Latest news with #HoalaGreevy
Business Wire
02-07-2025
- Health
- Business Wire
Microsoft's Email Encryption Behavior May Violate HIPAA, New Paubox Report Warns
SAN FRANCISCO--(BUSINESS WIRE)--A new report from Paubox, a leader in HIPAA compliant email, reveals that Microsoft 365's email encryption behavior could be putting healthcare organizations at serious risk of noncompliance. Microsoft 365's email encryption behavior could be putting healthcare organizations at serious risk of noncompliance Share In a series of controlled TLS experiments, Paubox researchers found that Microsoft 365 may transmit messages in cleartext when encryption fails, without bouncing the message, alerting the sender, or logging any evidence of the failure. This occurred when messages were sent to recipient servers that did not support modern TLS protocols. The messages in question contained simulated PHI and were sent in accordance with typical 'force TLS' configurations that many IT leaders believe are sufficient for HIPAA compliance. 'Our team expected the message to bounce,' said Hoala Greevy, CEO of Paubox. 'Instead, it went through unencrypted—and unless you knew where to look in the headers, you'd have no idea.' Microsoft's fallback behavior directly contradicts the expectations outlined in HIPAA's Security Rule (45 CFR §164.312(e)(1)), which requires technical safeguards to ensure PHI is protected in transit. If encryption fails, and there is no way to detect or prove it, healthcare organizations may be unknowingly transmitting PHI without the protections HIPAA requires. According to the report: Microsoft 365 will attempt TLS fallback—and if that fails, deliver in cleartext No warning or notification is provided to the sender Encryption failures are not recorded in any accessible audit trail This behavior is the default, not a misconfiguration Paubox also calls out broader issues with relying on force TLS settings in cloud platforms, calling the practice a 'false sense of security that cannot be audited.' Healthcare IT and compliance leaders are encouraged to review the findings and test their own environments. The full report, How Microsoft and Google Put PHI at Risk, is available here:
Business Wire
17-06-2025
- Health
- Business Wire
New Report Exposes Confidence Crisis in Healthcare IT Security
SAN FRANCISCO--(BUSINESS WIRE)--A new Paubox report reveals that healthcare IT leaders significantly overestimate their email security—leaving patient data exposed to real and growing threats. Why it matters: Patient data doesn't just live in EHRs. It flows through inboxes, attachments, referrals, and care coordination chains every single day. If your email system isn't locked down, your HIPAA posture is a house of cards. Share According to Healthcare IT is dangerously overconfident about email security, 92% of healthcare IT leaders believe they are equipped to prevent email breaches. They're not. A survey of 150 U.S.-based healthcare organizations exposed that most are relying on outdated systems, misconfigured tools, and email security processes that are routinely bypassed by staff. The report points to a widespread 'confidence gap' in healthcare cybersecurity, where leaders assume they are secure but fail to match that confidence with the technology, training, or budget investment needed to keep up with today's threats. Why it matters: Patient data doesn't just live in EHRs. It flows through inboxes, attachments, referrals, and care coordination chains every single day. If your email system isn't locked down, your HIPAA posture is a house of cards. 'As a cybersecurity consulting practice engaging with hundreds of organizations annually, we consistently observe a critical gap in email security practices. Too often, organizations rely on infosec policies, user training, or manually enforced controls—rather than implementing automated, policy-driven email encryption solutions,' shared Andrew Hicks, Partner and National HITRUST Practice Lead for Frazier & Dieter Advisory, LLC. 'This overreliance on human-dependent safeguards introduces unnecessary risk and undermines the integrity of outbound email protection strategies.' Despite 89% of respondents identifying AI and machine learning as essential for detecting modern email threats, only 44% say they've implemented AI-powered solutions. At the same time, 56% of organizations allocate less than 10% of their security budget to email—the sector's top threat vector. Key findings from the report include: 8 out of 10 healthcare IT leaders admit they worry about their HIPAA compliance status 86% say their current tools create workflow friction Common barriers to improving email security include implementation complexity (54%), vendor limitations (53%), and legacy tech (41%) 'We've seen email threats evolve faster than many tools meant to stop them,' said Hoala Greevy, CEO of Paubox. 'It's not just about phishing anymore–it's about deception at scale.' The report also includes five recommended steps for closing the confidence gap, such as auditing email configurations, eliminating manual encryption processes, and funding email security in proportion to its risk. 'Cybercriminals are exploiting the biggest vulnerability within any organisation: humans,' said Amy Larsen DeCarlo, Principal Analyst for Global Data. 'As progress in artificial intelligence (AI) and analytics continues to advance, hackers will find more inventive and effective ways to capitalise on human weakness in areas of (mis)trust, the desire for expediency, and convenient rewards.' The full report is available at: About Paubox Paubox offers HIPAA compliant communication solutions that empower healthcare organizations of any size to simply and securely communicate. Our suite of solutions includes HIPAA compliant encrypted email, inbound email security, HIPAA compliant email marketing, and HIPAA compliant email API for transactional communications. Our customers love our HITRUST certified solutions and we have industry-topping G2 ratings (4.9/5 stars). Learn more at
Business Wire
09-06-2025
- Health
- Business Wire
92% of Healthcare IT Leaders Believe They're Prepared to Prevent Email Breaches. They're Not.
