25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

New Information Released on Medical Informatics Engineering Data Breach

Back in June we reported on a data breach that affected clients of NoMoreClipboard, although at the time few details were made available. This week, further information was released on the security breach. The latest announcement does not add a great deal of new information. The data fields exposed in the breach have now been confirmed, and an updated list of NoMoreClipboard clients affected has also been announced. Hackers Gained Access to Data for 19 Days – 239 Clients Affected NoMoreClipboard runs MyKSHealth eRecord, which was infiltrated by hackers on May 7, 2015. Access to the records continued for 19 days until May 26, when the breach was discovered and access to the database was shut down. The data understood to have been exposed in the incident includes patient names, addresses, email addresses, dates of birth, Social Security numbers, usernames, hashed passwords, security questions and answers, spouse names, in some cases, spouses’ dates of birth. Health information and health insurance details were also exposed. Some healthcare providers have started issuing announcements...

Read More

NCCoE Cybersecurity Practice Guide for Mobile Devices Released: Comments Requested

The use of smartphones and other portable devices in healthcare is growing and the federal government is concerned. The devices carry a high risk of causing a data breach, and the feds are concerned that physicians and other healthcare workers may accidentally expose patient data, or worse still, give hackers an entry point into hospital EHRs. Medical identity theft costs billions of dollars every year, and patient’s privacy is being violated on an almost daily basis. Hackers are targeting healthcare organizations, thieves are looking for portable devices to steal, and malicious insiders are copying data from EHRs; however, Smartphones have the potential to cause even more data breaches. The reason? The data security and privacy protections used to safeguard data stored on the devices are often inadequate. NCCoE Takes Steps to Protect Mobile Healthcare Devices The National Cybersecurity Center of Excellence (NCCoE) was formed by the National Institutes of Standards in Technology (NIST), the state of Maryland, and Montgomery County, MD in 2012, and during the past three years it has...

Read More

HealthFirst Notifies 5,300 Patients of 2-Year Data Breach

New York based health insurer, HealthFirst, will start sending breach notification letters to 5,300 health plan members today, informing them of a breach of their Personal Health Information that potentially started on April 11, 2012 and lasted until March 26, 2014. The breach is serious. Data was stolen with the express purpose of committing fraud and plan members are being advised to take no chances. They have been urged to sign up for the credit monitoring and protection services being offered by CareFirst. The health insurer has already been a victim of fraud as a result of the data breach, although at this stage it is unclear whether any plan members have also suffered from fraud. In 2013, HealthFirst discovered it had become a victim of fraud. The insurer notified the Department of Justice (DOJ) and following an investigation, the individual responsible was identified, arrested and charged with fraud. As the investigation continued, the DOJ determined that the individual in question had possibly obtained information on plan members from HealthFirst. The DOJ alerted the...

Read More

Georgia Division of Aging Services Data Breach Affects 3,000

Approximately 3,000 members of the Community Care Services Program of Georgia’s Department of Human Services Division of Aging Services (GDHSDAS) have been sent breach notification letters to advise them that a limited amount of their Protected Health Information (PHI) has been accidentally exposed. The Community Care Services Program helps seniors stay in their communities, rather than being placed in a nursing home. The breach victims are therefore particularly vulnerable; although since Social Security numbers, contact information, dates of birth, and other highly sensitive data were not exposed, the risk of individuals coming to harm as a result of the breach is believed to be low. Affected individuals have been told the breach was caused when an email containing patient names and “certain health diagnoses” was emailed to a contracted Business Associate. According to Robyn A. Crittenden, Georgia’s Human Services Commissioner, “While we are confident that this data breach was limited in nature and [was] resolved almost immediately, we are obligated to ensure that our clients and...

Read More

Four Unpatched Internet Explorer Vulnerabilities Announced

Four “new” Internet Explorer vulnerabilities have been announced this week. The announcement did not come from Microsoft; security researchers revealed the flaw because Microsoft has been too slow to address the issue. A patch has still not been released to address the security flaws even though Microsoft was made aware of the problems more than seven months ago. The announcement came via Hewlett-Packard’s Zero Day Initiative (ZDI) program, which pays security professionals to identify software flaws that could potentially be used by hackers to gain access to computers or infect them with malware. The ZDI team announces security flaws that have not been addressed by software developers in a reasonable time frame: 120 days from the date of discovery of a vulnerability. Since this time frame has been exceeded, ZDI researchers have now released limited details of the issues to the public. The ZDI team only issues partial information on the location and nature of the security flaws and does not disclose information that would tip off hackers and allow them to take advantage of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist