25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Oregon Eye Care Provider and New York Children’s Center Announce Hacking Incidents
Oct22

Oregon Eye Care Provider and New York Children’s Center Announce Hacking Incidents

Cyberattacks have recently been announced by River City Eye in Oregon and Elmcrest Children’s Center in New York. River City Eye Care River City Eye Care, an eye care provider with locations in Portland and Happy Valley, Oregon, has started notifying patients about a recent security incident involving the theft of files containing patient information. Unusual network activity was detected on or around September 8, 2025, and an investigation was launched to determine the nature and scope of the activity. The investigation confirmed unauthorized access to its network and the exfiltration of files. The affected files were reviewed, and River City Eye Care completed the review on October 1, 2025. The types of information involved vary from individual to individual and may include names in combination with one or more of the following: address, email address, phone number, and date of birth.  Driver’s license numbers and Social Security numbers were involved for a limited number of individuals. Notification letters started to be mailed on October 16, 2025, and steps are being...

Read More
City of Hope Settles Class Action Data Breach Lawsuit
Oct21

City of Hope Settles Class Action Data Breach Lawsuit

City of Hope, a Duarte, California-based non-profit clinical research and cancer treatment center, has agreed to settle a class action lawsuit stemming from a 2023 data breach that affected more than 827,000 individuals. Hackers had access to the City of Hope network between September 2023 and October 2023, and exfiltrated sensitive data. Several class action lawsuits were filed over the data breach, as detailed in previous coverage by The HIPAA Journal below. The lawsuits had overlapping claims and were consolidated – In re City of Hope Data Security Breach Litigation – in the Superior Court of the State of California for the County of Los Angeles. The consolidated lawsuit asserted claims of negligence, breach of fiduciary duty, breach of implied contract, and invasion of privacy. City of Hope maintains there was no wrongdoing or liability. Following mediation, all parties reached an agreement in principle to settle the lawsuit to avoid the cost, time, risks, and uncertainty associated with continuing with the litigation. The terms of the settlement have now been...

Read More
Massachusetts Hospitals Experiencing Disruption Due to Cyberattack
Oct21

Massachusetts Hospitals Experiencing Disruption Due to Cyberattack

A cyberattack has caused a network outage that has disrupted operations at two hospitals in North Central Massachusetts – the 134-bed non-profit Heywood Hospital in Gardner, and Athol Hospital, a 25-bed critical access hospital in Athol, both owned and operated by Heywood Healthcare. The attack was detected last week, and systems were immediately taken offline to protect the network and patients. Incident response protocols were activated, a Code Black was declared, and the emergency department was closed to all patients arriving by ambulance. Ambulances were diverted to other facilities due to the inability to access certain systems. Radiology and laboratory services have also been disrupted. The attack affected its Internet connection, email system, and phone lines, and while communications are back up and running, some issues are still being experienced. On Thursday, October 16, 2025, the hospital confirmed that the network outage was caused by a cybersecurity incident and that a third-party cybersecurity firm has been engaged to assist with the investigation and recovery. The...

Read More
Pharmacy HIPAA Violations
Oct21

Pharmacy HIPAA Violations

Pharmacy HIPAA violations happen when a pharmacy fails to protect patient information or uses or discloses it in a way that is not permitted, and they range from simple day to day privacy mistakes to major cybersecurity incidents that trigger breach notifications, lawsuits, and regulatory scrutiny. Pharmacies handle protected health information every time they dispense medications, verify insurance, counsel patients, or coordinate with prescribers. That creates constant exposure to privacy risks at the counter and security risks in systems that store and transmit prescription and billing data. A strong HIPAA program in a pharmacy setting focuses on preventing predictable errors, hardening workflows against cyber threats, and proving that safeguards are implemented in practice rather than only documented on paper. Common Pharmacy HIPAA Violations Common violations by staff in pharmacies often start with routine operations and high customer volume. Even well run teams can slip when staffing is tight or processes are informal. Discussing prescriptions where other customers can hear...

Read More
Akumin Agrees to Pay $1.5 Million to Settle Class action Data Breach Lawsuit
Oct20

Akumin Agrees to Pay $1.5 Million to Settle Class action Data Breach Lawsuit

Akumin, a Florida-based provider of outpatient radiology and oncology services with locations in more than 20 U.S. states, has agreed to settle a class action lawsuit stemming from an October 2023 cybersecurity incident. Akumin identified suspicious network activity on October 11, 2023, and confirmed that a threat actor accessed its network on October 11, 2023, and used ransomware to encrypt files.  The files potentially accessed and/or copied by the threat actor included patient and employee information such as names, contact information, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, medical record numbers, Medicare/Medicaid numbers, financial account information, health information, occupational health information, medical images, biometric information, billing and claims information, health insurance information, electronic signatures and other sensitive data. The security incident was announced by Akumin on its website on October 12, 2023, and the data breach was reported to the HHS’ Office for Civil Rights as involving the protected...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist