A new Paubox report uncovers significant email security vulnerabilities in healthcare. This report reveals that 60% of healthcare organizations surveyed experienced email-related security incidents last year that exposed sensitive patient data. Despite this, most attacks go unreported. Only 5% of known phishing attacks and 4% of known HIPAA email violations are reported to security teams.
Email remains healthcare’s most vulnerable cyberattack entry point, and IT leaders don’t have a handle on it. Andrea Palm, Deputy Secretary of Health and Human Services, emphasizes: “Cyber attacks directly compromise patient safety, making robust email security essential.”
Report highlights:
● 60% of healthcare IT leaders reported email security breaches or security incidents last year.
● Only 5% of known phishing attacks are reported to security teams.
● Healthcare IT teams aren’t just dealing with spam or hackers—they’re dealing with infrastructure that undermines their mission.
● IT leaders underestimate the costs of a HIPAA violation by a factor of four.
You might think that the gap between incidents and reporting points to a critical training or culture issue. However, 90% of healthcare organizations conduct regular employee training on email security best practices.
Hoala Greevy, CEO of Paubox, states: “Healthcare doesn’t need more patchwork fixes—it needs a mindset shift. Patients expect secure, convenient communication, and it’s on us to meet that standard. With AI, automation, and built-in encryption, we can proactively defend patient data before threats ever hit the inbox. That’s exactly what we built ExecProtect+ to do—eliminate risk at the source, not after the damage is done.”
