25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

2015 Healthcare Cybersecurity Threats

The healthcare industry is facing an elevated threat of attacks by hackers and healthcare providers and insurers are being targeted for the data they hold on patients and plan members. The threat does not only come from cyberspace, as thieves are on the hunt for the laptops and mobile devices of healthcare professionals for the information they contain. Personal information and healthcare data carries a high value on the black market, and Social Security numbers, personal identifiers, ePHI and Medicare details are impossible for criminals to resist, especially when the databases storing that information contains tens of millions of individuals records and has substandard protections. Healthcare Data Privacy and Security Threats Healthcare organizations must fight a battle against cybercriminals on many fronts. HIPAA-covered entities must shore up defenses and thoroughly assess their organization for weaknesses, before implementing a plan to manage any potential security risks that are identified. Multi-level security systems must then be installed to ensure data is properly...

Read More

Analysts Suggest Link Between CHS and Anthem HIPAA Breaches

Anthem has started an investigation into the data breach which exposed the personal data of up to 80 million Americans and is attempting to determine how hackers gained access to its systems. The insurer has announced that the first attempt possibly dates back to 10th December, 2014; however some analysts believe the attackers may have first gained hold of the computer systems some nine months previously, with the system potentially having been compromised in April 2014. The report, published in Forbes, suggests that the “Cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data” bears similarities to the techniques used by a known state-sponsored Chinese hacking group. The group, which operates under names such as Deep Panda, Group 72, and Axiom was responsible for a number of hacks on US companies. The breach has also been linked by some experts to the Heartbleed Bug, which first emerged in 2011. The fix for the bug was issued in April last year, yet in spite of the danger, many millions of websites have yet to have had the fix...

Read More

Should HIPAA be Expanded to Improve Defenses Against Hackers?

The recent massive data breach at Anthem Inc., has caused HIPAA Privacy and Security Rules to come under the spotlight, with many asking if the legislation – in its current format – goes far enough to protect the privacy of patients and health plan members. The Anthem breach could potentially have been avoided had the insurer used full data encryption along with the appropriate security controls to keep the security keys private. HIPAA Rules could certainly be tightened to improve data security, but that is no guarantee that healthcare organizations would comply promptly and implement those additional controls. HIPAA does not currently specify that an organization must use data encryption, only that the issue should be addressed. Data encryption is therefore voluntary and according to a Forrester Research report released in September 2014, only 59% of healthcare organizations had implemented full-disk encryption or partial encryption of healthcare data. Before covering the question of whether legislation needs to be tightened, here is a refresher of what legislation has been...

Read More

Anthem Data Breach Expected to Cost Over $100 Million

A HIPAA breach carries a huge financial penalty and one the scale of that which recently affected Anthem Inc., is expected to result in costs of many tens of millions of dollars. Anthem holds an insurance policy from the American International Group to protect against cybercrime and data exposures, and is covered for losses up to $100 million. Even this sizeable amount may be exhausted with the latest data breach. The total cost, which is unlikely to be known for many months, may exceed the 100M barrier once the cost of issuing breach notifications, paying OCR penalties, implementing new security measures and fighting lawsuits are factored in. Further costs must also be covered to mitigate any damage caused such as providing credit monitoring services to victims free of charge. Anthem originally offered a year of credit monitoring services but has since extended this to two year. If 80 million individuals have been affected, damage mitigation costs alone will take up a sizeable chunk of the insurance payment. The OCR has already announced that it is looking into the breach as a...

Read More

Details Emerge of Anthem HIPAA Breach

The colossal security breach at Anthem Inc, which exposed the Social Security numbers and personal details of 78.8 million plan members, is understood to have involved data from as early as 2004. The investigations are ongoing and it is currently not known exactly how many of its members have been affected. A recent U.S. News and World Report indicates that hackers previously attempted to access the system as early as December 10, 2014. Anthem’s announcement of the breach indicated that January 27, 2015 was the first occasion that access had been gained. Anthem Spokeswoman, Kristin Binns, did not confirm the exact date of the breach, but later announced that “The hackers succeeded in penetrating the system and stealing customer data sometime after Dec. 10 and before Jan. 27”. Forensic investigators have discovered a number of network access attempts that all carry the same hallmarks, and it would appear that numerous unauthorized data access queries were made during this period using the login credentials of five Anthem Technical workers. The company’s security system appears to...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist