CIO Influence
CIO Influence News IT services Security

Email Is Healthcare’s Biggest Security Risk–2025 Report Uncovers Alarming Gaps

by Business Wire
Email Is Healthcare’s Biggest Security Risk–2025 Report Uncovers Alarming Gaps

Paubox Logo

A new report analyzing 180 healthcare email breaches from January 1, 2024, to January 31, 2025 reveals widespread cybersecurity issues and escalating regulatory penalties. Paubox’s 2025 Healthcare Email Security Report highlights how email remains the leading attack vector, resulting in financial penalties, compromised patient data, and increased enforcement actions from regulators.

Key Findings: – 43.3% of breaches involved Microsoft 365 – Barracuda, Proofpoint and Mimecast accounted for 26.7% of breaches

Key Findings:

  • 43.3% of breaches involved Microsoft 365.
  • Barracuda, Proofpoint and Mimecast accounted for 26.7% of breaches
  • 264% increase in ransomware attacks on healthcare since 2018.
  • Only 1.1% of analyzed healthcare organizations had a low-risk email security posture, highlighting systemic vulnerabilities.
  • HIPAA fines exceeding $9 million were issued due to email security failures, including Solara Medical Supplies’ $9.76 million settlement.
  • $9.8 million – The average cost per healthcare email breach, according to IBM.

Email security remains healthcare’s biggest weakness

Despite a 50% increase in healthcare cybersecurity spending since 2018, many healthcare organizations still fail to implement fundamental email security protocols. 37.2% of Microsoft 365 users had DMARC in ‘monitor-only’ mode, leaving phishing attempts undetected. According to a Paubox survey, “only 27% of IT leaders feel confident about avoiding a breach in 2025.”

According to OCR Director Melanie Fontes Rainer, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.” The prevalence of email-related breaches in 2024 underscores this warning, as many healthcare organizations only realize their security gaps after a serious incident occurs.

Regulators are increasing enforcement

The HHS Office for Civil Rights (OCR) has intensified HIPAA enforcement, issuing record fines for email security failures and insufficient risk assessments. Recent high-profile cases include:

  • Solara Medical Supplies – $9.76 million settlement due to a phishing-related breach affecting 114,000 patient records.
  • L.A. Care – $1.3 million fine for systemic security lapses that led to a breach.

Get the full report

The 2025 Healthcare Email Security Report, created by Paubox and sourced from HHS Office for Civil Rights (OCR) breach data, provides an in-depth analysis of real-world breaches, industry trends, and actionable security recommendations to help healthcare IT leaders strengthen their defenses.

Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia. Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.

Related posts

Corsa Security Teams Up with Eventus Security to Deliver Managed Virtual Firewall Services

Cision PRWeb

Finitive Announces Engineering, Software Hires to Drive Expansion and Growth of Private Credit Marketplace

CIO Influence News Desk

WiteSand and SHI International Corp Support Multi-Vendor Enterprise Campus Networking

CIO Influence News Desk