25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Florida Law Firm Data Breach Affects 65,000 Individuals
Jun11

Florida Law Firm Data Breach Affects 65,000 Individuals

A cyberattack at the law firm GrayRobinson has affected 65,000 individuals. Data breaches have also been announced by C2N Diagnostics in Missouri and Virta Health and Virta Medical in Colorado. GrayRobinson The Orlando, Florida-based law firm GrayRobinson, P.A., has notified the Maine Attorney General about a data breach affecting 65,113 individuals, including 52 Maine residents. Among those individuals, 54,131 people had their protected health information exposed in the incident. In its substitute data breach notice, GrayRobinson explained that unauthorized access to its network was detected on or around March 24, 2025. Immediate steps were taken to secure its network, and assisted by third-party cybersecurity specialists, the incident was investigated to determine the extent to which sensitive information had been compromised. The investigation confirmed that its network was accessed by an unauthorized third party between March 5, 2025, and March 24, 2025, and during that time, files containing personal and protected health information were exfiltrated from its network.  The data...

Read More
Duke University Health System; Derick Dermatology Settle Class Action Pixel Lawsuits
Jun10

Duke University Health System; Derick Dermatology Settle Class Action Pixel Lawsuits

Two more healthcare providers have settled lawsuits over their use of website tracking technologies: Duke University Health System and Derick Dermatology. Duke University Health System Pixel Settlement A lawsuit filed against North Carolina’s Duke University Health System over the use of tracking tools on its website has been settled. Like many healthcare providers, Duke University Health System had added tracking tools such as pixels to its website. These tools collect information about website users, which can be used to improve web services. These tools can also transmit the collected information to third parties, and when placed on healthcare websites, that information may include health information, depending on a user’s interactions on the website. A lawsuit was filed against Meta Platforms, Duke University Health System, WakeMed, and a defendant class of Facebook partner medical providers by plaintiffs Kim Naugle and Afrika Williams over the use of these tools. The claims against Meta Platforms were transferred to a separate class action lawsuit in California – In re...

Read More
Data Breaches Announced by Two Digestive Health Companies
Jun10

Data Breaches Announced by Two Digestive Health Companies

Cyberattacks and data breaches have recently been announced by the national gastroenterology medical group Gastro Health and Spokane Digestive Disease Center in Washington. Gastro Health Gastro Health, a gastroenterology medical group with more than 200 locations in Florida, Alabama, Washington, Virginia, Ohio, Massachusetts, and Maryland, has announced an email security incident that exposed the protected health information of some of its patients. The incident was detected on February 25, 2026, when the company learned that some of its employees had responded to phishing emails, resulting in unauthorized access to their email accounts. A separate phishing incident was identified on March 2, 2026, resulting in a further email account being subject to unauthorized access. The review of the affected email accounts confirmed that they contained information such as names, dates of birth, Social Security numbers, and state or government-issued ID numbers. Protected health information in the accounts included diagnosis and treatment information, prescription information, provider/clinic...

Read More
Free HIPAA Training
Jun10

Free HIPAA Training

Free HIPAA training can be a steppingstone to a better understanding of HIPAA rules and regulations and improved patient outcomes in healthcare environments. For these reasons, free HIPAA training can be beneficial for individuals wishing to learn more about HIPAA. The HIPAA Journal presents on this resource page comprehesive free HIPAA training that provides a thorough introduction to HIPAA. Table of Contents Why Sufficient Understanding of HIPAA is Important How Best to Support HIPAA Compliance Training HIPAA Overview HIPAA Definitions The HITECH Act The Main HIPAA Regulatory Rules HIPAA Omnibus Final Rule HIPAA Privacy Rule Basics HIPAA Security Rule Basics HIPAA Patient Rights HIPAA Disclosure Rules HIPAA Violation Consequences Preventing HIPAA Violations Being a HIPAA Compliant Employee Voluntary Foundation Courses for Individuals Free HIPAA Training FAQs   HIPAA Training for Individuals Our HIPAA Certification training gives learners clear, practical guidance on what to do and why in real-world HIPAA scenarios. View Training The Gold Standard in HIPAA Training by The...

Read More
Cybersecurity Incidents Reported by Multiple Dental Practices
Jun10

Cybersecurity Incidents Reported by Multiple Dental Practices

Data breaches have been announced by several dental practices: Bayside Dental (TX/WA), Aldrich Pediatric Dentistry (IN), Stafford Oral Surgery (VA), Garrisonville Dental (VA), and Drs. Abdelbaky, Boes, Cameron & Associates of Wake Forest and Cary Park (NC). Bayside Dental Bayside Dental, a dental practice with locations in Rowlett, Texas, and Anacortes, Washington, has experienced a cybersecurity incident. Unauthorized network access was identified on or around January 5, 2026, and the forensic investigation confirmed on March 13, 2026, that there had been unauthorized access to files containing patient data on January 5, 2026. Data potentially viewed or obtained in the incident included full names, dates of birth, Social Security numbers, medical treatment information, medical diagnostic information, prescription information, patient numbers, health insurance information, health insurance plan beneficiaries, and dates of service. Bayside Dental determined that the protected health information of up to 10,216 patients was potentially compromised in the incident. Bayside Dental...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist