25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Small Practice Owners Guide to HIPAA Compliance Programs
Jul07

Small Practice Owners Guide to HIPAA Compliance Programs

Article Summary Ownership carries HIPAA responsibility regardless of delegation because the practice answers to the Office for Civil Rights rather than the individual staff member. Understanding the practice’s compliance obligations means recognizing that HIPAA requirements apply equally to a solo practitioner and a multi-provider group. Financial exposure from noncompliance scales with the violation and the practice’s compliance history rather than practice size. Compliance elements an owner should confirm in place include the risk analysis, written policies, and signed Business Associate Agreements. Choosing how to run the program means weighing internal templates, outside consultants, and dedicated compliance software against each other. Staying current with regulatory change requires a documented process for identifying and applying updates to HIPAA rules. Oversight without micromanagement relies on a structured reporting cadence that keeps the owner informed without daily involvement. Preparing for an investigation or breach depends on documentation that proves...

Read More
North Los Angeles County Regional Center Notifies Individuals About November 2024 Ransomware Attack
Jul07

North Los Angeles County Regional Center Notifies Individuals About November 2024 Ransomware Attack

North Los Angeles County Regional Center has started mailing notification letters to individuals affected by a November 2024 ransomware attack, and Midland Care Connection in Kansas has announced a March 2026 hacking incident. North Los Angeles County Regional Center North Los Angeles County Regional Center has started notifying individuals about a cybersecurity incident and data breach that was first identified 17 months ago on November 28, 2024. Suspicious activity was identified within its computer network, and the forensic investigation confirmed unauthorized access from November 20, 2024, to December 1, 2024. North Los Angeles County Regional Center determined that sensitive data was exfiltrated from its systems before ransomware was used to encrypt files. The files exfiltrated from its systems included names, addresses, dates of birth, telephone numbers, Social Security numbers, passport numbers, driver’s license or other state-issued ID numbers, U.S. federal issued ID numbers, email addresses, usernames/passwords, financial account information, payment card information,...

Read More
AI Agent Conducts First Fully Autonomous Ransomware Attack
Jul06

AI Agent Conducts First Fully Autonomous Ransomware Attack

Researchers have identified what they believe to be the first agentic ransomware attack. An autonomous large language model (LLM) agent conducted an entire attack without human involvement, including vulnerability exploitation, credential theft, lateral movement, and file encryption. The attack was identified by researchers at the cloud security company Sysdig, who linked the attack to the JadePuffer ransomware operation. JadePuffer used a fully autonomous AI agent to conduct reconnaissance on the targeted company, exploit a vulnerability (CVE-2025-3248), steal credentials, move laterally within the victim’s network, establish persistence, escalate privileges, encrypt data, and drop a ransom note, adapting to failures on the fly without human intervention. The vulnerability exploited for initial access was an unauthenticated remote code execution vulnerability in the Langflow open source framework. The researchers explained that this is an attractive entry point as Langflow servers are AI-adjacent, often hold provider API keys and cloud credentials, and are commonly stood up...

Read More
Almost 30,000 Texas Residents Affected by Data Breach at The Texas Hearing Institute
Jul06

Almost 30,000 Texas Residents Affected by Data Breach at The Texas Hearing Institute

The Texas Hearing Institute has notified the Texas Attorney General about a data breach impacting more than 29, 000 state residents. Data breaches have also been announced by Family Health Centers of Southern Indiana, the Wisconsin Department of Health Services, and Stephen W. Brown & Radiology Associates of Augusta. Texas Hearing Institute The Texas Hearing Institute, a pediatric hearing center in Houston, Texas, has started notifying at least 29,498 individuals about a March 2026 cyberattack that resulted in unauthorized access to its network and the exposure of patients’ personal and health data. Unauthorized network access was identified on March 20, 2026, and immediate steps were taken to contain the incident and secure its systems. Assisted by third-party digital forensics experts, the Texas Hearing Institute determined on April 22, 2026, that there had been unauthorized access to personal information on its systems. The data review confirmed that names, Social Security numbers, financial information, and medical records were compromised in the incident. The...

Read More
What is a HIPAA Audit Checklist?
Jul03

What is a HIPAA Audit Checklist?

A HIPAA audit checklist is a document covered entities and business associates should use to audit compliance with the standards of the HIPAA Administrative Simplification Regulations applicable to their operations. An internal HIPAA audit checklist differs from an external HIPAA audit checklist inasmuch as an external HIPAA audit checklist is designed to meet specific criteria of the OCR audit protocol, CMS’ compliance review program, or a third-party’s certification requirements. By comparison, an internal HIPAA audit checklist is a comprehensive document that covers all areas of an organization’s compliance obligations. However, as different organizations have different compliance obligations, there is no “one-size-fits-all” internal HIPAA audit checklist. Get The HIPAA Audit Checklist Free and Immediate Download Please enable JavaScript in your browser to complete this form.Business Email *Name *FirstLastWork Number *Company Name *Number of EmployeesNumber of Employees1 - 5051 - 500501+Download Free Checklist Delivered via email so please ensure you enter your...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist