25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Cyberattacks Announced by Florida Physician Specialists & Mile Bluff Medical Center
Apr27

Cyberattacks Announced by Florida Physician Specialists & Mile Bluff Medical Center

Florida Physician Specialists has started notifying patients affected by a November 2025 hacking incident. Mile Bluff Medical Center in Wisconsin has announced that it is working under downtime procedures as it recovers from an April 2026 ransomware attack. Florida Physician Specialists Florida Physician Specialists, a Jacksonville, FL-based multi-specialty private physician practice serving patients in Northeast Florida, started notifying patients on April 24, 2026, about a November 2025 hacking incident that exposed some of their personal and protected health information. An investigation was launched into a security incident in late November, which confirmed that an unauthorized third party accessed its network between November 27, 2025, and November 29, 2025. The review of the exposed data was completed on April 6, 2026, when it was confirmed that a limited amount of patient data may have been exfiltrated from its network. Data potentially compromised in the incident included names in combination with one or more of the following: Social Security numbers, driver’s license...

Read More
South Texas Oncology and Hematology Pays $1.1M to Settle Data Breach Lawsuit
Apr27

South Texas Oncology and Hematology Pays $1.1M to Settle Data Breach Lawsuit

South Texas Oncology and Hematology, a San Antonio, TX-based provider of leading-edge cancer treatment and other medical services, has settled a class action lawsuit stemming from a February 2024 cyberattack and data breach that involved unauthorized access to the personal information of 176,303 individuals, including the protected health information of 175,195 individuals. Suspicious network activity was identified on February 15, 2024, and the forensic investigation confirmed that an unauthorized individual accessed its network and potentially obtained employee and patient information. Data exposed in the incident included names, contact information, dates of birth, health information, and Social Security numbers. The affected individuals were notified about the incident in June 2024. The first class action lawsuit over the data breach was filed by plaintiff Doris Flores on June 24, 2024, in the U.S. District Court for Bexar County, Texas, 438th Judicial District. Several other lawsuits were subsequently filed, and since they made similar claims and had overlapping classes, the...

Read More
Former FBI Deputy Cyber Chief Calls for Terrorism Classification for Healthcare Ransomware Actors
Apr27

Former FBI Deputy Cyber Chief Calls for Terrorism Classification for Healthcare Ransomware Actors

At a recent joint hearing by the Subcommittee on Border Security and Enforcement and the Subcommittee on Cybersecurity and Infrastructure Protection, a former FBI cyber chief called on the U.S. government to consider applying terrorism designations to ransomware actors who attack hospitals and other critical infrastructure entities that put lives or safety at risk. Ransomware attacks on hospitals typically result in cancelled appointments and surgeries, and ambulances are often put on divert, causing emergency patients to travel further to alternative facilities. These delays to patient care put patient safety at risk, and studies have shown that mortality rates increase at hospitals following ransomware attacks. Ransomware actors conduct attacks on hospitals in the full knowledge that patient care is threatened, as it increases the probability of a ransom being paid. The subcommittee members heard testimony from Cynthia Kaiser, the former deputy assistant director of the FBI’s Cyber Division from 2022 to 2025 and the current senior vice president of the Halcyon Ransomware Research...

Read More
House Republicans Make New Attempt to Introduce Federal Data Privacy Legislation
Apr24

House Republicans Make New Attempt to Introduce Federal Data Privacy Legislation

House Republicans have made a fresh attempt to introduce federal data privacy legislation that, if passed, will replace the current patchwork of state privacy laws. The new privacy bill – the Securing and Establishing Consumer Uniform Rights and Enforcement over Data (SECURE Data) Act, and a companion bill covering financial firms – the GUARD Financial Data Act – were introduced by Republican members of the House Committee on Energy and Commerce and the House Committee on Financial Services. Unlike previous attempts to enact comprehensive federal data privacy legislation, the SECURE Data Act and GUARD Financial Data Act are not bipartisan. No input was sought from Democratic committee members. Efforts to develop the bills were led by Congressman John Joyce, M.D., Chairman of the House Committee on Energy and Commerce, who led the Energy and Commerce Data Privacy Working Group, and Congressman John Joyce, M.D. (PA-13), Chairman of the Energy and Commerce Subcommittee on Oversight and Investigations and leader of the Energy and Commerce Data Privacy Working Group....

Read More
Alabama Ophthalmology Associates Data Breach Settlement Gets First Nod
Apr24

Alabama Ophthalmology Associates Data Breach Settlement Gets First Nod

Alabama Ophthalmology Associates, P.C., has settled a class action lawsuit that was filed in response to a January 2025 cyberattack on its computer systems. The intrusion was identified on January 30, 2025, and the forensic investigation confirmed unauthorized access to its network between January 22 and January 30, 2025. The hackers had access to files containing names, dates of birth, Social Security numbers, medical record numbers, treatment information, medical history information, and health insurance information. The Alabama Ophthalmology data breach affected 131,576 individuals, and notification letters were mailed in April 2025. Multiple class action lawsuits were filed in response to the data breach, which were consolidated as they had overlapping claims – In re Alabama Ophthalmology Associates, P.C., Data Breach Litigation – in the Circuit Court of Jefferson County, Alabama. The consolidated lawsuit alleged that the defendant failed to implement reasonable and appropriate safeguards to protect sensitive data on its network, resulting in unauthorized access and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist