25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Increased Risk of Harm Not Grounds For Advocate Health Breach Lawsuit

An Advocate Health breach lawsuit was recently deemed to be too speculative to warrant a class-action claim for damages. The Illinois Appellate Court recently ruled that an increased risk of suffering harm as a result of an exposure of confidential health data is insufficient by itself to confer standing in a class-action data breach claim. The risk of harm was not deemed to be severe enough to warrant a data breach class action lawsuit. For damages to be awarded, evidence of actual harm must be provided. The case, Maglio v. Advocate Health and Hospitals Corporation, was filed by Matias Maglio on behalf of Macailee Maglio, Alexander Gill, and a number of other patients and next friends of minors affected by the breach. The plaintiffs allege they face an increased risk of suffering identity theft and fraud as a result of the exposure of their Protected Health Information (PHI). No identity theft had yet been reported or been suffered by any of the patients named in the lawsuit. The threat of fraud and loss was believed to be sufficient grounds for the complaint. The defendants moved...

Read More

Massachusetts Hospital Reports Missing Unencrypted Thumb Drive

Lawrence General Hospital, Mass. has reported a missing thumb drive containing the Protected Health Information (PHI) of 2,071 individuals. The drive was last used on June 6, 2015, but it has not been seen since. The thumb drive was noticed as being missing on June 9, 2015. In a recent press release announcing the potential loss of the drive, the hospital confirmed that the portable storage device contained only a limited amount of data, including the names of patients, lab testing codes, some lab testing information and slide identification numbers. Since no Social Security numbers, dates of birth, financial information or insurance details were stored on the device, the risk to patients is understood to be low. The announcement regarding the potential data exposure was posted on the company website on August 7, 2015, with the OCR notified on August 5. Breach notification letters have now been sent to all patients concerned. Employee Carelessness Raises Awareness of Thumb Drive Security   This is the second time a thumb drive has been reported missing by a healthcare provider...

Read More

New Android Smartphone Data Security Warnings Issued

New Android Smartphone data security warnings have been issued, alerting users to new security flaws in the software which could potentially allow hackers to gain control of the devices. The Android security flaw discovered by IBM’s X-Force Application Security Research Team could affect 55% of Android phone owners, while Check Point’s discovery could similarly affect millions. These announcements come after Samsung, Google and LG had stated they will now be providing monthly security updates for Android devices, including a fix for the Stagefright vulnerability. Unfortunately, Android devices often include additional software installed by the device manufacturer, a problem Apple and Blackberry do not share: Both companies have developed their own hardware and software. As a result the latter companies can roll out security updates much more quickly. With the open-source Android platform, security fixes will always be issued more slowly. ‘Certifi-gate’ Security Breach Reported   Android Smartphone data security warnings are now being issued with increasing frequency. The...

Read More

UCLA Health Data Breach Lawsuits Mount

The cyberattack that hit UCLA Health could potentially have been suffered by a large number of hospitals in the United States. Hackers are deliberately targeting healthcare providers, and their employees, to gain access to healthcare data. With the current barrage of ever more sophisticated attacks, it is only a matter of time before some succeed. UCLA Health Invested Heavily in Cybersecurity Protections   Given the high risk of attack, hospital systems must invest in robust cybersecurity protections to ensure, as far as is possible and practical, that patient data is kept secure. UCLA Health had recently committed tens of millions of dollars to improve cybersecurity defenses. In its announcement of the attack, it was pointed out that even with multi-million dollar defenses it was unable to prevent this cyberattack, although “millions of known hacker attempts [are repelled] each year,” and it is under “near-constant attack.” Alleged Failures to Secure Protected Health Information of Patients   In spite of these protections, some patients do not believe UCLA did enough to...

Read More

Hospital Employee Steals Protected Patient Data to Commit Identity Theft

A former employee of the Bethesda Hospital in Boynton Beach, Fla, has been arrested and charged with identity theft; after fraudulently obtaining IDs and credit in the names of 20 individuals, most of whom had been patients of the Boynton Beach hospital in which she worked. Elexes Thaddies, 24, was arrested on Friday, Aug 7, by Boca Raton police officers as part of an investigation into identity theft and credit fraud, with the investigation first starting in September 2014. Other police departments were also investigating the crimes, with Coral Springs and Boynton Beach police both looking into identity theft crimes. The investigations uncovered 20 victims, a number of whom were able to identify Thaddies, saying they had seen her working at the hospital. Law enforcement officers also discovered a new account had been opened in a victim’s name, which listed Thaddies named as an authorized user of that account. She had used that account to make a $1,160 purchase at Nordstrom in Palm Beach Gardens, according to the police report. Thaddies was using the stolen identities to pay her...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist