25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Urgent Action Required by MOVEit Automation Users
May05

Urgent Action Required by MOVEit Automation Users

Progress Software has issued a warning to customers about a critical authentication bypass vulnerability within the MOVEit Automation application. MOVEit Automation is a managed file transfer (MFT) that serves as a central automation orchestrator for scheduling and managing file transfer between different systems, including on-premises servers, cloud storage, and third-party partners. Remotely exploitable vulnerabilities in Internet-facing MFT applications are targeted by threat actors. Certain threat groups such as Cl0p have actively targeted enterprise-grade MFTs, mass exploiting the vulnerabilities in attacks on dozens and, in some cases, thousands of users. The critical authentication bypass vulnerability has a CVSS v3.1 base score of 9.8 out of 10 and is tracked as CVE-2026-4670 and can be exploited by a remote attacker with no privileges in a low-complexity attack. The vulnerability affects MOVEit Automation versions prior to 2025.1.5, 2025.0.9, and 2024.1.8. A second high-severity privilege escalation vulnerability has also been identified. The flaw, tracked as...

Read More
World Password Day 2026 – Password Tips and Best Practices
May04

World Password Day 2026 – Password Tips and Best Practices

Thursday, May 7, 2026, is World Password Day – an event originally established in 2013 and observed on the first Thursday of May each year that has the goal of improving awareness of the importance of creating complex and unique passwords and adopting password best practices to keep sensitive information private and confidential. Passwords were first used to protect accounts against unauthorized access in computing environments in the 1960s. In 1961, researchers at the Massachusetts Institute of Technology (MIT) started using the Compatible Time-Sharing System (CTSS). The system ran on an IBM 709, and users could access the system through a dumb terminal, with passwords used to prevent unauthorized access to users’ personal files. The system is widely believed to be the first to use passwords and was also one of the first to experience a password breach. In the mid-1960s, MIT Ph.D. researcher Allan Scherr needed more than his allotted 4-hour CTSS time to run performance simulations he had designed for the computer system. He discovered a way to print out all passwords stored...

Read More
HIPAA Compliance Officer Duties in Small Medical Practices
May02

HIPAA Compliance Officer Duties in Small Medical Practices

Article Summary Defining the compliance officer role distinguishes program oversight from performing every compliance task personally. Building and maintaining the compliance program establishes the policy library, training schedule, and documentation system the program operates within. Internal monitoring and auditing confirms the practice’s actual operations match its written policies. Duties a HIPAA Compliance Officer typically performs include risk analysis coordination, training review, and incident intake. Managing the complaint and incident intake process gives patients and staff a defined path for raising a HIPAA concern. Corrective action plans assign specific steps, a responsible party, and a completion timeline for every identified gap. Serving as the point of contact for regulators requires organized documentation the Compliance Officer can produce during an OCR inquiry. Keeping the compliance officer role current depends on ongoing education and documented transition planning for the role. HIPAA Compliance Officer Role in a Small Practice A HIPAA Compliance...

Read More
Frequency and Severity of Hacks of Medical Devices Increasing
May01

Frequency and Severity of Hacks of Medical Devices Increasing

Healthcare organizations are increasingly concerned about medical device security and for good reason – attacks targeting or impacting medical devices are increasing, and those attacks are negatively impacting patient care. Adoption of AI-enabled and AI-assisted medical devices is increasing, despite serious concerns about the cybersecurity risks associated with the devices, and legacy devices continue to be used past end-of-support, despite those devices containing known and unpatched vulnerabilities. According to a recent survey by RunSafe Security, conducted on 551 healthcare professionals involved in device purchasing decisions in the U.S., UK, and Germany, healthcare organizations are getting better at reducing medical device security risks, although the underlying risks remain significant, and in many cases are increasing in severity and impact. When questioned about medical device cybersecurity, 59% of respondents said they are extremely or very concerned about a cybersecurity incident impacting medical devices, with almost one-quarter reporting that such an attack has...

Read More
Ransomware Attack on Good Samaritan Health Center Affects 10,000 Individuals
May01

Ransomware Attack on Good Samaritan Health Center Affects 10,000 Individuals

Data breaches have recently been announced by Good Samaritan Health Center, Wonderland Child & Family Services, and L.A. Care Health Plan. Good Samaritan Health Center Good Samaritan Health Center in Atlanta, Georgia, has notified 10,000 individuals about a February 9, 2026, ransomware attack on one of its internal servers. The attack was identified on February 9, 2026, and the server was isolated to contain the attack. The server was restored from backups on the same day. Good Samaritan Health Center said it has found no evidence to suggest that there has been any misuse of data stored on the server, nor was evidence found of any public disclosure of patient data after the attack; however, Good Samaritan Health Center could not rule out the possibility that data had been accessed or stolen. Data on the server was reviewed, and the files were found to contain names, dates of birth, zip codes, and limited clinical information. Social Security numbers and financial information were not compromised as they were not stored on the server. Good Samaritan Health Center said it has...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist