25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Compromised VPN Credentials Leading Attack Vector in Ransomware Campaigns
Nov21

Compromised VPN Credentials Leading Attack Vector in Ransomware Campaigns

Several cybersecurity firms have tracked a surge in ransomware attacks in Q3, 2025, as groups such as Akira, Qilin, and Inc Ransom have stepped up their attacks. According to Beazley Security, a subsidiary of Beazley Insurance, those three groups accounted for 65% of all ransomware attacks in the quarter. Akira had a surge in attacks, conducting 39% of all attacks in the quarter, over 20% more than the second most active group, Qilin, with 18%, and Inc Ransom with 8%. The Beazley Security Quarterly Threat Report for Q3, 2025, shows an 11% increase in additions to dark web data leak sites compared to Q2, 2025. The biggest increase in attacks came in August, which accounted for 26% of all publicly disclosed attacks in the past six months, with high levels of ransomware activity continuing in September, which accounted for 19% of all disclosed ransomware attacks in the previous six months. While attacks are up overall, there has not been much change in the rate of attacks on the healthcare sector, which has remained fairly constant, accounting for 12% of attacks in Q2, 2025, and 11%...

Read More
Geisinger Health & Nuance Communications Data Breach Litigation Settled for $5 Million
Nov21

Geisinger Health & Nuance Communications Data Breach Litigation Settled for $5 Million

The Danville, Pennsylvania-based healthcare provider Geisinger Health and its former IT vendor Nuance Communications, Inc., have agreed to a $5 million settlement to resolve class action litigation over a 2023 insider data breach involving a former Nuance Communications employee. On or around November 29, 2023, Geisinger Health learned that a former Nuance Communications employee, Andre J. Burk (also known as Max Vance), accessed the sensitive data of Geisinger Health patients two days after he was terminated by Nuance Communications. The data had been provided to Nuance Communications in connection with the services the IT company was contracted to provide. The breach was detected by Geisinger Health, rather than Nuance Communications, and it alerted its IT vendor about the breach. Under HIPAA, business associates of HIPAA-regulated entities must comply with the HIPAA Security Rule, one of the requirements of which is to ensure that access rights are immediately revoked when employees are terminated. When notified about the unauthorized access, Nuance Communications terminated the...

Read More
Healthcare’s Reliance on Outdated IT Putting Patient Safety and Cybersecurity at Risk
Nov20

Healthcare’s Reliance on Outdated IT Putting Patient Safety and Cybersecurity at Risk

Outdated systems are causing healthcare professionals to lose hours each week, impacting patient care, organizational performance, efficiency, and security, according to a new report from the technology services and solution provider Presidio. The report is based on a survey of more than 1,000 frontline healthcare professionals in the United States, the United Kingdom, and Ireland. Almost all respondents (98%) said inefficient technologies are causing patient care and safety issues, including delays or errors in patient care, and 89% said those issues are a regular occurrence, with 24% reporting that these incidents occur at least once per shift. On average, the respondents experienced 11 such incidents a month. Healthcare employees are using legacy software and outdated devices that do not support efficient working practices. Some of the main problems associated with outdated systems were latency issues with EHR systems, disconnected and fragmented platforms, and a lack of mobile access. Due to inefficiencies, almost one-quarter of respondents (23%) said they often resort to...

Read More
Vendor Breaches Announced by Illinois and Virginia Healthcare Providers
Nov20

Vendor Breaches Announced by Illinois and Virginia Healthcare Providers

Personic Management Company (Personic Health) and Innovative Physical Therapy have recently confirmed that patient information was compromised in vendor security incidents. Anchorage Neighborhood Health Center has recently disclosed an August cyberattack that exposed patient data. Personic Management Company (Personic Health) Vienna, VA-based Personic Management Company LLC, doing business as Personic Health, a wound care specialist, has recently disclosed a data breach involving a third-party software platform used to process patient data. Personic Health was informed on September 1, 2025, that there had been unauthorized access to the platform. Assisted by third-party digital forensics experts, Personic Health launched a comprehensive investigation to determine how the breach occurred and the types of information potentially compromised in the incident. The investigation confirmed that an unauthorized actor accessed the platform on August 29, 2025, and acquired certain data. The data review was completed on October 13, 2025, and confirmed that the protected health information had...

Read More
Watson Clinic Agrees to $10 Million Data Breach Settlement
Nov20

Watson Clinic Agrees to $10 Million Data Breach Settlement

Florida’s Watson Clinic has agreed to pay $10,000,000 to settle class action litigation over a January 2024 data breach that affected 280,278 individuals. The hackers stole sensitive data, including digital images, and posted them on the dark web. The Lakeland-based medical group serves approximately one million patients annually and employs around 1,600 team members and 350 physicians. Watson Clinic identified unauthorized access to its computer network on February 6, 2024, and the forensic investigation confirmed that hackers first gained access to its network on January 26. The review of the exposed files confirmed that they contained the protected health information of current and former patients, including names, addresses, dates of birth, Social Security numbers, government identifiers, driver’s license numbers, financial account information, and medical information, including diagnoses, treatments, medical record numbers, and pre- and/or post-operative medically necessary images. Watson Clinic received the results of the third-party file review in July 2024, announced...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist