25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Baptist Health Data Breach Announced: 6500 Records Exposed

On October 1, 2015, a Baptist Health data breach was added to the Department of Health and Human Services’ Office for Civil Rights breach portal. The breach report indicated the Arkansas-based healthcare provider had suffered a security breach which resulted in the Protected Health Information of 6,500 patients being improperly disclosed to a third party. Breach notification letters were sent to patients on October 1, alerting them to the privacy breach. This was within the time frame required by the HIPAA Breach Notification Rule, although it has taken some time for further information about the data breach to emerge. According to a HIPAA breach notification posted on the Baptist Health website, the security incident has been tied to a former Baptist Health provider, who allegedly exported data while employed at Baptist Health and sent that information to Bray Family Medicine, where the individual is now employed. The security breach first came to light on August 6, 2015 when a Baptist Health patient complained about a letter that had been received from Bray Family Medicine, which...

Read More

New Adobe Flash “Critical” Zero Day Security Flaw Patched

A critical Adobe Flash security flaw discovered by Google’s Project Zero and Trend Micro’s Peter Pi, has now been patched by Adobe; days ahead of schedule. The new patch also fixes two other security vulnerabilities discovered in Adobe Flash earlier this month. The patch was originally scheduled to be released this week; however, Adobe released the emergency patch on Friday last week, just three days after it issued another patch to address 13 other critical security vulnerabilities. An announcement made by Adobe earlier this week explained the seriousness of the 13 vulnerabilities, indicating “could potentially allow an attacker to take control of the affected system.” The same is true of the latest vulnerability, although in the latest case, it is not a case of “could” but “has already been.” The exploit has not been reported to have been used to target healthcare providers, but Pawn Storm has used the exploit to target government ministries according to TrendMicro. The hackers devised spear phishing campaigns which directed their targets to web pages that hosted the...

Read More

Healthcare Software Security Assessed by BSIMM Study

Aetna, ANDA, McKesson, The Advisory Board Company, Siemens and Zephyr Health have all been assessed as part of the latest Building Security in Maturity Model (BSIMM) study, published yesterday, with healthcare software security discovered to be well behind other industry sectors. This is the first time that healthcare firms have been assessed by the study, which looks at 12 different software security practices. The study assesses enterprise software security development, which for the healthcare industry is severely lagging behind other industries in all 12 of the software security practices tested. This is the first time in the history of the study that one industry has performed so consistently poorly, and has come bottom of the list in all of the security practices tested. The main industries assessed as part of the study were healthcare, the financial services, consumer electronics organizations and independent software companies, as well as a smaller number of organizations from the insurance, retail and telecoms industries. The results of the BSIMM study give organizations...

Read More

Kaspersky Labs Report Probes Security Attitudes Among BYOD Participants

The rise in popularity of mobile devices has seen many companies adopt a Bring Your Own Device (BYOD) scheme. According to a recent survey by Kaspersky Labs, over half of consumers are now using their own mobiles, laptops and tablets at work and take part in such a scheme. Due to the benefits of BYOD schemes, they have now been adopted by many HIPAA-covered entities, although the strict regulations covering data privacy and security have, to a certain extent, restricted use of the devices for work purposes more than in other, less well regulated industries. A Lack of Concern for Work Data   The latest Kaspersky BYOD survey may have shown BYOD schemes have been widely adopted in the United States, but organizations operating such a scheme must effectively deal with the cybersecurity risks the schemes can introduce. While operators of the schemes may address security issues, not all organizations have fully assessed the risks posed by the devices. Furthermore, it would appear that many participants in BYOD schemes are not particularly concerned about data security. Only 10% of...

Read More

Is the Risk of Cyberattacks Really Increasing? Study Says No

The Department of Health and Human Services’ Office for Civil Rights breach portal lists all of the self-reported healthcare data breaches submitted by HIPAA covered entities, for all data-exposing security incidents, including hacks. A look at the headlines would suggest hackers are gaining access to patient data with increasing regularity, as malicious attacks on healthcare networks are widely reported in the media. When hacking incidents do occur, they tend to be headline news as they often involve the exposure of vast quantities of data.  So far in 2015, multi-million-record data breaches have been suffered by a number of healthcare providers, health plans and Business Associates of covered entities, but is the risk of cyberattacks actually increasing? A recent study conducted by the University of New Mexico’s Department of Computer Science suggests that despite a number of major healthcare cybersecurity breaches being reported in 2014 and 2015, the risk of cyberattacks occurring has actually changed very little over the past decade, and that we are perhaps not actually in as...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist