25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

2015 Biannual Healthcare Data Breach Report Released

The healthcare industry had a particularly torrid time last month with 18 data breaches reported to the OCR, exposing 1,455,863 records, the bulk of which came from the CareFirst data breach. This month the number of data breaches reported has increased to 21, although the number of new victims created was much lower, with 159,231 individuals affected. An analysis of the data breach reports for the past three years shows that little has changed since 2014, “the year of the data breach,” at least not for the better. Fewer data breaches have been reported in 2015 than in 2014, 122 compared to 131, up until the end of June. However, measure the year in the number of victims created and 2015 is on an entirely different scale. 89,439,761 new data breach victims have been created so far this year, compared to 12,503,190 last year and 851,433 in 2013. Many of this year’s victims are now data breach veterans having had their data exposed by their insurer and their healthcare provider. Biannual Data Breach Report 2014 saw a big rise in the number of reported data breaches, and this year...

Read More

BCBSA Offers Identity Theft Protection Services to All 106 Million Members

Yesterday, the Blue Cross Blue Shield Association (BCBSA) made a surprising announcement. It will be offering identity theft protection services to all 106 million of its members, in an effort to address the rapidly increasing risk of data theft and fraud. The Blue Cross and Blue Shield Association consists of 36 independent, community-based and locally-operated companies, which service the entire United States. One in three Americans has a health insurance policy run by BCBSA. The unprecedented move comes after BCBSA health plan members have suffered numerous data breaches, including the massive data breaches at Anthem, CareFirst and Premera Blue Cross. Identity theft protection services do not come cheap, especially when the unit cost must be multiplied by 106 million. This move carries a significant cost, even with a bulk discount, and shows a strong commitment to its plan members. This was a very positive, proactive step to take, and is one likely to win back the faith of many members. The new service will provide ”heightened safeguards for plan members.” BCBSA may not be able...

Read More
UPMC Health Plan Data Breach Affects 722 Subscribers
Jul15

UPMC Health Plan Data Breach Affects 722 Subscribers

UPMC health plan has reported a data breach affected 722 insurance subscribers. This is the second data breach to affect the health plan this year. In May UPMC reported  2,000 patient records had been compromised. The latest data breach appears to have resulted from an internal error. Yesterday, UPMC spokeswoman, Gina Pferdehirt, said patient information was compromised when an email containing PHI was sent to an unauthorized person. The statement released by UPMC says the email was sent by accident, suggesting there was no malicious intent behind the data breach. According to UPMC, “The email meant for a physician’s office in Lawrence County was sent instead to an incorrect address, revealing patient names, insurance membership numbers, birth dates and phone numbers.” According to a response provided to the Pittsburgh Post Gazette, Pferdehirt said, “while we take this seriously, in context the breach is very minor.” The email did not contain financial information, health data or Social Security numbers, although member names, dates of birth, ID numbers and phone...

Read More

Two More Flash Vulnerabilities Discovered: Calls for Software to be Retired

A useful and valuable software platform or a collection of security holes held together with code? Opinion is divided on the usefulness of Adobe Flash, when hackers can apparently exploit vulnerabilities with ease. Some are calling for Adobe Flash to be consigned to the annals of history following after five security flaws have recently been discovered: Flaws that are already being used by hackers to gain access to computers and data. Three zero-day vulnerabilities have already been discovered this year, including one just a few days ago. Now a further two zero-day vulnerabilities have been identified. The latest two are arguably the most serious; one of which allows hackers to use the Adobe Flash security flaw to take full control of a computer. Patches not Yet Developed to Address Latest Adobe Flash Security Vulnerabilities The flaws were uncovered as a result of the recent data breach at Hacking Team, and have been identified as CVE-2015-5122 and CVE-2015-5123. They affect Adobe Flash operating on Windows, OS X and Linus systems. The new bugs are similar to the security...

Read More

Computer Theft Exposes Data of 560 ABCBS Applicants

Arkansas Blue Cross and Blue Shield (ABCBS) – Arkansas’s largest provider of health insurance – has reported the theft of a laptop computer containing the unencrypted data of 560 insurance applicants. An independent insurance agency – Treat Insurance Agency (TIA) – suffered a burglary at its Little Rock, Ark. offices on June 16. The perpetrators stole two computers that contained data of ABCNS applicants. Those individuals had applied for health insurance through TIA between October 1, 2012, and June 16, 2015. The exposed data includes the “personal information” of applicants. The exact information exposed has not been announced; however, victims will be informed by post if they have been affected together with details of the information has potentially been exposed. A helpline has also been set up for concerned members and applicants to find out more information. Arkansas Blue Cross and Blue Shield Computers Not Affected The data breach did not affect the ABCBS computer network or any of its equipment. Data exposure was limited to the information held by the TIA....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist