Even After an Email Breach, Most Healthcare Organizations Don’t Configure Their Email Correctly

Healthcare organizations may think they’re HIPAA compliant, but a new report from email security company Paubox shows that many are silently sending protected health information without encryption, many without even knowing it.

What healthcare gets wrong about HIPAA and email security, calls out a dangerous disconnect: “Most healthcare organizations have policies and tools that appear to check every HIPAA box. The issue is a disconnect between configuration and verification.”

Even when encryption settings are technically enabled, email platforms can still deliver messages without warning when encryption fails, for example, when the recipient server doesn’t support modern TLS. The sender gets no alert, and no audit trail shows the message was exposed.