Why large attachments can lead to breaches

Large email attachments make it easy for people to expose protected health information (PHI) unintentionally, by clicking on a link, or by breaking into a mailbox. A study of phishing in healthcare shows how much risk comes with using email every day. During a one-month testing period, the organization received 858,200 emails, and 18,871 (about 2%) were flagged as possible threats. A controlled phishing simulation targeted 468 employee email addresses with "attachments and malicious links," but the test did not result in any credential theft or malicious downloads because the controls and training held up under pressure.

When clinical packets, scans, lab bundles, and spreadsheets are sent as huge files by default, the risk goes up because attackers do not need a lot of successes to do substantial damage. In another Multidisciplinary Digital Publishing Institute study, from 2005 to 2019, 249.09 million people were affected by healthcare breaches, with 157.40 million of those people being affected in the last five years of that period. The study also found that hacking and IT incidents are the main causes of exposed health data over the long term.

What qualifies as a big attachment

According to Gmail

Gmail considers an attachment to be big or large when the total size of all attachments in one email is more than 25 MB. At that point, Gmail will not deliver the files as actual attachments; instead, it will replace them with a link to Google Drive in the message. Google Workspace also says that the maximum size for receiving files is 50 MB, which can indicate close to the receiving ceiling, even though the sending side can only send attachments up to 25 MB.

According to Microsoft

Microsoft divides the standard by product. Outlook.com (for consumers) says that large means over 25 MB. Files that are larger than that usually need to be shared through OneDrive links, which can handle much larger files. For Microsoft 365 business email that runs on Exchange Online, large is more flexible because admins can set limits on the size of messages. Microsoft says that the maximum message size is 150 MB (message + attachments), but some clients may enforce lower limits, and web clients may impose tighter limits on each attachment.

Common breach pathways where big attachments do the most damage

Big attachments make healthcare data breaches worse because they make phishing and hacking attacks more successful and harmful. Phishing emails sometimes come with business-as-usual files like Word documents, spreadsheets, PDFs, or ZIPs. However, the attachment has a secret payload or enticement so that employees click a cloud link, enable macros, or run embedded content.

A single successful opening can lead to stolen credentials or the installation of malware. When something goes wrong, big attachments also make the breach worse. A single wrong message, an auto-forward rule, or a hacked inbox can show all of a patient's packets, scanned documents, or multi-patient spreadsheets at once, making a simple mistake a reportable incident.

Ransomware makes the problem worse since email-born viruses can spread beyond the inbox, encrypt systems, interrupt care, and push organizations into emergency procedures while attackers hunt for sensitive files to steal. The clinical impact shows up in a JAMA Health Forum research record, where “almost half (166 [44.4%]) of ransomware attacks disrupted the delivery of health care.” Attackers also use access gained through email to move laterally into shared drives and network resources, increasing the amount of data exposed and the time it takes to recover.

Why large attachments evade normal controls

In healthcare, large email attachments can get past typical cybersecurity protections since scanning them at scale puts a lot of stress on systems and shows frequent configuration and workflow weaknesses. When files are big, email security gateways and data loss prevention (DLP) technologies typically have to make tough choices since thorough inspection, detonation, and content extraction use up CPU and memory.

Large clinical files like scans, reports, and packed PDFs make that pressure worse, thus companies sometimes use lighter checks, selective examination, or exceptions that attackers can take advantage of.

As the above healthcare phishing study describes, attackers aim at “bypassing external restrictions and exploiting commonly misconfigured windows services, outbound firewall rules and simple mail transfer protocol (SMTP) services.” Malicious attachments make it even harder to get around. Macros, OLE objects, or embedded scripts can be hidden in Word and Excel files until a user turns on content.

How Paubox can help

When PHI moves without guardrails, large attachments, misdirected messages, inbox takeovers, and phishing all convert normal communication into reportable incidents. Paubox lowers that risk by making encryption and safe delivery a part of the usual workflow. This means that workers do not have to make decisions, click extra buttons, or memorize complicated regulations while they are under pressure.

Inbound protection stemming from the generative AI feature stops impersonation, malicious links, and weaponized attachments before they get to users. The benefit of this is that one successful click can lead to credential theft and lateral compromise.

Paubox data loss prevention adds a layer by finding PHI patterns in message bodies and attachments and enforcing policy. It serves to keep high-density items like patient packets or spreadsheets from leaving the company without being reviewed. Paubox Secure Message Center also has a useful route with a secure feature that includes subject-line triggers. All of this creates a well rounded email approach that offers trustworthy security.

See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)

FAQs

What is attachment sprawl?

Attachment sprawl happens when the same file gets downloaded, reattached, forwarded, or saved in multiple inboxes and devices.

Are cloud links safer than attachments?

Not automatically. Cloud links can reduce email size, but they can also expose PHI if sharing permissions are set to anyone with the link, if access logs are weak, or if links are forwarded outside the intended group.

Why do forwarded attachments raise risk more than new sends?

Forwarding preserves the original file and often adds more recipients.