Case Study: Non-Profit Health Organization stops email-based attacks and cuts spam to near zero with Proofpoint

Hospital Stops Email-based Attacks From Unexpected Source

This non-profit health system based in Newport News, Virginia, operates a flagship medical center with more than 340 physician specialists and 130 care locations. Despite next‑generation firewalls, email filtering, Zix encryption and strict patching, the IT team faced persistent phishing, spoofing and malware—culminating in a 2018 credential compromise that let an attacker access Outlook Web, internal portals and sensitive banking data. Investigation revealed many threats were arriving as encrypted mail via the Zix federated network, which bypassed the hospital’s scanners.

After evaluating vendors, the hospital deployed Proofpoint’s suite—Email Security & Protection, Targeted Attack Protection (TAP), Threat Response Auto‑Pull (TRAP), Email Encryption and DLP—and replaced Zix. Proofpoint exposed and stopped the encrypted malware campaigns, automated quarantine and removal of malicious messages, and dramatically reduced spam and spoofing to near zero. The change simplified encryption for users, sped incident response and restored IT team confidence while improving protection for high‑risk executives and staff.