25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Largest Healthcare Data Breaches of 2025
Jun05

Largest Healthcare Data Breaches of 2025

2025 was another bad year for healthcare data breaches. As of June, 2026, 2025, 772 healthcare data breaches affecting 500 or more individuals are listed on the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) breach portal, involving the exposure or theft of the protected health information of 139,721,832 individuals. That total is likely to increase further as there are several data breach investigations that have yet to conclude. Based on the current totals, 2025 was the worst ever year for large healthcare data breaches, beating the previous record of 746 data breaches set in 2023 by 3.49%.  In terms of affected individuals, 2025 was the third-worst year, behind the 289.8 million affected individuals in 2024 and the 183 million affected individuals in 2023. You can view the latest figures and how they compare to previous years on our Healthcare Data Breach Statistics page. Large healthcare data breaches increased by 4.18% year over year, although there was a 51.79% year-over-year decrease in affected individuals. Such a large decrease in affected...

Read More
Hacking Group Claims Responsibility for Multi-Million-Record DentaQuest Data Breach
Jun05

Hacking Group Claims Responsibility for Multi-Million-Record DentaQuest Data Breach

Wellesley, MA-based DentaQuest, a dental benefits administrator that manages the benefits for 32 million Americans, has announced it is actively managing a cybersecurity incident involving unauthorized access to a limited part of its network. According to its website notice, immediate action was taken to contain and mitigate the threat, and the company is working with a leading cybersecurity expert, forensic investigators, and law enforcement authorities. If the data breach is confirmed as affecting 2.6 million individuals, it will rank as one of the largest healthcare data breaches of the year to date. DentaQuest, part of Sun Life U.S. Dental, is the largest Medicaid and Children’s Health Insurance Program dental benefits administrator in the country, operating in 50 U.S. states. The company has yet to determine the exact scope of the incident and the extent to which sensitive data has been compromised. The company has promised to update clients and ensure that they receive information as quickly and transparently as possible. The digital extortion group ShinyHunters has claimed...

Read More
Onsite Women’s Health $2.5M Data Breach Settlement
Jun04

Onsite Women’s Health $2.5M Data Breach Settlement

A breach of the email account of an employee of Onsite Women’s Health that exposed the protected health information of 357,265 individuals has resulted in a $2,525,000 settlement. Onsite Mammography, LLC, which does business as Onsite Women’s Health, a Westfield, Massachusetts-based provider of medical imaging services to hospitals, identified unauthorized access to an employee’s email account in October 2024. The email account was compromised as a result of a response to a phishing email, and while the account was only accessible for a short period of time, sensitive data was exfiltrated, including names, dates of birth, Social Security numbers, driver’s license numbers, credit card numbers, and information related to patients’ mental or physical conditions, and any care they received. Multiple class action lawsuits were filed in response to the data breach, which were consolidated – Clarkson, et al. v. Onsite Mammography, LLC, d/b/a Onsite Women’s Health – in the United States District Court District of Massachusetts.  The consolidated lawsuit alleged that inadequate...

Read More
Conduent Business Services Data Breach Affected More Than 62.2 Million Individuals
Jun04

Conduent Business Services Data Breach Affected More Than 62.2 Million Individuals

In January 2025, news first surfaced about a massive data breach at Conduent Business Services, a vendor that provides printing, mailing, document processing, payment integrity, and other back-office services to healthcare providers, health plans, and government agencies. Conduent first identified the security breach on January 13, 2025; however, the forensic investigation determined that hackers had access to its computer network for three months, starting on October 21, 2024. At the time, the true scale of the breach was unknown. Based on breach reports submitted to the state attorneys general in Oregon and Texas, at least 25 million Americans were known to have been affected in those states alone; however, the full scale of the breach has only recently been confirmed. Conduent has provided an updated total to the Department of Health and Human Services Office for Civil Rights (OCR), indicating that the protected health information of at least 62,224,658 individuals was compromised in the incident. When a data breach occurs at a business associate of a HIPAA-covered entity, it is...

Read More
Clarinda Regional Health Center Reports Data Breach Affecting 24K Patients
Jun04

Clarinda Regional Health Center Reports Data Breach Affecting 24K Patients

Data breaches have been announced by Clarinda Regional Health Center in Iowa, Community Connections in DC, Waveny Lifecare Network in Connecticut, and NJ Pain Care Specialists in New Jersey. Clarinda Regional Health Center Clarinda Regional Health Center, a Clarinda, IA-based non-profit hospital, has started notifying 24,341 individuals about a recent cybersecurity incident that exposed sensitive data. Suspicious activity was identified within its computer network on December 15, 2026, and the forensic investigation determined that files containing patient data may have been accessed or acquired without authorization in October 2025. The LockBit5 ransomware group claimed responsibility for the incident. The file review confirmed that the exposed data included first and last names, dates of birth, medical information, health insurance information, financial account numbers, Social Security numbers, driver’s license numbers, and taxpayer identification numbers. The types of data varied from individual to individual. The review of the affected files was completed on May 21, 2026, and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist