In the healthcare industry, there is a disconnect between perceived security readiness and actual vulnerability within healthcare email systems that doesn’t seem to exist in other sectors.
A report by Paubox, Healthcare IT is dangerously overconfident about email security, maintains that many compliance failures are the result of false assumptions rather than negligence. These false assumptions may include groups of people who believe their vendor handles email security, according to the report. Or the organization, having passed an audit, becomes complacent.
Here are a few misconceptions the report explores.
Portals are the equivalent of compliance
Most portals create friction, which can lead to non-HIPAA compliant workarounds
Staff are well-trained so health IT functions are secure.
Human error is inevitable. You need tools that compensate, not just train
More training will solve our readiness against phishing attacks.
Although training is important, 95% of phishing still goes unreported. Better detection is critical.
Buying a HIPAA compliant platform checks the compliance checkbox.
Configuration gaps are common. Compliance isn’t guaranteed without oversight.
Email is just a communication tool
Patient data is not only housed in electronic health records. It is found in inboxes, attachments, referrals, and care coordination chains daily, according to the report.
“We’ve seen email threats evolve faster than many tools meant to stop them,” said Paubox CEO Hoala Greevey. “It’s not just about phishing anymore—it’s about deception at scale.”
To access the full report, Healthcare IT is dangerously overconfident about email security, complete the form below.
Picture: Just_Super, Getty Images