Mental health and social services providers handle highly sensitive data, from confidential patient records to clinical assessments and personally identifiable information (PII). That level of access makes them an appealing target for cybercriminals.
One U.S.-based mental health provider had a distributed workforce and thousands of patients across multiple care centers. Over a 12-month period, they saw a sharp increase in email-borne threats.
Attackers were using QR codes, lookalike domains, and well-crafted social engineering tactics to lure staff into handing over their credentials or downloading malware. While the provider relied on Microsoft 365 for its productivity and baseline security, its native defenses were not stopping these newer, more evasive phishing techniques.
The IT security team was stuck in a reactive cycle, spending hours each week manually investigating and remediating malicious messages that had evaded detection. As the threat volume grew, so did the team’s workload. The team needed a specialized email security solution that could work seamlessly with Microsoft 365 and provide stronger, more automated protection.
Evaluation: seeking a partner, not just a product
The provider began evaluating advanced email security vendors, including Proofpoint and Abnormal AI. Their criteria went beyond detection efficacy. They were looking for:
- Seamless Microsoft integration with minimal disruption
- Flexible deployment options to align with budget cycles and staffing capacity
- Clear visibility into threats, with actionable insights rather than opaque dashboards
- Proven healthcare experience, including compliance tools and responsive support
While both Proofpoint and Abnormal offered AI-driven detection, the provider quickly recognized that Proofpoint’s approach to partnership was different.
Because of budget timing, the IT team proposed a phased rollout, starting with roughly 20% of user mailboxes before expanding across the organization. Proofpoint’s team was happy to make that happen. They collaborated with the provider on a phased plan, providing clear pricing, deployment guidance, and technical support throughout. In contrast, Abnormal required a full organization rollout up front, which increased the financial pressure.
Beyond being flexible about a phased rollout, Proofpoint moved quickly to deliver a technical demo and extended the proof of concept (POC) by several weeks. This gave the team time to experiment, learn, and validate results in their own environment.
In the end, the provider’s decision didn’t simply come down to features or cost. They wanted a partner that understood their operational realities and could scale with them as their security program matured.
Proofpoint in action: measurable results from Day One
During the POC, the IT team saw immediate, measurable improvement.
Compared to their Microsoft 365 baseline, Proofpoint’s advanced detection engines identified and stopped multiple phishing campaigns that had previously evaded native controls. These included:
- QR-code phishing attacks that redirected users to credential-harvesting pages
- Lookalike-domain campaigns impersonating healthcare partners and government agencies
- Socially engineered messages that mimicked internal communications
Proofpoint’s clear, intuitive reporting made it easy for both technical and non-technical stakeholders to understand what was happening. Security leaders could see precisely what threats were blocked, why they were dangerous, and how Proofpoint’s detection worked.
What’s more, the POC showed them that Proofpoint’s automation capabilities reduced manual investigation time. Messages were automatically classified, quarantined, and prioritized. This freed up IT staff to focus on higher-value work.
By the end of the evaluation, the provider had confidence in Proofpoint’s ability to stop advanced phishing threats as well as its potential to lighten their team’s workload.
Outcome: a stronger, layered defense with Microsoft
The provider was satisfied with the results. The team saw that implementing Proofpoint didn’t replace Microsoft—it enhanced it. Proofpoint now serves as a frontline layer of advanced email and collaboration security, complementing Microsoft’s productivity tools with:
- Superior phishing and QR-code threat detection
- Granular visibility into email and user risk
- Reduced manual remediation workloads
- Simplified incident response workflows
Since deployment, the provider has seen a significant reduction in the amount of phishing incidents that reach inboxes. Plus, targeted attacks are contained faster. More importantly, their IT team can now proactively work on security initiatives not constantly react to incidents.
With Proofpoint, the provider can confidently protect sensitive patient data and maintain trust without compromising productivity.
More secure together: Proofpoint and Microsoft
Proofpoint’s integration with Microsoft 365 gives organizations in healthcare and social services the best of both worlds: Microsoft’s broad suite of collaboration and identity tools, paired with Proofpoint’s focused, industry-leading protection for email and human-targeted threats.
Together, they deliver the layered, defense-in-depth security that modern healthcare organizations need to stay ahead of evolving risks.
Learn more by downloading our e-book, More Secure Together: Proofpoint and Microsoft.
