AI-powered phishing email threats are cybersecurity issues in hospitals and other healthcare organizations. A new report from Paubox highlights the disconnect between perceived security readiness and actual vulnerabilities in healthcare email systems. It also draws attention to what healthcare organizations can do to improve the way they protect themselves.
According to the report Healthcare is dangerously overconfident in email safety,,,,, Hackers use generated AI to create information that mimics the tone, structure and urgency of real communication. They go beyond the executive team’s goals and can target billing teams, HR and clinicians.
“We have seen email threats evolve faster than many tools to stop them,” said Paubox CEO Hoala Greenvy. “It’s no longer phishing, it’s mass fraud.”
While 92% of IT leaders say they are confident in their ability to prevent email violations, 86% admit they are concerned about their HIPAA compliance status, highlighting the dangerous gap between perceived readiness and regulatory reality. The report says healthcare IT teams often limit resource constraints, competitive priorities and institutional resistance, which creates a perfect storm of inaction. Despite growing awareness of email risks, these barriers prevent meaningful changes.
“As advances in artificial intelligence and analytics continue to move forward, hackers will find more creativity and effective ways to leverage (MIS) trust, human weaknesses in stop-to-point measures and convenient rewards,” according to GlobalData chief analyst Amy Larsen DeCarlo.
The report warns that too many healthcare IT leaders rely on outdated frameworks, unverified configurations, and assumptions that have not been tested under real-world violations. It’s time to reevaluate trusted platforms, tools and training.
The report is based on a survey that captures the experience and perspectives of 150 U.S. healthcare IT leaders gathered in Q1 2025, representing a variety of healthcare organizations and environments. The report also includes insights on real-world violations and user behavior data collected through internal security reviews.
To access the full report, Healthcare is dangerously overconfident in email safety,,,,, Fill in the form below.
picture: Saifulasmee Chede, Getty Images
