25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Mississippi’s Magnolia Health Fires Employee for PHI Disclosure
Feb24

Mississippi’s Magnolia Health Fires Employee for PHI Disclosure

Magnolia Health, a health insurance company serving Mississippi’s Medicaid population, has announced it has fired an employee for inappropriately accessing the protected health information (PHI) of “numerous Magnolia Health members” and disclosing those data to a relative. The disclosure of PHI was against company regulations and the now former employee has not received authorization from the company or patients to share their data. The disclosure happened on two occasions: October 28, 2015., and November 8, 2015. The data were emailed from the employee’s work email account to a personal account and email account of a relative. Upon discovery of the privacy breaches the Centene Corporation subsidiary conducted an investigation which resulted in the termination of the employment contract of the employee in question. Written statements were obtained from the employee and the recipient of the PHI stating they had not disclosed the data to any other individuals. Magnolia Health also viewed the personal email accounts of both individuals to confirm that all copies of the data had been...

Read More
Spoofed Email Scam Claims Another Healthcare Victim
Feb24

Spoofed Email Scam Claims Another Healthcare Victim

Just a matter of days after Magnolia Health Corporation, CA., announced one of its employees had fallen for a spoofed email scam and emailed list of employee data outside the company, another healthcare system has made a similar announcement in what appears to be an almost carbon copy data breach. An employee of St. Joseph’s Healthcare System, NJ, received an email request to send a list of employee names, Social Security numbers, and earnings data. A request that is perhaps not unusual in tax season. The email request appeared to have been sent from an internal email address; that of a high ranking company executive. The employee responded by sending a spreadsheet containing the names, social security numbers, and details of 2015/2016 earnings of current employees. However, the email had in fact been sent by a scammer. Over 5,000 employees have had their names and Social Security numbers disclosed. Those employees work at either the St. Joseph’s Regional Medical Center in Paterson, NJ, St. Joseph’s Wayne Hospital in Wayne, NJ, or St. Vincent’s Nursing Home in Cedar Grove, NJ....

Read More
OIG Publishes 2013 Security Report on South Carolina’s Medicaid Agency
Feb22

OIG Publishes 2013 Security Report on South Carolina’s Medicaid Agency

The U.S. Department of Health and Human Services’ Office of Inspector General has published a report of an investigation into South Carolina’s Medicaid agency. The investigation was conducted in 2013 following the 2012 hacking of the Revenue Department and a data breach at the state’s Department of Health and Human Services the same year. 74 gigabytes of data were stolen from the Revenue Department, which included the tax returns of 3.8 million adults and Social Security numbers of 1.9 million dependents. 3.3 million businesses’ bank account numbers were also stolen. An employee of the Department of Health and Human Services was discovered to have inappropriately accessed the records of 228,000 Medicaid recipients and emailed the data to a personal email account. The employee was arrested and was sentenced to three years of probation and community service, although the hackers responsible for the cyberattack on the Revenue department were never caught. The purpose of the investigation was to determine whether the state had properly safeguarded data stored in the Medicaid...

Read More

Healthcare Cyberattack Suspect Arrested After Being Rescued at Sea

A suspected hacktivist has been arrested after being rescued at sea off the coast of Cuba. Martin Gottesfeld, 31, from Somerville, Mass., is suspected of orchestrating two DDoS attacks on the computer network of a hospital in Boston last year, understood to the be Boston Children’s Hospital. Gottesfeld, who was under investigation for the cyberattacks, is believed to have fled Massachusetts recently to escape arrest. His home was searched by the FBI in October 2014 in connection with the distributed denial of service attack on the Boston Children’s hospital that occurred in April 2014. Somerville Police Department had recently been alerted to the disappearance of Gottesfeld and his wife after reports were received by concerned relatives and friends that the pair had not been seen for several weeks. Last week the police department visited Gottesfeld’s apartment to conduct a well-being check, but no one was home. Just a few days after the visit Gottesfeld turned up, although in a rather unusual place. He and his wife were found off the coast of Cuba in a small boat. They had issued a...

Read More

480,000 Patients Notified of Radiology Regional Center PHI Exposure

In December, Radiology Regional Center, PA., was alerted to a privacy breach by Lee County Solid Waste Division following the accidental release of medical documents in the street. The privacy breach occurred on December 19, 2015. Medical documents were being transported by Lee County Solid Waste Division for secure disposal. The paper files were due to be incinerated in accordance with Health Insurance Portability and Accountability Act Rules, but were accidentally released during transportation. The failure to secure the records resulted in them falling off the vehicle used to transport them. The documents containing highly sensitive medical data were strewn across the street and found their way into doorways, driveways, canals, and were blown all over the sidewalk. Patients Have Now Been Notified of the Privacy Breach   Patients were notified of the breach of their private and confidential medical data on February 12, 2016, the same date that Office for Civil Rights received a HIPAA data breach report. Initially it was unclear exactly how many patients had been affected....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist