Marshfield Clinic confirms data breach after employee email compromised

Marshfield Clinic Health System has reported a data breach after unauthorized access to employee email accounts in late August, potentially exposing sensitive patient information.

What happened

Marshfield Clinic Health System has confirmed that it experienced a data breach after unauthorized individuals gained access to several employee email accounts in late August. The incident, which occurred between August 26 and August 27, allowed outsiders to view information contained in those inboxes. While the clinic has not disclosed how many patients were affected, the compromised emails may have included personal and medical information. The health system launched an internal investigation after detecting the suspicious activity and has begun notifying patients whose data may have been exposed.

Going deeper

According to WSAW, the incident appears to involve email inboxes belonging to clinic employees rather than a full system compromise, though the potential impact is nonetheless significant. Affected data varied by individual but may include name, address, phone number, date of birth, insurance ID number, medical record number, dates of service, treatment/diagnosis information, lab results, and medications. 

While Marshfield Clinic says it detected the unauthorized access on August 27 and began an investigation immediately, it is unclear when patients were notified and how long the exposure lasted. 

What was said

In a statement to WSAW, Marshfield Clinic stressed, “Protecting our patients’ data and information is a top priority, and we are committed to safeguarding patient data and personal information. We use advanced security measures, monitor for unusual activity, and respond swiftly to potential threats to maintain confidentiality and trust.”

The bigger picture

Email remains one of the most vulnerable entry points in healthcare cybersecurity, and breaches like the one at Marshfield Clinic reflect a broader, industry-wide pattern. According to Paubox, between January and July in 2025, there were 107 email-related breaches reported by healthcare organizations to the HHS. The 107 email-related breaches reported in the first half of 2025 represent a significant portion of the total 302 breaches reported to HHS during that time. 

This trend shows how easily compromised inboxes can expose large volumes of PHI, indicating the need for stronger account security controls, better staff training, and tighter safeguards around how sensitive data is shared via email.

Read also: The Healthcare Email Security Report

How Paubox can help you protect your email

Paubox offers healthcare-focused email security solutions designed to safeguard sensitive patient information without disrupting everyday communication. Their platform provides seamless, HIPAA compliant email encryption that doesn’t require extra steps like secure portals or special logins, ensuring protected health information (PHI) stays secure both in transit and at rest.

Beyond encryption, Paubox includes advanced threat protection features such as phishing detection, malware scanning, and real-time monitoring to identify and block suspicious activity before it reaches your inbox. Multi-factor authentication (MFA) and strict access controls add additional layers of defense against unauthorized access to employee email accounts.

By integrating easily with existing email systems, Paubox helps healthcare organizations reduce the risk of email breaches, maintain regulatory compliance, and protect patient trust, all while keeping communication simple and secure.

Read also: HIPAA Compliant Email: The Definitive Guide (2025 Update)

FAQS

How can healthcare organizations protect email accounts?

Using multi-factor authentication (MFA), employee security training, email encryption, real-time threat detection, and strict access controls are key steps in securing email accounts. Furthermore, solutions like Paubox can help by providing seamless HIPAA compliant email encryption combined with advanced phishing protection and continuous monitoring, helping to prevent unauthorized access and ensure sensitive patient information stays secure.

What should employees do if they suspect their email account has been compromised?

They should immediately report the incident to their IT or security team, change their passwords, and follow any organizational protocols for incident response.

Can encrypted email prevent breaches completely?

While encryption significantly reduces risk by protecting data in transit and at rest, it must be combined with other security measures like MFA and employee training to effectively prevent breaches.