But ... her emails?
The security advocacy group Global Cyber Alliance tested the 26 email domains managed by the Executive Office of the President (EOP) and found that only one fully implements a security protocol that verifies the emails as genuinely from the White House. Of the 26 domains, 18 are not in compliance with a Department of Homeland Security directive to implement that protocol.
The short version of this is that the protocol is intended to prevent "spoofing," the (very simple) technical trick of crafting an email that looks like it's coming from another sender. This can be used by spammers to trick their targets into opening mail that appears to be coming from a company the victim already knows; more dangerously, it is used by hackers to trick their victims into opening emails with malicious payloads. The security directive is intended to block hackers from using White House and other government email addresses in these schemes.
Given that government email account security is, according to Every Single Republican, the greatest threat to America today, and that not properly securing emails is a worse crime than even collaboration with foreign espionage efforts, the White House bungling such a thing might be deemed as bad. It is not a difficult technical proposition; the government has vast swaths of people capable of doing such things, even if Team Trump has been having a difficult go of it themselves.
This may require hearings. Probably more than one. Probably several years worth, in fact. After all, email account security is, according to Every Single Republican, the greatest threat to our nation today. We can't have prominent people operating improperly secured email accounts.