What the Delta Dental Breach Teaches Healthcare Leaders About the Real Cost of Using Email
In April 2025, Delta Dental of Virginia reported a cyber breach that exposed sensitive information for more than 146,000 individuals after an employee’s email account was compromised. The account had been used to send and receive protected health information, and the attacker accessed the inbox for nearly a month before it was detected. In that time, they gained visibility into names, Social Security numbers, government IDs, financial details, and protected health information (PHI)—a clear and disastrous privacy breach.
For healthcare organizations of any size—dental plans, clinics, medical groups, insurers, and service providers—the Delta Dental incident is a powerful reminder that email is one of the weakest links in your security posture. Yet, for most organizations, it’s also one of the most widely used communication tools.
As a healthcare business leader, your responsibility is twofold:
- Protect sensitive patient information, and
- Protect your organization’s budget from costly, preventable breaches.
The Delta Dental breach demonstrates how quickly email use can undermine both.
Email: A System Built for Convenience, Not Compliance
Email remains the default communication channel in many healthcare organizations—not because it’s secure, but because it’s familiar. Unfortunately, this familiarity often hides systemic risks:
- Email accounts are high-value targets for cybercriminals.
- One set of stolen credentials can provide access to years of communications containing PHI and personal identifiers.
- Monitoring is weak, making unauthorized access difficult to detect.
- Attachments sit unprotected in inboxes, archives, mobile devices, and personal accounts.
- Forwarding creates uncontrolled data spread, with no way to track who sees what.
In the Delta Dental case, investigators had to assume that every message and attachment in the compromised inbox was exposed. This is standard practice because email systems lack the detailed audit trails that healthcare regulators expect.
The Financial Impact of an Email-Based Breach
According to the 2025 IBM Cost of a Data Breach Report, the average healthcare breach costs USD $7.42 million, with U.S.-based organizations facing even higher exposure.
For dental insurers and health systems, costs escalate quickly:
- Forensic investigation
- Regulatory reporting
- Legal counsel
- Patient notifications
- Identity protection and credit monitoring
- Staffing disruptions
- Productivity loss
- Lost patient and partner trust
- Potential fines and litigation
All from one compromised email account.
Email not only increases the likelihood of a breach—it also magnifies the financial impact.
Why Healthcare Organizations Need a Secure Communication System
The most effective way to avoid privacy and data breaches caused by email is not more training or stricter policies. Ending the use of email for PHI altogether is the only surefire way to eliminate the privacy risk of email in healthcare.
Healthcare data should move through secure, auditable, access-controlled systems designed for sensitive information—not through consumer-grade inboxes. That’s where Brightsquid Secure-Mail makes the difference.
How Brightsquid Secure-Mail Eliminates Email Risk
Brightsquid Secure-Mail is built specifically to protect health information and the budgets of the organizations responsible for managing it. Over 15+ years of transmitting millions of messages and files related to patient care for over 50,000 organizations, not a single instance of unauthorized access has been recorded or reported.
✓ Full Encryption, End-to-End: Nothing is transmitted or stored unencrypted. Unlike email, no user can accidentally send PHI in an unsafe format.
✓ Complete Audit Trail: Know exactly who accessed which information—a requirement in every major privacy legislation across North America and Europe.
✓ Strong Access Controls: Role-based permissions prevent PHI from being shared more widely than intended.
✓ No Data Sprawl: Messages and attachments don’t live in inboxes, personal devices, or uncontrolled archives. Everything stays contained within the Secure-Mail environment.
✓ Protection Against Phishing and Inbox Compromise: All senders are identity verified, so there are no spam or phishing messages creating risk in your organization’s inboxes.
✓ Designed for Healthcare Workflows: Send large files (including full resolution medical imaging), manage shared inboxes, streamline communication with patients, clinics, and insurers—all while maintaining full compliance.
Key Takeaway: Address the Threat of Email
The Delta Dental email privacy breach is not an isolated incident—it’s a warning.
Healthcare organizations that continue to rely on email for PHI are taking on unnecessary financial and reputational risk.
Brightsquid Secure-Mail gives you a secure, compliant, and cost-effective way to protect sensitive information—and protect your organization from the next inevitable breach headline.
If you’re ready to see how Secure-Mail can reduce risk and improve efficiency, downlaod the Executive Email Risk Checklist and our team will reach out to help you get started.