Microsoft and Google fail to protect patient data
Briefly

A report by Paubox analyzed 180 email-related data breaches in the healthcare sector from January 2024 to January 2025. Findings reveal that despite both Google Workspace and Microsoft 365 employing encryption, security is often inadequate. For instance, Google still uses outdated TLS versions while Microsoft can transmit sensitive data as plain text. Institutions mistakenly believe their email compliance is automatic and commonly overlook necessary security measures. Paubox suggests implementing end-to-end encryption, monitoring TLS versions, and regularly testing email security. The report emphasizes that organizations must take greater responsibility to safeguard patient data in a digital age.
The report shows that both Google Workspace and Microsoft 365, despite employing encryption, often compromise security due to outdated TLS versions and plain text configurations.
Healthcare institutions are misled by the assumption that their email communications automatically meet compliance standards, creating vulnerabilities.
Ninety-two percent of IT leaders believe their organizations are resistant to email-related data breaches, yet many fail to implement essential security measures.
The report advises that healthcare institutions adopt end-to-end encryption and routinely test email security, highlighting that trusting default settings from tech companies is insufficient.
Read at Techzine Global
[
|
]