SAN FRANCISCO--(BUSINESS WIRE)--A new Paubox report shows just how off the mark healthcare IT leaders are about their email security. Based on first-party data from 150 U.S.-based healthcare IT leaders, the report reveals a dangerous confidence gap: leaders think they're covered, but the data says otherwise. 92% of healthcare IT leaders believe they're prepared to prevent email breaches. They're not. 'Healthcare IT is dangerously overconfident about email security,' reveals that 92% of healthcare IT leaders believe they're prepared to prevent email breaches. They're not. Most rely on outdated systems, tools that slow people down, and processes that actively undermine compliance. Organizations overestimate their security readiness, underinvesting in email security while forcing staff to work around clunky tools. Key findings from the report: 86% say their current tools create workflow friction, causing staff to bypass security processes 56% spend less than 10% of their security budget on email—despite it being the top threat vector Only 44% use AI-powered threat detection, even though 89% say it's critical 'We've seen email threats evolve faster than some of the tools meant to stop them,' said Hoala Greevy, Founder and CEO of Paubox. 'It's not just about phishing anymore—it's about deception at scale.' The report outlines the most common barriers IT leaders cited to adopting secure, compliant email solutions, including implementation complexity (54%), lack of vendor support (53%), and integration challenges with legacy systems (41%). These roadblocks create an environment where staff routinely bypass secure systems, putting patient data at risk. 'As a cybersecurity consulting practice engaging with hundreds of organizations annually, we consistently observe a critical gap in email security practices,' says Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Dieter Advisory, LLC. 'Too often, organizations rely on infosec policies, user training, or manually enforced controls—rather than implementing automated, policy-driven email encryption solutions. This overreliance on human-dependent safeguards introduces unnecessary risk and undermines the integrity of outbound email protection strategies.' 'I see the gap in time between new vulnerabilities emerging and budgets catching up to them,' says Tony Cox, CIO for Henderson Behavioral Health. 'That delay? That's where the attackers live.' Why it matters: PHI isn't confined to EHRs. It flows through email, attachments, referrals, and coordination chains every day. Without strong email security safeguards in place, your compliance framework is one click away from collapse. Download the full report here: About Paubox Paubox offers HIPAA compliant communication solutions that empower healthcare organizations of any size to simply and securely communicate. Our suite of solutions includes HIPAA compliant encrypted email, inbound email security, HIPAA compliant email marketing, and HIPAA compliant email API for transactional communications. Our customers love our HITRUST certified solutions and we have industry-topping G2 ratings (4.9/5 stars). Learn more at
Yahoo
09-06-2025
- Health
- Yahoo
92% of Healthcare IT Leaders Believe They're Prepared to Prevent Email Breaches. They're Not.
SAN FRANCISCO, June 09, 2025--(BUSINESS WIRE)--A new Paubox report shows just how off the mark healthcare IT leaders are about their email security. Based on first-party data from 150 U.S.-based healthcare IT leaders, the report reveals a dangerous confidence gap: leaders think they're covered, but the data says otherwise. "Healthcare IT is dangerously overconfident about email security," reveals that 92% of healthcare IT leaders believe they're prepared to prevent email breaches. They're not. Most rely on outdated systems, tools that slow people down, and processes that actively undermine compliance. Organizations overestimate their security readiness, underinvesting in email security while forcing staff to work around clunky tools. Key findings from the report: 86% say their current tools create workflow friction, causing staff to bypass security processes 56% spend less than 10% of their security budget on email—despite it being the top threat vector Only 44% use AI-powered threat detection, even though 89% say it's critical "We've seen email threats evolve faster than some of the tools meant to stop them," said Hoala Greevy, Founder and CEO of Paubox. "It's not just about phishing anymore—it's about deception at scale." The report outlines the most common barriers IT leaders cited to adopting secure, compliant email solutions, including implementation complexity (54%), lack of vendor support (53%), and integration challenges with legacy systems (41%). These roadblocks create an environment where staff routinely bypass secure systems, putting patient data at risk. "As a cybersecurity consulting practice engaging with hundreds of organizations annually, we consistently observe a critical gap in email security practices," says Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Dieter Advisory, LLC. "Too often, organizations rely on infosec policies, user training, or manually enforced controls—rather than implementing automated, policy-driven email encryption solutions. This overreliance on human-dependent safeguards introduces unnecessary risk and undermines the integrity of outbound email protection strategies." "I see the gap in time between new vulnerabilities emerging and budgets catching up to them," says Tony Cox, CIO for Henderson Behavioral Health. "That delay? That's where the attackers live." Why it matters: PHI isn't confined to EHRs. It flows through email, attachments, referrals, and coordination chains every day. Without strong email security safeguards in place, your compliance framework is one click away from collapse. Download the full report here: About Paubox Paubox offers HIPAA compliant communication solutions that empower healthcare organizations of any size to simply and securely communicate. Our suite of solutions includes HIPAA compliant encrypted email, inbound email security, HIPAA compliant email marketing, and HIPAA compliant email API for transactional communications. Our customers love our HITRUST certified solutions and we have industry-topping G2 ratings (4.9/5 stars). Learn more at View source version on Contacts Media Contact: Dawn Halpinpress@ Erreur lors de la récupération des données Connectez-vous pour accéder à votre portefeuille Erreur lors de la récupération des données Erreur lors de la récupération des données Erreur lors de la récupération des données Erreur lors de la récupération des données
