New analysis reveals cybercriminals increasingly exploiting world's most popular business email platform, with 107 healthcare incidents in seven months

Cybercriminals are increasingly targeting Microsoft 365 environments, with the world's most widely-used business email platform now accounting for 52% of all healthcare email breaches—a dramatic surge from 43% just one year ago.

The alarming trend is detailed in Paubox's newly released report, “2025 mid-year email breach data reveals there’s no slowing down”, which analyzed 107 email-related healthcare data breaches that occurred in the first half of 2025. The findings reveal that healthcare organizations using Microsoft 365 face mounting security challenges as attackers refine their tactics to exploit the platform's widespread adoption.

More than 1.6 million patient records were compromised across all incidents, with the average breach exposing nearly 16,000 individual records. The largest single breach—affecting United Seating and Mobility—exposed over half a million records, while the financial impact has reached unprecedented levels, with healthcare breaches now costing an average of $11 million per incident according to IBM's latest research.

"Healthcare IT leaders are confident in their systems, until a breach happens," said Rick Kuwahara, Chief Compliance Officer at Paubox. "What we're seeing is a perfect storm of limited resources, expanding attack surfaces, and security strategies that rely too heavily on human vigilance."

Microsoft 365 incidents increase dramatically

The sharp rise in Microsoft 365 breaches represents a 21% increase year-over-year, suggesting that cybercriminals are becoming more sophisticated in their approach to the platform that serves hundreds of millions of users worldwide. This trend is particularly concerning given Microsoft's dominant position in healthcare IT infrastructure.

Even some premium email security solutions aren't preventing breaches, the report notes, citing incidents involving Mimecast (8%), Proofpoint (6%), and Barracuda (5%) customers. "The inclusion of these platforms suggests that setup, maintenance, and enforcement are more important than the brand name you buy."

Call for fundamental change

Traditional approaches to email security are failing. With 79% of breached organizations having ineffective DMARC protection—up dramatically from 65% in 2024—it's clear that many healthcare organizations are still not implementing basic email authentication measures.

"You don't need to choose between security and usability," Kuwahara emphasized. "A thorough risk analysis and proactive security updates cost a lot less than a breach."

The data shows that 41% of healthcare organizations are now classified as high-risk, compared to just 31% last year—a troubling trend that suggests the problem is getting worse, not better.

As healthcare organizations grapple with these mounting challenges, the report stresses that email security can no longer be treated as a checkbox exercise. With cyberattacks now cited as the leading cause of critical workflow disruptions by 50% of organizations, the cost of inaction has never been clearer.

Human factor remains the biggest gap

The report reveals that 81% of healthcare email breaches were classified as hacking or IT incidents, with credential compromise and phishing attacks dominating the threat landscape. Alarmingly, IT leaders estimate that only 5% of known phishing attacks are actually reported by employees to security teams.

Staff frustration with security protocols is creating dangerous workarounds. A recent survey found that 41% of healthcare providers admitted their teams had bypassed secure messaging at least once in the past year, prioritizing productivity over security—a decision that can have catastrophic consequences.

The financial stakes have never been higher. According to IBM's 2025 Cost of a Data Breach Report, healthcare breaches now cost an average of $11 million per incident, making it the most expensive industry for data breaches for the 14th consecutive year.

Third-party vendors create invisible risk

Business associates—including billing vendors, imaging firms, and outsourced IT providers—were involved in 17 of the 107 email-related breaches, representing 16% of all incidents. These third-party relationships often create blind spots that organizations don't discover until it's too late.

The Episource breach, which affected 5.4 million individuals after the company was acquired by Optum (a UnitedHealth Group subsidiary), exemplifies how deeply embedded business associates can be. Many healthcare providers may not have even realized their patient data was connected to Episource through the broader UnitedHealth network, illustrating how invisible these third-party relationships can remain until a breach occurs.

Download the complete report at https://hubs.la/Q03GBH5R0

View source version on businesswire.com: https://www.businesswire.com/news/home/20250905190723/en/

Healthcare IT leaders are confident in their systems, until a breach happens. What we're seeing is a perfect storm of limited resources, expanding attack surfaces, and security strategies that rely too heavily on human vigilance.