The gp isn't talking about spam using "secure message" as bait to open unwanted email.

Instead, legitimate companies like banks, healthcare, etc tell users to click on a url link to their "Secure Message Center" to read or submit some critical information. It's often the only way to get the info the users need.

E.g. if I open a payment dispute with the bank, the workflow they use is the Secure Message area. I can't just use my normal email client and upload some pdf attachments. Instead, I have to log into my bank website, navigate to their Secure Message area, and then upload the docs there to submit the claim. They also don't send followup status or final resolution in an email. Instead, you log back into the Secure Message area to read the case resolution. Similar for insurance claims.

Similar situation for asking a medical imaging center for some mammograms. They will not send those as PDF or JPG attachments directly to your email address. Instead, you log into a secure message area on a healthcare website and download it from there.

I get secure messages from public authorities and companies in Denmark, which go to my secure 'mailbox' for this purpose. Of course, contracted out to some private company, and they'll probably change the contract again in 5 years.

The messages are usually PDFs, which isn't great for accessibility, e.g. using a translation tool.