3 min read

Precipio reports major data cloud-based data breach

Caitlin Anthoney February 23, 2026

Breaches
Precipio reports major data cloud-based data breach

Precipio, Inc. disclosed a data breach after an unauthorized party accessed an employee’s cloud-based storage account, potentially exposing the sensitive personal and protected health information (PHI) of an unknown number of individuals.

 

What happened

According to the Precipio public data breach notice, the organization reported that it detected unauthorized access to an employee’s cloud-based storage account on November 25, 2025. An internal investigation found that the account may have been accessed by an outside party on or around November 23, 2025. The company began reviewing the affected files to determine what information was involved and which individuals were impacted.

The organization reports that the compromised data varies by person but may include names, addresses, dates of birth, medical record numbers, and clinical or treatment information. Precipio posted public notice of the incident on January 23, 2026, and stated that affected individuals would be informed about the specific categories of data involved.

 

What was said

The Precipio data breach notice states, “Information privacy and security are among our highest priorities. Upon learning of this event, we moved quickly to investigate and respond to the incident, secure the impacted account, and undertake the processes needed to notify potentially affected individuals.”

“Additionally, federal law enforcement was notified of the event. We recognize the evolving nature of cybersecurity and will continue to evaluate and enhance our technical safeguards in the future.”

Furthermore, “We encourage individuals who may be affected to remain vigilant against instances of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and to detect errors.”

 

In the know

Many healthcare organizations use cloud-based email platforms, like Microsoft 365 and Google Workspace, to exchange PHI, such as lab results and care instructions. To protect this data during transmission, these platforms rely on Transport Layer Security (TLS) to encrypt email as it moves between servers. While the industry standard is to use modern, secure versions like TLS 1.2 or 1.3, many organizations mistakenly believe that enabling a setting called "Force TLS" provides a guaranteed barrier against data exposure.

However, "Force TLS" often acts as an "illusion of control" because it favors deliverability over actual security. If a recipient's server is outdated and cannot support modern encryption, cloud platforms frequently resort to "silent failure" modes.

For example, Google Workspace may deliver messages using obsolete protocols (TLS 1.0 or 1.1) that have been deprecated by the NSA due to known vulnerabilities. Conversely, Microsoft 365 may refuse those outdated protocols but still deliver the message as completely unencrypted cleartext. As a result, these failures occur without an audit trail, bounce message, or alert, and healthcare providers are often unaware that sensitive patient data has been exposed in transit.

Learn more: 2025 Paubox Report: How Microsoft and Google put PHI at risk

 

The big picture

The Precipio breach shows the structural risk in how healthcare organizations protect patient data in cloud-based systems. As providers more rely on platforms like Microsoft 365 and Google Workspace to exchange lab results, prescriptions, and care instructions, email has effectively become part of the healthcare delivery chain. That makes it a high-value target for attackers and a major point of failure for compliance.

Many organizations assume that turning on basic security features, like “Force TLS,” will keep them protected. In practice, these controls often prioritize message delivery over encryption strength, creating gaps where PHI can be transmitted using weak or even unencrypted methods without warning.

Therefore, breaches can be the result of everyday system design choices that trade security for convenience. Over time, this normalizes risk across the healthcare sector and increases the likelihood that PHI will be compromised not through insecure channels.

Learn more: HIPAA Compliant Email: The Definitive Guide (2026 Update)

 

FAQs

What does HIPAA require after a breach?

HIPAA requires organizations to notify affected individuals without unreasonable delay and, depending on the size of the breach, report the incident to federal regulators and sometimes the media. These notifications must explain what happened, what information was involved, and what steps individuals can take to protect themselves.

 

What is protected health information (PHI)?

Protected health information (PHI) is any data that can identify an individual and is connected to their medical condition, healthcare services, or payment for care, whether the information is stored electronically, on paper, or shared verbally.

 

Why is PHI so valuable to attackers?

PHI can be used to commit medical identity theft, submit fraudulent insurance claims, obtain prescription drugs, or create fake medical records. Furthermore, health information cannot be easily changed, making it especially attractive to cybercriminals.
Send PHI securely—No portals required. The all-in-one email security suite for healthcare. HIPAA compliant email with Google and Microsoft.

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.