Even After an Email Breach, Most Healthcare Organizations Don’t Configure Their Email Correctly

News > Technology News

Carbonatix Pre-Player Loader

Audio By Carbonatix

11:59 AM on Monday, November 10

The Associated Press

SAN FRANCISCO--(BUSINESS WIRE)--Nov 10, 2025--

Healthcare organizations may think they’re HIPAA compliant, but a new report from email security company Paubox shows that many are silently sending protected health information without encryption, many without even knowing it.

What healthcare gets wrong about HIPAA and email security, calls out a dangerous disconnect: “Most healthcare organizations have policies and tools that appear to check every HIPAA box. The issue is a disconnect between configuration and verification.”

Even when encryption settings are technically enabled, email platforms can still deliver messages without warning when encryption fails, for example, when the recipient server doesn’t support modern TLS. The sender gets no alert, and no audit trail shows the message was exposed.

“From a compliance standpoint, that’s a breakdown the organization can’t detect until it’s too late,” the report states.

In just the first half of 2025, 107 email-related HIPAA breaches were reported to the Department of Health and Human Services, putting the year on pace to exceed last year’s 180 email breaches.

To compensate, some organizations rely on secure portals or manual encryption triggers. Paubox warns these methods create their own risks, mainly due to human error: “Every single unencrypted message containing PHI can trigger a reportable HIPAA breach.” In one enforcement case, a clinic was fined $25,000 for a single message sent to the wrong person without encryption.

The report comes as the Office for Civil Rights pushes to strengthen the HIPAA Security Rule, proposing that encryption of PHI at rest and in transit become a required safeguard, not an optional one.

“Every unencrypted email is a potential breach, and every breach erodes trust,” says Paubox CEO, Hoala Greevy. “The leaders who automate compliance now are the ones who’ll avoid the fines, the headlines, and operational delays later.”

Paubox urges healthcare IT and compliance leaders to begin auditing outbound email security now.

The full report, What healthcare gets wrong about HIPAA and email security, is available now at https://hubs.la/Q03Sqkwp0.

View source version on businesswire.com:https://www.businesswire.com/news/home/20251110987550/en/

CONTACT: Media Contact:

Dawn Halpin

[email protected]

KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA

INDUSTRY KEYWORD: SECURITY HOSPITALS HEALTH TECHNOLOGY SOFTWARE

SOURCE: Paubox

Copyright Business Wire 2025.

PUB: 11/10/2025 11:59 AM/DISC: 11/10/2025 11:59 AM

http://www.businesswire.com/news/home/20251110987550/en

This content is used here with permission. To view the original visit: https://www.businesswire.com/news/home/20251110987550/en/
 

You might also be interested in:

Salem News Channel Today

Sponsored Links

On Air & Up Next

  • The Scott Jennings Show
    2:00PM - 3:00PM
     
    Jennings is battle-tested on cable news, a veteran of four presidential   >>
     
  • The Hugh Hewitt Show
    3:00PM - 6:00PM
     
    Hugh Hewitt is one of the nation’s leading bloggers and a genuine media   >>
     
  • SEKULOW
    6:00PM - 7:00PM
     
    Logan Sekulow and Will Haynes are joined by Jordan Sekulow to discuss Justice   >>
     
  • The Larry Elder Show
    7:00PM - 10:00PM
     
    Larry Elder personifies the phrase “We’ve Got a Country to Save” The “Sage from   >>
     
  • The Mark Levin Show
    10:00PM - 12:00AM
     
    Mark Levin is one of America's preeminent conservative commentators and   >>
     

See the Full Program Guide