25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

British Scattered Spider Hacker Pleads Guilty to Cyberattacks on TfL; SSM Health Care; Sutter Health
Jun24

British Scattered Spider Hacker Pleads Guilty to Cyberattacks on TfL; SSM Health Care; Sutter Health

Two British hackers have pleaded guilty to a cyberattack on Transport for London (TfL), one of whom also admitted to hacking two U.S. healthcare companies in September 2024: SSM Health Care Corporation and Sutter Health. Owen Flowers, 18, from Walsall, West Midlands, and Thalha Jubair, 20, from East London, were both teenagers when they conducted the attacks and were members of the cybercriminal group Scattered Spider. In contrast to many cybercriminal groups, Scattered Spider is an English-speaking collective whose members are primarily based in the United States, the United Kingdom, and Canada. Scattered Spider is believed to have been formed in May 2022 and primarily targeted telecommunications companies before expanding attacks on varied targets. The group has been linked with attacks on more than 120 companies, including Snowflake, Twilio, Mailchimp, DoorDash, American Airlines, WestJet, Hawaiian Airlines, and Aflac. The group was behind the ransomware attacks on Caesars Entertainment and MGM Resorts in September 2023, the TfL attack in late August 2024, and a string of...

Read More

Data Breaches Announced by Florida Retina Center; Acadia Healthcare Company

Florida Retina Center has identified unauthorized access to systems containing the protected health information of more than 13,600 patients. Acadia Healthcare Company has experienced a breach affecting 1,800 patients. Florida Retina Center Bonita Springs-based Florida Retina Center has announced a cybersecurity incident that was first identified on January 30, 2026. Immediate action was taken to secure its network, and an investigation was launched to determine the nature and scope of the unauthorized activity. On May 19, 2026, Florida Retina Center confirmed unauthorized access to parts of its network containing patient data. The file review confirmed that the data of 13,652 patients was exposed and potentially acquired in the incident. The exposed data included names, dates of birth, Social Security numbers, driver’s license numbers, and medical information. Notification letters have been mailed to the affected individuals, and 12 months of complimentary credit monitoring and identity theft protection services have been made available. At the time of issuing notification...

Read More
How to Choose HIPAA Compliance Software
Jun24

How to Choose HIPAA Compliance Software

The best HIPAA compliance software gives a covered entity a structured way to meet HIPAA’s requirements: automated documentation, an ongoing risk management process, and a clear view of where the program stands. In most organizations, responsibility for HIPAA compliance falls to an administrator, practice manager, or compliance officer who manages it alongside other responsibilities and without a formal background in healthcare regulation. For these individuals, the best HIPAA compliance software reduces the administrative burden, removes the need for deep compliance expertise, and lessens the likelihood of an expensive breach. What Are The Benefits Of HIPAA Compliance Software? The benefits of using HIPAA compliance software for an administrator or practice manager are as follows: Reduced Administrative Burden: HIPAA compliance software automates many administrative tasks related to compliance management, such as tracking training requirements, managing documentation, and maintaining an organization’s HIPAA Security Risk Analysis. This frees up time and reduces the...

Read More
April 2026 Healthcare Data Breach Report
Jun23

April 2026 Healthcare Data Breach Report

In April 2026, 47 healthcare data breaches affecting 500 or more individuals were reported to the HHS’ Office for Civil Rights (OCR). That represents a 33.8% reduction in large healthcare data breaches from the 71 large data breaches reported in March 2026, and well below the 12-month average of 62.4 data breaches per month. The year-to-date figures also show a reduction in large healthcare data breaches. From January 1 to April 30, 252 large healthcare data breaches have been reported by HIPAA-regulated entities, compared to 276 (-8.7%) for the corresponding period in 2025 and 299 (-15.7%) for the corresponding period in 2024. Across the 47 data breaches, the protected health information of 1,336,264 individuals was exposed or impermissibly disclosed – the second lowest monthly total in the past 12 months, and currently an 84.9% reduction from March 2026. The number of affected individuals is likely to increase, as some regulated entities have reported breaches with placeholder estimates of 500 or 501 affected individuals. The year-to-date figures for affected individuals are...

Read More
Columbus Regional Health; St. Joseph Hospital Settle Pixel Privacy Lawsuits
Jun23

Columbus Regional Health; St. Joseph Hospital Settle Pixel Privacy Lawsuits

Settlements have been agreed to resolve class action lawsuits against two healthcare providers over their use of website tracking technologies. The lawsuits alleged that the deployment of these tools caused the personal and protected health information of patients to be disclosed to third parties without patients’ knowledge or consent. Website tracking tools, such as pixels, are installed on websites across the internet for tracking the actions of website users. They can record a range of information about user interactions, such as the pages visited, time spent on each page, how the user navigated to the website, and other information. That information may be sent to the third-party providers of the tools, allowing the user to be tracked as they navigate to other webpages. They may then be served targeted advertisements across the internet based on their actions on a website where the tools were installed. For instance, if an individual visited a page related to obesity, they may be served adverts related to weight loss medications. Many lawsuits have been filed against healthcare...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist