25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Hackers Stole Anthem Data for Espionage; Not Fraud

The colossal data breach suffered by Anthem Inc., appears to have occurred for reasons related to espionage, not financial gain, according to Symantec. Hackers often break into healthcare databases to steal patient health data and Social Security numbers, which have a high value on the black market. The data can be used to commit identity fraud, file false tax returns, and obtain credit in the names of victims; but that is not the only way data can be used. Human intelligence (HUMINT) has the potential to be much more valuable. The Anthem cybersecurity attack has been linked to a group of hackers operating under the name of Black Vine. Black Vine hackers are well-funded, operate out of China, and are understood to have ties to the Chinese Government, although this is understandably denied by Beijing. The group has previously been linked to major security incidents throughout the U.S., conducted on aviation companies, gas turbine manufacturers, military installations, the financial sector, and some healthcare organizations. Black Vine is not known to engage in cybercrime for...

Read More

Email Error Results in Massachusetts General Hospital Data Breach

The spate of employee emailing errors continues, with the latest entry in the Office for Civil Rights “Wall of Shame” being a recent Massachusetts General Hospital data breach; another example of how a simple mistake can result in the Protected Health Information of hundreds of patients being exposed. The latest Massachusetts General Hospital data breach exposed the data of 648 patients, and included patient names, laboratory test results, and a limited number of Social Security numbers, although no insurance information or financial data were exposed. The security incident involved an email that was inadvertently sent to an incorrect recipient; potentially disclosing patient data. The error was identified promptly and the hospital made several attempts to recall the message, but those attempts proved to be unsuccessful. Deborah A. Adair, Massachusetts General Hospital’s Privacy Officer, confirmed in a letter to New Hampshire Attorney General, Joseph Foster, that no evidence has been uncovered to suggest that the data have been used inappropriately; although the letter did not...

Read More

Unauthorized Email Exposes PHI of 855 Advanced Radiology Consultants Patients

On July 24, Advanced Radiology Consultants, LLC., announced a data security event that exposed the data of a small subset of its patients. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 855 patients have been affected. The data breach was caused when an employee of the company emailed a list of patients’ PHI to a personal email account. The list of data included patient names, telephone numbers, dates of birth, balance information, patient identification numbers, examination results, treatment information, appointment dates and times, appointment notes, referring physician names, insurance provider, and insurance identification numbers. Advanced Radiology Consultants confirmed in a press release that no Social Security numbers, credit card numbers, driver’s license numbers or financial account information were included in the email. That said, the information that was copied and emailed outside the healthcare providers’ network did contain enough data to enable the employee to file false insurance claims, and...

Read More

East Bay Perinatal Medical Associates Data Breach Announced

An East Bay Perinatal Medical Associates data breach has recently been announced, in which names and dates of birth of patients have been exposed. The healthcare provider is now sending notification letters to patients warning them of the privacy violation. The healthcare provider became aware of the breach of personal information on June 2, 2015. The data breach was not uncovered by the hospital; instead it was brought to the attention of East Bay Perinatal Medical Associates (EBPMA) by the Berkeley Police Department as a result of a totally unrelated investigation. 1,494 individuals have been affected according to the HHS breach report.   Berkeley Police Discover East Bay Perinatal Medical Associates Data Breach   Law enforcement discovered a list of patient names stored on a laptop computer used by an employee of the hospital. An investigating officer alerted the healthcare provider to the potential breach of personal information and the laptop computer was retained by law enforcement. EBPMA’s Information Technology Security Consultant subsequently arranged for the...

Read More
Indiana Attorney General Advises Hoosiers to Exercise Extreme Caution after MIE Data Breach
Jul31

Indiana Attorney General Advises Hoosiers to Exercise Extreme Caution after MIE Data Breach

As further details of the MIE data breach emerge, the Indiana State Attorney General, Greg Zoeller, has urged all state residents to exercise extreme caution and put credit freezes on their accounts to protect against identity theft and fraud. The MIE data breach exposed a significant amount of personal and highly sensitive data and is understood to have affected more than 1.5 million individuals in the state of Indiana. In total approximately 4 million records were exposed. High Risk of Fraud and Identity Theft from MIE Data Breach The data breach at Anthem may have exposed about 20 times as many records as the MIE data breach; but what is particularly worrying in this instance is Social Security numbers and health data have been exposed, placing breach victims at a much higher risk of suffering financial losses. Zoeller said, “These are very significant medical records, lab reports, people’s charts essentially online.” Zoeller pointed out that the incident has not just increased the risk of fraud; the information has already been used for fraudulent purposes. He said, “We’re...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist