AI-powered phishing email threats are a growing cybersecurity concern for hospitals and other healthcare organizations. A new report from Paubox highlights the disconnect between perceived security readiness and actual vulnerability within healthcare email systems. It also calls attention to what healthcare organizations can do to improve the way they protect themselves.
According to the report, Healthcare IT is dangerously overconfident about email security, hackers use generative AI to craft messages that mimic the tone, structure, and urgency of real communication. They’re going beyond the executive team to target billing teams, HR, and clinicians.
“We’ve seen email threats evolve faster than many tools meant to stop them,” said Paubox CEO Hoala Greevy. “It’s not just about phishing anymore — it’s about deception at scale.”
While 92% of IT leaders say they are confident in their ability to prevent email breaches, 86% admit they worry about their HIPAA compliance status, underscoring a dangerous gap between perceived readiness and regulatory reality. Healthcare IT teams often work with resource limitations, competing priorities, and institutional resistance, which create a perfect storm of inaction, according to the report. Despite growing awareness of email risk, these barriers prevent meaningful change.
“As progress in AI and analytics continues to advance, hackers will find more inventive and effective ways to capitalize on human weakness in areas of (mis)trust, the desire for expediency, and convenient rewards.” according to Amy Larsen DeCarlo, Principal Analyst, GlobalData.
Too many healthcare IT leaders rely on outdated frameworks, unverified configurations, and assumptions that haven’t been tested under real-world breach conditions, the report warns. It’s time to re-evaluate trusted platforms, tools, and training.
The report is based on a survey capturing the experience and perspectives of 150 U.S.-based healthcare IT leaders gathered in Q1 2025, representing diverse healthcare organizations and settings. The report also includes insights from real-world breaches and user behavior data collected through internal security reviews.
To access the full report, Healthcare IT is dangerously overconfident about email security, complete the form below.
Picture: saifulasmee chede, Getty Images