25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Healthcare Data under Threat from Stegoloader Malware

Back in 2013, a new form of malware was discovered that was capable of stealing information from the system on which it was installed – as with other malware – however, this variant differs in that it hides in PNG image files, making it look innocuous. The malware has recently been discovered to be having something of a resurgence, and healthcare providers are being targeted. Risk of Malware Transmission via PNG Images The Trojan works using a process called digital steganography. Steganography has Greek origins, and roughly translates as “covered writing”. The technique allows hackers to hide bits of code within the image pixels or other parts of the image such as the header section. The Danger of the Stegoloader Trojan The Stegoloader Trojan family is otherwise known as Win32/Gatak.DR and TSPY_GATAK.GTK according to Dell SecureWorks. The latest variants of the malicious software identified by Trend Micro are TROJ_GATAK.SMJV, TROJ_GATAK.SMN, and TROJ_GATAK.SMP. The latest three variants are most commonly acquired from file-sharing websites; in particular illegal software and games...

Read More

Healthcare Providers Seek Protection from HIPAA Breaches

Phishing, malware & direct attacks by hackers are on the increase and employees are abusing data access rights: Any organization required to collect, store or use Protected Health Information (PHI) is likely to suffer a data breach. It is just a matter of when that breach will occur. Even when healthcare providers abide by HIPAA Rules – and avoid OCR financial penalties – the cost of a healthcare data breach can be considerable. Patients must be notified, credit protection services provided and identity theft insurance offered. The cost of printing and posting breach notification letters represents a sizable cost. Mid-sized healthcare providers that hold millions of patient health records and Social Security numbers could well find a large-scale data breach to be ruinous. Inevitable Data Breaches Mean Insurance Policies are Required   Even the best security systems can be undone by a single worker. The data breach at Medical Management LLC occurred when an employee took data from the company and disclosed it to a third party. A recent data breach at Penn State University...

Read More

Extent of Unauthorized Cloud Service Usage by Employees Uncovered

How many cloud services is your organization using? According to a new report, if the figure is under 928 – the average number of cloud services used by healthcare providers – you may be underestimating the extent to which employees are using the cloud. The data suggest employees are breaching security policies by using cloud services that lack the necessary security controls. If the data collected is representative of the healthcare industry as a whole, HIPAA violations are being committed on a daily, if not hourly basis by healthcare professionals. Benefits of HIPAA-Compliant Cloud Services   There are a number of advantages to be gained from using cloud services. Healthcare providers and other HIPAA-covered entities can cut IT equipment and maintenance costs by hosting data in the cloud. Leveraging cloud services can also improve productivity, and speed up accessing and logging of patient data. A number of healthcare providers have been able to improve patient health outcomes by making use of cloud services. Security Risks Being Taken by Employees   Skyhigh Networks...

Read More

Privacy Incident Reported by Meritus Medical Center

The Meritus Medical Center (MMC) in Hagerstown, Maryland has started issuing breach notification letters to 1, 029 patients after a “privacy incident” was discovered in which patient names and other Personally Identifiable Information (PII) were exposed along with healthcare information and Social Security numbers, according to a report in the Herald Mail. Dates of birth, patient gender and medical record numbers were potentially viewed along with healthcare data such as medical test results. Not all individuals had their Social Security numbers compromised, as this data was only stored on a limited number of individuals. MMC has confirmed that no financial information was exposed in the data breach. Breach Notification Letters Sent HIPAA-Covered Entities often delay the issuing of breach notices to patients to enable a full breach investigation to be conducted, which can take some time to complete. This proved to be the case with Meritus Medical Center; although according to a statement released by a MMC spokesperson, Mary Rizk, the breach notice letters were sent “as soon as...

Read More

Healthcare Thieves and Fraudsters Brought to Justice

The past two weeks have seen hundreds of criminals arrested for healthcare fraud and a number of indictments filed against the perpetrators of Medicare and tax fraud rings. The FBI was responsible for bringing in most of the criminals following a major Medicare fraud takedown. The perpetrators and players in the Medicare Fraud ring were able to obtain hundreds of millions of dollars in Medicare payments before being caught. FBI Makes 243 Arrests for Healthcare Fraud   On June 18, the FBI announced it has arrested 243 individuals in a nationwide operation targeting individuals responsible for obtaining over $712 million from fraudulent Medicare claims. The operation was the largest ever conducted, resulted in more arrests than any other operation and involved the highest fraud value of any past Medicare Fraud takedown. A number of doctors, nurses and medical professionals were also arrested for supplying data to the fraudsters. According to FBI Director James B. Comey, “There is a lot of money there, so there are a lot of criminals,” he went on to say “In these cases, we...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist