25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Free Webinar: HIPAA Email Security 101: PHI, Encryption, and What’s Required
May15

Free Webinar: HIPAA Email Security 101: PHI, Encryption, and What’s Required

According to the Paubox 2026 Healthcare Email Security Report, in 2025, 170 email-related data breaches were reported to the HHS’ Office for Civil Rights (OCR). While healthcare organizations are getting better at preventing email-related data breaches, an analysis of email security configurations found that in 2025, 41% of healthcare organizations fell into the high-risk category, an increase from the previous year. On top of those large healthcare data breaches are the thousands of smaller breaches that affect fewer than 500 individuals, a large percentage of which are due to poor email security configurations and errors by healthcare employees. Each email incident erodes trust, can be costly to resolve, and potentially puts the organization at risk of a HIPAA penalty, yet email compliance failures are easily avoided. On May 21, 2026, the leading healthcare email security company, Paubox, is hosting a webinar to explain HIPAA email security 101. The webinar consists of a practical session covering the fundamentals of HIPAA-compliant email, what constitutes PHI, and how to...

Read More
Verber Dental Group Notifies Patients About January Hacking Incident
May14

Verber Dental Group Notifies Patients About January Hacking Incident

Data breaches have recently been announced by Verber Dental Group in Pennsylvania, Northwoods Surgery Center in Minnesota, Cunningham Prosthetic Care in Maine, Healthcare In Action in California, and Preakness Healthcare Center in New Jersey. Verber Dental Group Verber Dental Group, a Camp Hill, PA-based dental group comprising 14 dental practices, has recently notified patients of unauthorized network access that exposed patient data. Suspicious network activity was identified on January 27, 2026. The network was secured, and an investigation was launched, which revealed the threat actor had access to its network from January 26, 2026, to January 27, 2026. The investigation confirmed that patient information had been exposed, including names, dates of birth, Social Security numbers, driver’s license numbers/state identification numbers, medical records, and health insurance information. Verber Dental has not identified any misuse of patient information. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals as a...

Read More
Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches
May14

Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches

Atrium Health Navicent and Interim HealthCare of Lubbock/Amarillo have recently announced that they have been affected by data breaches at third-party vendors. Atrium Health Navicent Atrium Health Navicent is the latest healthcare provider to announce that it has been affected by the January 2025 data breach at Oracle Health. Oracle Health acquired the electronic medical record company Cerner, and was due to migrate patient records from legacy Cerner servers to Oracle Health’s systems. As early as January 22, 2025, a hacker gained access to two legacy servers and exfiltrated patient data. Oracle Health detected the breach in February 2025. Many healthcare providers were affected and issued notification letters last year. According to Atrium Health Navicent, the delay in notification is due to the complexity of the data review, which has taken many months to complete. Atrium Health Navicent said it only recently learned from Oracle Health that it had been affected, and the review of the impacted data was not completed until March 12, 2026. The data compromised in the incident was...

Read More
What are the HIPAA Training Requirements for New Hires?
May13

What are the HIPAA Training Requirements for New Hires?

The HIPAA training requirements for new hires are that “a covered entity must provide training […] to each new member of the workforce within a reasonable period of time after the person joins the covered entity’s workforce” (45 CFR 164.530(b)(2)). What a “reasonable period of time” is may depend on the new hire’s role and their existing HIPAA knowledge but the best practice in the healthcare sector is to provide HIPAA training and HIPAA security awareness training as soon as possible.  All healthcare students on clinical placements are new hire that should immediately be provided with HIPAA training. Because HIPAA applies to many different types of organizations, it is important the HIPAA training requirements for new hires are put into context rather than taken in isolation. This is because HIPAA requires covered entities and business associates to identify risks to the privacy of Protected Health Information (PHI) and mitigate the risks to a reasonably acceptable level. If a covered entity conducts a risk assessment, and identifies a risk to the privacy of PHI by allowing an...

Read More
Gandara Mental Health Center Settles Class Action Data Breach Lawsuit
May13

Gandara Mental Health Center Settles Class Action Data Breach Lawsuit

Gandara Mental Health Center in Springfield, Massachusetts, has agreed to settle class action litigation stemming from a June 2024 cyberattack and data breach that affected 17,543 individuals. The cyberattack was detected on June 20, 2024, and Gandara Mental Health Center determined that personal and protected health information, such as names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnoses, treatment information, and health insurance information, had been compromised. The hackers claimed to have exfiltrated approximately 450 GB of data. A class action lawsuit was filed in the Court in the Commonwealth of Massachusetts, Hampden County – Eugene Mitchell v. Gandara Mental Health Center, Inc. – in response to the data breach that alleged that the defendant failed to properly secure its network, leading to the theft of the plaintiffs’ personal and protected health information. The lawsuit asserted claims for negligence, negligence per se, breach of implied contract, unjust enrichment, and breach of fiduciary duty. Gandara Mental Health...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist