25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Training for Clearinghouse Staff
Dec13

HIPAA Training for Clearinghouse Staff

HIPAA training for clearinghouse staff is mandatory workforce training on the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule that prepares personnel who create, transmit, process, or store electronic protected health information in standard transactions to prevent impermissible uses and disclosures, apply administrative and technical safeguards, and recognize and report security incidents and potential breaches during routine clearinghouse operations. Healthcare clearinghouses support electronic healthcare transactions and related data handling that can include eligibility inquiries, claim status requests, claims submission, remittance advice, enrollment transactions, coordination of benefits, and companion administrative processes that transform or route data between entities. Clearinghouse staff may interact with protected health information through intake validation, transaction editing, error correction, exception queues, customer support tickets, file transfers, portal access, and reporting functions. Operational...

Read More
Notifications Issued About MedStar Health Data Breach
Dec12

Notifications Issued About MedStar Health Data Breach

MedStar Health, a non-profit health system that operates 10 hospitals in the Baltimore-Washington metropolitan area, has recently disclosed a cyberattack and data breach that was first identified on October 4, 2025. The forensic investigation confirmed that an unauthorized third party gained access to certain internal systems that contained patient data between September 12, 2025, and September 16, 2025. The files accessed in the attack were reviewed, and on November 12, 2025, MedStar Health confirmed that the compromised files contained patient data, including names, dates of birth, Social Security numbers, and potentially diagnoses, medications, test results, images, health insurance, and treatment information. MedStar Health said that prior to the attack, physical, technical, and administrative safeguards had been implemented to safeguard patient data. On this occasion, they failed to detect and block the attack. MedStar Health said it continuously evaluates its cybersecurity measures and will continue to do so in the future. On December 3, 2025, notification letters started to...

Read More
Brevard Skin and Cancer Center Announces September Cyberattack
Dec12

Brevard Skin and Cancer Center Announces September Cyberattack

Brevard Skin and Cancer Center, a dermatology practice in Brevard, Florida, has fallen victim to a cyberattack that was first identified on October 14, 2025. Immediate action was taken to secure its systems, and third-party cybersecurity experts were engaged to investigate the nature and scope of the unauthorized activity. The forensic investigation confirmed that an unauthorized third party first gained access to its network on September 28, 2025, and accessed and exfiltrated certain files from its network. Brevard Skin and Cancer Center has been reviewing the affected files to determine the types of data involved and the individuals affected, and can now confirm that the personal and protected health information of current and former patients was involved. The affected data varies from individual to individual and may include names in combination with one or more of the following: date of birth, home address, Social Security number, phone number, diagnosis and clinical information, e-mail address, and billing and claims information. Employee data was also compromised in the...

Read More
Henry Ford Health Notifies 2,000 Patients About Insider Data Breach
Dec12

Henry Ford Health Notifies 2,000 Patients About Insider Data Breach

An insider data breach has been reported by Henry Ford Health in Michigan, and Wilmington Community Clinic has notified patients about an August cybersecurity incident. Henry Ford Health, Michigan Detroit, MI-based Henry Ford Health, one of the leading non-profit academic health systems in the country, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected 1,984 patients. Few details have been released about the data breach, other than that it involved unauthorized access to a desktop computer. This appears to have been an insider incident, as Henry Ford Health issued a statement confirming that it takes data privacy seriously and has terminated the employee responsible. The nature of the unauthorized access was not disclosed, nor the types of information that may have been accessed. Notification letters have been sent to the affected individuals, who have been offered complimentary credit monitoring services. Wilmington Community Clinic, California Wilmington Community Clinic, a community health center in Los Angeles, California, has started...

Read More
High-severity Vulnerability Patched in AJAT Panoramic Dental Imaging Software
Dec12

High-severity Vulnerability Patched in AJAT Panoramic Dental Imaging Software

A patch has been released to fix a high-severity vulnerability in AJAT Panoramic Dental Imaging software. The bug, tracked as CVE-2024-22774, affects the AJAT Panoramic Dental Imaging Software SDK and makes it vulnerable to DLL hijacking, potentially allowing an attacker to obtain NT Authority/SYSTEM as a standard user. The vulnerability was identified by security researcher Damian Semon Jr. of Blue Team Alpha Inc. and affects AJAT Panoramic Dental Imaging Software versions prior to 6.6.1.490. The vulnerability is due to an uncontrolled search path element, and allows an attacker to escalate privileges via the ccsservice.exe component. The vulnerability is rated high-severity, with a CVSS v4 base score of 8.5 and a CVSS v3.1 base score of 7.8. The software is owned by Varex Imaging, after it acquired Direct Conversion Lt (formerly Oh AJAT Ltd). Varex Imaging has released a patch to fix the vulnerability, and all users have been advised to install it as soon as possible. Users should follow the patching instructions, which require the installation executable to be run on each...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist