25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

New Mobile Malware Appearing at Rate of 4,900 per Day

The threat from malware, phishing and spear phishing campaigns has been widely reported in recent months. Numerous new strains of dangerous malware have been identified this year and the past few weeks have seen the FBI issue warnings on two malware strains; Sakula and Stegoloader; two particularly worrying pieces of malware that are currently being used by cybercriminals to gain access to healthcare data and financial information. The scale of the threat is difficult to estimate; however a new study on mobile malware offers an indication of just how serious the problem is. The report from Security firm, G Data, indicates new malware strains are appearing at a rate of nearly 5,000 per day. According to the report, the firm collected over 200 new android malware samples on average every hour in the first quarter of the year. 440,000 new strains of Android malware were discovered in Q1, 2015, representing a 6.4% increase compared to Q4 of 2014: A jump of 21% from corresponding period last year. In Q1 more than double the volume of malware was discovered than in the whole of 2011 and...

Read More

Stolen UCSF Laptops Contained PHI of Research Participants

The University of California San Francisco (UCSF) has announced the burglary of a faculty member’s office involved the theft of a laptop computer containing unencrypted, protected health data. The information stored on the device included research and health information along with Personally Identifiable Information (PII) and medical insurance details. The burglary occurred in May, with thieves gaining access to the office of a faculty member of the Cardiac Electrophysiology & Arrhythmia Service. UCSF discovered the theft, and potential data breach, on May 6, 2015. After conducting an investigation UCSF determined that the data stored on the laptop included names, dates of birth, medical record numbers, and health insurance Identification numbers. No Social Security numbers or financial information were exposed, although UCSF’s investigation revealed that 435 individuals had their health information compromised. In the notice placed on the University website, the incident is stated to have involved the theft of a laptop computer. However, the notice says “UCSF promptly began an...

Read More

Rhode Island Identity Theft Protection Act Updates Breach Notification Laws

State Governor, Gina Raimondo, has added her signature to Senate Bill S0134; otherwise known as the Rhode Island Identity Theft Protection Act (2015). Rhode Island follows other states that have already introduced enhanced data protection and breach notification laws this year; neighboring Connecticut being one of the most recent. The new act has been introduced to improve protections for state residents and a considerable number of changes have been made to existing state laws. The new Act will become enforceable on June 26, 2016. The new law requires any “person” –individual or organization – that does business in the state of Rhode Island, and “stores, collects, processes, maintains, acquires, uses, owns or licenses personal information about a Rhode Island resident” must ensure that it puts “a risk-based information security program” in place to protect the data held. The Act requires this “in order to protect the personal information from unauthorized access, use, modification, destruction or disclosure.” The exact protections that must be put in place are not stipulated,...

Read More

FBI Alert Suggests OPM/Anthem Malware Link

The recently discovered data breach at the Office of Personnel Management (OPM) appears to have sparked an FBI alert (FBI memo: A-000061, issued June 5, 2015, according to CSO) over a particularly nasty strain of malware called Sakula. Healthcare Organizations Under Threat from Sakula Malware The Sakula malware strain is a RAT, or Remote Access Trojan, which once installed on a host’s computer, will allow hackers to make changes to the system, download other files or do what they want. The malware is often unwittingly downloaded via infected websites and popups or installed via infected email attachments. The FBI Memo warns that: “Groups responsible for these activities have been observed across a variety of intrusions leveraging a diverse selection of tools and techniques to attempt to gain initial access to a victim including using credentials acquired during previous intrusions.” Sakula Linked to Anthem and OPM Data Breaches The timing of the FBI high confidence alert may be a coincidence, although given recent events this appears unlikely. The FBI memo details 312...

Read More

Healthcare Software Security Assessed by Veracode

The cloud offers healthcare providers the opportunity to streamline the provision and management of medical services. However, healthcare providers attempting to harness the power of the cloud could potentially be placing Protected Health Information (PHI) at risk. HIPAA requires covered entities to safeguard PHI at all times, whether it takes the form of physical records or digital files. Any PHI stored or accessible via apps or other cloud applications must have security controls in place to protect the data. All cloud applications must therefore be subjected to a thorough risk assessment to identify potential security vulnerabilities, and any issues found must be addressed. Many healthcare providers, and other HIPAA-covered entities, enlist the help of professionals when it comes to assessing mobile application security, with Veracode a market leader. Over 200,000 Cloud Application Security Assessments Performed Veracode assesses applications for security vulnerabilities that could potentially be exploited to gain access to patient data; or login credentials to gain access to...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist