25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Settlement Resolves FTC Lawsuit Against Kochava Over Sale of Geolocation Data
May07

Settlement Resolves FTC Lawsuit Against Kochava Over Sale of Geolocation Data

A settlement has been reached between the Federal Trade Commission (FTC) and the Idaho-based data broker Kochava and its subsidiary Collective Data Solutions to end long-running litigation over the sale of precise geolocation data. Kochava sells a range of data to its customers, which includes comprehensive consumer profiles and geolocation data. Kochava claims to be able to pinpoint an individual’s precise location to around 10 meters through GPS coordinates and other signals, which could be tied to an individual through a unique ID associated with their mobile device. Shortly after the Supreme Court decision that overturned Roe V. Wade and removed the federal right to an abortion, the FTC launched an investigation. The investigation prompted an August 2022 lawsuit, in which the FTC alleged that Kochava was selling consumers’ precise geolocation data that was collected without consumers’ knowledge or consent. The FTC alleged that the data provided by Kochava could be used to track the movements of individuals visiting sensitive locations such as reproductive healthcare facilities,...

Read More
New Cyber Resilience Readiness Program Developed by Joint Commission; AHA
May07

New Cyber Resilience Readiness Program Developed by Joint Commission; AHA

Joint Commission and the American Hospital Association (AHA) have partnered to create a new Cyber Resilience Readiness program for hospitals and health systems to help them sustain safe clinical operations during cyber-related technology outages. Hacking and ransomware attacks have skyrocketed in recent years. According to the Federal Bureau of Investigation (FBI), healthcare and public health was the most targeted sector in 2025, experiencing 642 hacking incidents, including 460 ransomware attacks and 182 data breaches. Currently, the HHS’ Office for Civil Rights breach portal shows 765 data breaches affecting 500 or more individuals were reported in 2025, the highest number ever reported in a single year. These incidents often result in prolonged periods of digital darkness, where systems are offline, and healthcare organizations are forced to resort to manual processes for recording patient information. During those periods, hospitals and health systems must ensure continuity of care and maintain patient safety, even without access to critical technologies. To counter the threat...

Read More
Oglethorpe Settles Data Breach Lawsuit
May07

Oglethorpe Settles Data Breach Lawsuit

Oglethorpe, a Tampa, FL-based network of mental health and addiction recovery treatment facilities, was sued in response to a June 2025 hacking incident in which the personal and protected health information of 92,000 current and former patients and employees was stolen. The lawsuit has recently been settled and a cash fund of $350,000 will be created to cover benefits for class members. The hacking incident was discovered in June 2025. The forensic investigation determined that the hacker exfiltrated information such as names, Social Security numbers, driver’s license or state identification numbers, and medical information. The affected individuals started to be notified about the incident on October 31, 2025. Multiple class action lawsuits were filed in response to the data breach, alleging that it could have been prevented had reasonable and appropriate cybersecurity measures been implemented. The lawsuits were consolidated – Scott, et al. v. Oglethorpe, Inc.- in the Circuit Court for Broward County, Florida, since they had overlapping claims and were based on the same...

Read More
Data Breaches Announced by Four Healthcare Providers
May07

Data Breaches Announced by Four Healthcare Providers

Data breaches have recently been announced by Western Orthopaedics in Colorado, Community Health Systems in California, Tri-Cities Gastroenterology in Tennessee, and Integrated Pain Associates in Texas. Western Orthopaedics Western Orthopaedics, an Englewood, Colorado-based healthcare provider with locations throughout Colorado, has disclosed a security incident that was first identified on October 2, 2025. Assisted by third-party cybersecurity experts, Western Orthopaedics confirmed unauthorized access to its network between September 17, 2025, and September 25, 2025, during which time files containing personal and protected health information may have been viewed or acquired. The analysis of those files was completed on March 3, 2026, when it was confirmed that the following data elements were potentially compromised: full name, address, phone number, Social Security number, date of birth, password, and/or financial account information, which may include credit/debit card number with or without security or access code, and protected health information such as health insurance...

Read More
Starr Insurance Discloses Ransomware Attack
May06

Starr Insurance Discloses Ransomware Attack

The health insurance company Starr Insurance has disclosed a ransomware attack and data breach. Data breaches have also been reported by the medical imaging company Green Imaging and the AI-based care coordination provider Lena Health. Starr Insurance Starr Insurance, a Chambersburg, Pennsylvania-based insurance agency, has recently confirmed that hackers accessed parts of its computer network and potentially obtained a range of sensitive data. Suspicious network activity was identified on November 18, 2025. Assisted by third-party cybersecurity experts, Starr Insurance determined that an unauthorized actor accessed and copied files from its network on November 28, 2025. The review of the affected data confirmed that the hacker obtained information such as names, addresses, Social Security numbers, driver’s license numbers, financial account information, payment card information, medical information, health insurance information, and online account access information.  Regulators have been notified, and individual notification letters are being sent to the affected individuals....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist