A new Paubox report reveals that healthcare IT leaders significantly overestimate their email security—leaving patient data exposed to real and growing threats.
Also Read: The Agentic AI Revolution: Top 5 Must-Have Agents for Telcos in 2025
According to Healthcare IT is dangerously overconfident about email security, 92% of healthcare IT leaders believe they are equipped to prevent email breaches.
They’re not.
A survey of 150 U.S.-based healthcare organizations exposed that most are relying on outdated systems, misconfigured tools, and email security processes that are routinely bypassed by staff.
The report points to a widespread “confidence gap” in healthcare cybersecurity, where leaders assume they are secure but fail to match that confidence with the technology, training, or budget investment needed to keep up with today’s threats.
Why it matters:
Patient data doesn’t just live in EHRs. It flows through inboxes, attachments, referrals, and care coordination chains every single day. If your email system isn’t locked down, your HIPAA posture is a house of cards.
“As a cybersecurity consulting practice engaging with hundreds of organizations annually, we consistently observe a critical gap in email security practices. Too often, organizations rely on infosec policies, user training, or manually enforced controls—rather than implementing automated, policy-driven email encryption solutions,” shared Andrew Hicks, Partner and National HITRUST Practice Lead for Frazier & Dieter Advisory, LLC. “This overreliance on human-dependent safeguards introduces unnecessary risk and undermines the integrity of outbound email protection strategies.”
Despite 89% of respondents identifying AI and machine learning as essential for detecting modern email threats, only 44% say they’ve implementedc. At the same time, 56% of organizations allocate less than 10% of their security budget to email—the sector’s top threat vector.
Key findings from the report include:
- 8 out of 10 healthcare IT leaders admit they worry about their HIPAA compliance status
- 86% say their current tools create workflow friction
- Common barriers to improving email security include implementation complexity (54%), vendor limitations (53%), and legacy tech (41%)
“We’ve seen email threats evolve faster than many tools meant to stop them,” said Hoala Greevy, CEO of Paubox. “It’s not just about phishing anymore–it’s about deception at scale.”
The report also includes five recommended steps for closing the confidence gap, such as auditing email configurations, eliminating manual encryption processes, and funding email security in proportion to its risk.
“Cybercriminals are exploiting the biggest vulnerability within any organisation: humans,” said Amy Larsen DeCarlo, Principal Analyst for Global Data. “As progress in artificial intelligence (AI) and analytics continues to advance, hackers will find more inventive and effective ways to capitalise on human weakness in areas of (mis)trust, the desire for expediency, and convenient rewards.”
Also Read: Why Cybersecurity-as-a-Service is the Future for MSPs and SaaS Providers
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
