Email remains the number one attack vector for healthcare breaches. Our recent research in the 2025 Healthcare Email Security Report highlights that, in 2024 alone, 180 healthcare organizations reported email-related breaches, exposing millions of patient records and resulting in substantial financial and reputational damage.
Despite significant investments in cybersecurity, lax email security settings, weak authentication protocols, and human error continue to expose healthcare organizations to risk.
Key findings from the 2025 report
Only 5% of phishing attacks are reported by employees, making early detection nearly impossible.
Only 1.1% of healthcare organizations had a low-risk email security posture, exposing widespread vulnerabilities.
43.3% of email-related breaches in 2024 occurred on Microsoft 365
Email platforms Barracuda, Mimecast, and Proofpoint accounted for 26.7% of breaches
Why is healthcare email security so vulnerable?
Healthcare organizations are prime targets for cybercriminals due to the high value of patient data and the industry's reliance on email for communication. However, the failure to properly implement email security makes these organizations easy targets. Three primary factors contribute to the email security crisis:
Over-reliance on default security settings – Many healthcare organizations assume that using Microsoft 365, Google Workspace, or third-party security vendors means their email is automatically protected. However, without proper configurations, security tools do little to stop phishing or email fraud.
Poor adoption of email authentication protocols – DMARC, SPF, and DKIM settings are essential for preventing email spoofing and phishing attacks. The report found that 37.2% of organizations had DMARC in 'monitor-only' mode, meaning phishing emails could still reach inboxes.
Lack of real-time monitoring and employee training – Even with the best security settings in place, human error remains a major factor in email breaches. Only 5% of phishing emails are reported, indicating that employees often fail to recognize malicious emails.
The cost of email-related breaches in healthcare
The financial and reputational damage caused by email security failures is immense. The report highlights that the average cost of a healthcare data breach is $9.8 million per incident, according to IBM, making healthcare one of the most financially impacted industries by cyberattacks.
Additionally, regulatory fines for email security failures are increasing, with OCR cracking down on organizations failing to secure patient data. Recent settlements include Solara Medical Supplies - $9.76 million fine due to a phishing-related breach exposing 114,000 patient records.
Steps to improve email security in healthcare
To reduce the risk of email-based cyberattacks, healthcare organizations must adopt a multi-layered security strategy that includes:
Enforce email authentication policies – Configure DMARC, SPF, and DKIM settings to reject phishing attempts instead of allowing them in monitoring mode.
Enhance security awareness training – Employees must be trained to recognize phishing attempts, social engineering tactics, and fraudulent email requests. Ryan Winchester, CareM Director of Information Technology shared, “2025 will be the year of highly convincing phishing emails. With AI’s rapid advancement, cybercriminals can scrape social media and craft personalized emails designed to steal identities and money. No amount of training can completely eliminate human error, so businesses must have safeguards in place.”
Monitor and audit email security settings – Conduct frequent reviews of Microsoft 365 and third-party email security tools to detect vulnerabilities before attackers do.
Utilize AI-driven threat detection – Advanced security solutions like Paubox’s ExecProtect+ can detect suspicious email activity, flag anomalies, and prevent fraudulent emails from reaching employees.
The email breach crisis in healthcare is a result of lax security settings, lack of monitoring, and human error. With phishing and email fraud on the rise, healthcare organizations must take proactive measures to secure their email infrastructure.
"The data shows that even the most established email security tools are just a starting point in protecting patient data. To stay compliant, it's crucial to continuously evaluate your implementations to keep up with evolving threats. That can mean adding in additional layers of defense”, said Paubox Chief Compliance Officer, Rick Kuwahara. Investing in cybersecurity tools is not enough—proper implementation, monitoring, and enforcement of security protocols are critical to preventing breaches.
