In one enforcement case, a clinic was fined $25,000 for a single message that contained protected health information (PHI) and was sent to the wrong person without encryption
In one enforcement case, a clinic was fined $25,000 for a single message that contained protected health information (PHI) and was sent to the wrong person without encryption — This cybersecurity statistic was published by Paubox in November 2025. It covers topics including Healthcare, Email, PHI, HIPAA breach. The original data appears in What healthcare gets wrong about HIPAA and email security. For the full methodology and detailed findings, refer to the original report.
Share or Copy this stat
Frequently Asked Questions
What does this statistic say?
In one enforcement case, a clinic was fined $25,000 for a single message that contained protected health information (PHI) and was sent to the wrong person without encryption This data was published by Paubox and covers Healthcare, Email, PHI, HIPAA breach.
Where does this data come from?
This statistic comes from What healthcare gets wrong about HIPAA and email security, published by Paubox on November 15, 2025. You can view the original report at https://www.paubox.com/resources/what-healthcare-gets-wrong-about-hipaa-and-email-security.
What cybersecurity topics does this cover?
This statistic relates to Healthcare, Email, PHI, HIPAA breach. Browse more statistics on Healthcare or from Paubox.