A new survey reveals that 95% of phishing attacks in healthcare go unreported, leaving systems vulnerable and patient safety at risk.
A new Paubox IT Survey Report examining the state of email security in healthcare reveals that 95% of phishing attacks go unreported to security teams.
Email is still the number-one way cybercriminals get inside healthcare systems. Last year, 60% of healthcare organizations experienced an email-related security incident, yet most attacks go unreported. This means patient records could be accessed without anyone sounding the alarm.
If phishing attacks go unreported, they don’t trigger an investigation. If they aren’t investigated, systems aren’t patched, staff aren’t alerted, and patients aren’t warned. “It is important for healthcare institutions and payer organizations to understand that the weakest security link in an organization is the human element,” says Amy Larson DeCarlo, principal analyst at GlobalData, in a release. “End users are vulnerable to anything that either promises to make a task easier or offers them some kind of reward for clicking on a link.”
Matt Murren, CEO of True North ITG, has seen the consequences firsthand. “We encountered a significant case where an outdated email system directly impacted patient care due to a cybersecurity breach,” he says in a release. “The phishing attack compromised user credentials and eventually deployed ransomware across the network. It shut systems down for two weeks. Appointments were delayed. Test results were inaccessible. Urgent care cases were diverted elsewhere. Patients lost trust. This isn’t just an IT failure—it’s a patient safety crisis.”
The report found that 37.7% of IT teams spend up to 20 hours a week resolving secure email issues, while 83% report that legacy systems disrupt their day-to-day operations.
“Healthcare organizations must move to modern, cloud-hosted email systems as a baseline for security. Equally important is ongoing education to protect staff from phishing and social engineering, which continue to be the most effective tactics used by attackers,” says David Chou, founder of Chou Group Healthcare Technology Advisory Services, in a release.
Hoala Greevy, CEO of Paubox, states in a release, “Healthcare doesn’t need more patchwork fixes—it needs a mindset shift. Patients expect secure, convenient communication, and it’s on us to meet that standard. With AI, automation, and built-in encryption, we can proactively defend patient data before threats ever hit the inbox.”
ID 331342663 © Sascha Winter | Dreamstime.com
