25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Mobile Device Ransomware Warnings Becoming More Urgent

A special report on CNBC.com into mobile device ransomware was compiled in the aftermath of the Hollywood Presbyterian Medical Center ransomware cyberattack. The attack crippled the hospital´s internal computer system, shut down its email servers and prevented access to EMRs. The hospital had no option but to pay a $17,000 ransom to obtain the encryption key that would unlock its data and communications system. Although investigations are still ongoing into how the crippling malware found its way into the hospital´s system, mobile device ransomware has not been ruled out. Indeed, the CNBC.com article starts with cyber security expert Robert Herjavec commenting that 40% of threats come from inside and – knowing this – cybercriminals are taking advantage of mobile device ransomware to launch more sophisticated cyberattacks. Not the First Ransomware Attack on a Medical Facility Ransomware – a type of computer malware – is an effective weapon for cybercriminals. Traditionally it has been used to encrypt files on a computer to make them inaccessible, and normally...

Read More

Man Indicted for 5 Year Identity Theft Spree Used Memphis Neurology Data

A Memphis man has been indicted on charges of identity theft and is alleged to have defrauded banks out of close to $1.7 million over a period of five years. According to a statement issued by a spokesperson for Edward L. Stanton III, U.S. Attorney for the Western District of Tennessee, Jeremy Jones, 37, of Memphis is alleged to have stolen the identities of 146 patients and employees of Memphis Neurology, as well as car dealers and his acquaintances. The fraud spree first occurred in 2011, continued in 2012, and identities also stolen in 2015.  The majority of the identities that were used to defraud banks came from patients of Memphis Neurology. Jones managed to obtain personal information of patients of Memphis Neurology through a contact who was employed by the healthcare provider in 2012. Patient information was reportedly stolen on request by this co-conspirator who gained access to the patient database and recorded the personal information of patients. The stolen data was used to open bank accounts in the names of the victims and apply for loans and credit. Jones allegedly...

Read More

Physical Therapy Provider Agrees to 25K HIPAA Violation Settlement

OCR has announced it has arrived at a settlement with a Los Angeles-based provider of physical therapy services after the discovery of HIPAA Privacy Rule violations in 2012. Complete P.T., Pool & Land Physical Therapy, Inc., (CPT) has agreed to pay a fine of $25,000 to the Department of Health and Human Services after the company posted photographs and names of patients on the client testimonial section of its website without first having obtained HIPAA-compliant authorizations from the patients in question. Potential HIPAA Privacy Rule violations were reported to OCR on August 8, 2012 and an investigation into the complaint was launched. OCR concluded its investigation on January 15, 2013. OCR found that a number of patients had had their protected health information posted online, yet valid, HIPAA-compliant prior authorizations had not been obtained in writing from the patients before names and full-face photographs were uploaded to the website. OCR determined this to be a clear violation of the Privacy Rule, with CPT found to have violated HIPAA by failing to reasonably...

Read More

Healthcare Ransomware Infection Removed After $17K Ransom Paid

Healthcare ransomware infections can cause major disruption and can have a negative impact on patient health. This week, Hollywood Presbyterian Medical Center took the decision to give into a ransom demand and paid cybercriminals nearly $17,000 for a security key to unlock its EHR. What is Ransomware? Just as healthcare providers take the decision to use data encryption to prevent criminals from gaining access to patient data on laptop computers and portable storage media, encryption can also be used against healthcare providers. Ransomware locks computer files with powerful encryption. To unlock the data a security key must be used. However, the key needed to unlock the data is held by the cybercriminals behind the ransomware attack. The security key cannot be cracked like a password. The only way to recover from a healthcare ransomware infection is to pay the ransom or restore all encrypted data from a backup. This is not always straightforward. Backups are not conducted every second, so some data loss is inevitable. Restoring data from backup files is also not always successful...

Read More
California Attorney General Publishes 4-Year Data Breach Report
Feb17

California Attorney General Publishes 4-Year Data Breach Report

California Attorney General Kamala D. Harris has released a new data breach report on the security incidents reported to her office over the past four years. She criticizes organizations that have allowed the privacy of Californians to be violated. She points out that in almost all cases the data breaches reported to her office since 2012 occurred as a result of tardiness in the application of patches to address known security vulnerabilities. She also said that in the majority of cases, patches to address exploited vulnerabilities had been available for more than a year. The Majority of Data Breaches Could Easily Have Been Prevented Harris is under no illusions that the threat of attack from skilled cybercriminals and foreign-government-backed hacking groups is greater than ever before and security risk cannot be reduced to zero. However, she points out that companies doing business in California must do more to protect the privacy of state residents.  She wrote, “It is clear that many organizations need to sharpen their security skills, training, practices, and procedures to...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist