare Software Products list. Paubox offers HIPAA compliant email encryption, AI-powered inbound email security, archiving, data loss prevention, a secure email API for transactional messaging, forms, and email marketing.
Contacts
Media Contact:
Dawn Halpin
press@paubox.com
