Understanding email security threats in remote healthcare

Simon Biddiscombe, writing for Forbes Technology Council, observed, "The coronavirus pandemic has transformed healthcare operations in just a matter of weeks." From telehealth consultations to administrative staff working from home, healthcare professionals are relying on email communication to coordinate patient care, share medical information, and manage healthcare operations. However, this shift has created security challenges, especially when it comes to protecting sensitive patient data transmitted via email.

Healthcare organizations face cybersecurity threats that extend beyond typical business concerns. According to A systematic analysis of failures in protecting personal health data: A scoping review, personal health data breaches pose challenges to healthcare providers and clients, because converting personal health records into digital format has introduced new information risks, especially in terms of privacy and data security. Patient health information is among the most valuable data on the dark web, with implications for remote healthcare workers.

Read also: The Healthcare Email Security Report

Understanding the stakes

The Health Insurance Portability and Accountability Act (HIPAA) provides protections for patient health information, and violations can result in consequences. Penalties for HIPAA breaches range from thousands to millions of dollars, depending on the severity and nature of the violation. Beyond financial penalties, healthcare organizations face reputational damage, loss of patient trust, and potential legal action from affected individuals.

Remote healthcare staff must recognize that every email containing patient information represents a potential security incident if not handled properly. As Biddiscombe notes in his Forbes article, "Any device that connects to a hospital network can put highly confidential patient information at risk if not properly secured." A single compromised email account can provide cybercriminals access to thousands of patient records, prescription information, insurance details, and other protected health information. The consequences extend beyond the organization to directly impact patients whose privacy and safety depend on proper security protocols.

The value of compromised health data cannot be overstated. Research from the scoping review reveals that when examined from a hacker's perspective, the worth of an individual's medical record exceeds that of their credit card details by a considerable margin. While credit card information can provide quick cash for a hacker, the impacts of health data breaches are more. Investigative reports found that on the darknet, an individual's medical records could be worth $100 or even $1000, while a credit card is worth $1 or less. This makes healthcare data a target for cybercriminals.

As the Canadian Centre for Cyber Security notes, "Remote work can increase the likelihood of compromises to your organization's sensitive information." This heightened risk makes it essential for healthcare organizations to implement security measures specifically designed for remote work environments.

The scale of the threat has worsened. Research published in the Journal of Medical Internet Research found that cyber attacks increased by 500% throughout the pandemic, according to Jason Sabin's analysis of remote work security. By 2021, these attacks were projected to cost world businesses $6 trillion annually. For healthcare organizations handling sensitive patient data, these statistics show the need for robust email security measures.

Learn more: How to promote secure email practices among remote workers

Common email security threats

Phishing attacks remain the primary method through which cybercriminals gain access to healthcare email accounts. According to HealthTech Magazine, since the COVID-19 pandemic's start, 63 percent of organizations across all sectors, including healthcare, have seen an increase in phishing attacks. Sabin's research reveals that phishing attacks have spiked by 350% during the pandemic. These attacks often disguise themselves as legitimate communications from hospital administration, insurance companies, or healthcare technology vendors. Remote workers, operating outside the traditional office environment, may be more vulnerable to these schemes without the immediate support of IT staff or colleagues to verify suspicious messages.

Biddiscombe emphasizes the vulnerability of mobile endpoints, noting that "mobile devices are the least-monitored endpoint right now, and hackers are continuously targeting healthcare organizations, looking for a way in." The scale of potential damage is that, "It only takes one fail point, such as a jailbroken device or a single successful phishing attack, to give professional cybercriminals the keys to the kingdom: data centers full of valuable patient data."

Healthcare organizations face vulnerabilities due to their structure and operations. The scoping review notes that healthcare organizations exhibit higher vulnerability to data breaches in contrast to their counterparts in other sectors. This vulnerability arises when multiple actors within healthcare settings have access to personal health data for patient care, increasing the chances of human errors leading to privacy breaches. Inadequate staffing and investments for IT security, as well as inadequate technology investment, further contribute to the risk faced by healthcare organizations.

The Canadian Centre for Cyber Security identifies several threats that remote healthcare workers face:

• Physical access to devices: If employees leave devices unattended in public, threat actors can tamper with them or steal them
• Social engineering: Attackers may gather information online about your organization or an employee to craft targeted phishing messages
• Wireless hijacking: Threat actors spoof Wi-Fi networks by creating networks that use the same name as legitimate ones
• Eavesdropping: Attackers listen to Wi-Fi traffic and record online activities and account passwords

Ransomware attacks frequently begin with a single compromised email account. Once inside the system, attackers can encrypt patient data, demanding payment before restoring access. For healthcare organizations, these attacks can literally be matters of life and death, potentially disrupting patient care and emergency services.

Business email compromise represents another threat, where attackers impersonate executives or authorized personnel to request sensitive information or authorize fraudulent transactions. Remote workers may be more susceptible to these attacks without the ability to quickly verify requests in person.

Sabin emphasizes a concerning threat which is dormant malware. He notes that malware and ransomware are not always used immediately by bad actors, a common practice is installing malware that remains dormant. This is threatening for healthcare organizations where devices may reconnect to corporate networks after periods of remote use. While most endpoint security systems offer protection against threats, Sabin recommends that companies implement zero-trust quarantine policies, in which IT departments scan each returning device before it reconnects to the network.

Read also: 10 Email security threats changing cybersecurity defense in 2025

FAQs

What makes email a risky communication tool for remote healthcare workers?

Email exposes sensitive patient data to interception or account compromise when devices or networks are insecure.

Why do cybercriminals focus heavily on healthcare organizations compared to other industries?

Healthcare systems hold large volumes of high-value data and often have limited cybersecurity resources.

How does remote work change how quickly healthcare IT teams can respond to threats?

Remote environments slow visibility and response times because IT staff cannot directly monitor or access employee devices.

What role does employee training play in reducing email-based cyberattacks?

Training empowers staff to recognize threats like phishing and prevents the human errors that cause most breaches.

Why is mobile-device insecurity such a major concern in remote healthcare?

Mobile devices are less monitored and easier to misconfigure, making them simpler entry points for attackers.