Microsoft and Google fail to protect patient data

Healthcare organizations face significant risks when using Microsoft 365 and Google Workspace to send sensitive patient data.

This is according to a new report by security company Paubox. The study examined 180 email-related data breaches in the healthcare sector between January 2024 and January 2025 and analyzed how the two largest cloud providers contribute to these vulnerabilities.

Although both platforms use encryption, the report shows that this security is often inadequate. In some cases, Google Workspace uses outdated TLS versions, such as TLS 1.0 or 1.1, which are considered unsafe by security experts. Microsoft 365 goes even further by sending sensitive data as plain text in specific configurations.

According to Paubox, the problem lies not only with the technology itself, but also with the responsibility placed on healthcare institutions. Microsoft and Google provide the infrastructure, but expect customers to ensure the correct implementation of secure email settings themselves. This creates a situation in which users mistakenly assume that their communications automatically comply with laws and regulations.

Institutions underestimate risks

A striking finding from the report is the gap between perception and reality. Ninety-two percent of IT leaders in the healthcare sector say that their organization is resistant to email-related data breaches. At the same time, the report shows that many institutions do not apply crucial security measures or do not know how to check whether their emails are actually being sent securely.

Paubox advises healthcare institutions to consider using end-to-end encryption, actively monitor TLS versions, and periodically test email traffic. The report also emphasizes that relying on standard configurations from large tech companies is not enough to adequately protect patient data.

The report serves as a wake-up call for a sector that is becoming increasingly digital, but whose digital communications are in many cases more vulnerable than previously thought. The conclusion is clear: without additional measures, email remains an unpredictable and insecure link in the management of medical data.

Top story

A Ferrari needs brakes, innovation needs cybersecurity

Practical insights into managed security from the field

Sander Almekinders 6 hours ago

Tech calendar

Microsoft and Google fail to protect patient data

Institutions underestimate risks

Stay tuned, subscribe!

HPE can finally take over Juniper after settling with the US government

A Ferrari needs brakes, innovation needs cybersecurity

30% of Salesforce’s work is done by AI: what does that mean?

Memory-safe malware: Rust challenges security researchers

E-commerce solutions provider puts its own portfolio on display

Intel and Altera aim to bring AI to edge computing with new series of chips

Manhattan Associates provides supply chain software, is it more than a fancy name?

RFID gives optimal insight and overview in both store and warehouse

GITEX DIGI_HEALTH 5.0 - Thailand

IT Arena

Innovation Week 2025

Luxembourg Venture Days

Appdevcon

Webdevcon

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices