25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Ransomware Attack on Hospital Caribbean Medical Center Affects 92,000 Individuals
Apr22

Ransomware Attack on Hospital Caribbean Medical Center Affects 92,000 Individuals

A ransomware attack on Hospital Caribbean Medical Center in Puerto Rico has affected up to 92,000 individuals. Data breaches have also been announced by Murray County Medical Center in Minnesota and Aligned Orthopedic Partners in Maryland. Hospital Caribbean Medical Center, Puerto Rico A major data breach has been announced by Hospital Caribbean Medical Center in Fajardo, Puerto Rico. While it is unclear when the attack occurred, the hospital issued a press release on February 8, 2026, about a cyberattack that targeted its information systems. The intrusion was detected by its monitoring systems, and steps were immediately taken to contain the incident and prevent further unauthorized access to its IT systems. The types of information exposed in the incident were not detailed in the press release, nor was the number of affected individuals; however, the incident is now shown on the HHS’ Office for Civil Rights breach portal as affecting up to 92,000 individuals. Hospital Caribbean Medical Center said it has reinforced its monitoring systems, implemented additional updates to its...

Read More
Tangoe Data Breach Settlement Receives Preliminary Approval
Apr21

Tangoe Data Breach Settlement Receives Preliminary Approval

Tangoe, a provider of software solutions for managing telecom, mobile, and cloud expenses, has agreed to a settlement to resolve a class action lawsuit stemming from a November 2022 security incident. Tangoe experienced a cyberattack, exposing sensitive data such as names, dates of birth, Social Security numbers, medical information, health insurance information, medication information, billing and claims information, and financial account information. Hackers had access to its systems between November 15, 2022, and November 17, 2022. The breach affected some of its healthcare clients and involved unauthorized access to the protected health information of 4,765 individuals, according to the breach notice filed with the HHS’ Office for Civil Rights. While the breach occurred in November 2022, it took until November 1, 2023, for the affected individuals to be notified. A lawsuit – Kevin McLinden v. Tangoe US, Inc.- was filed in the Superior Court for Marion County, Indiana, over the data breach, alleging Tangoe failed to implement reasonable and appropriate cybersecurity...

Read More
North Texas Behavioral Health Authority Data Breach Affects 285K Individuals
Apr21

North Texas Behavioral Health Authority Data Breach Affects 285K Individuals

North Texas Behavioral Health Authority (NTBHA), a provider of mental health and substance use treatment and services in Dallas, Ellis, Hunt, Kaufman, Navarro & Rockwall counties, has notified the Department of Health and Human Services (HHS) Office for Civil Rights about a breach of the protected health information of 285,086 individuals. The data breach is the 6th largest data breach reported to OCR so far in 2026. NTBHA identified unauthorized activity within its computer systems on or around October 15, 2025, and launched an investigation to determine the nature and scope of the activity. The investigation confirmed that an unauthorized third party accessed its network between October 13, 2025, and October 15, 2025, during which time files containing patient information may have been viewed or acquired. It took around three months to review the affected files, and on January 7, 2026, NTBHA confirmed that some of the files contained personal information. The substitute data breach notice does not list the types of data involved, although for some individuals, Social Security...

Read More
Chicago’s Saint Anthony Hospital Reports Breach Affecting 146,000 Individuals
Apr21

Chicago’s Saint Anthony Hospital Reports Breach Affecting 146,000 Individuals

Saint Anthony Hospital, a nonprofit, faith-based, acute care, community hospital in Chicago, has started notifying individuals about unauthorized access and/or theft of some of their personal and protected health information. The substitute breach notification does not state when the unauthorized access was detected, only that an unauthorized third party accessed and/or acquired certain files and folders of unstructured data from its email system on February 27, 2025. The forensic investigation confirmed that electronic medical records were not affected by the incident. More than a year after the unauthorized access occurred, notification letters are being sent to the affected individuals. Saint Anthony Hospital said the third-party specialists engaged to review the affected files completed their review on February 13, 2026, and notification letters started to be mailed to the affected individuals on March 6, 2026, after the results of the data review were verified and contact information was obtained. The substitute breach notice on the Saint Anthony Hospital website does not...

Read More
Data Breaches Announced by Mindpath Health; Springfield Hospital; Lone Peak Psychiatry
Apr21

Data Breaches Announced by Mindpath Health; Springfield Hospital; Lone Peak Psychiatry

Data breaches have been announced by the California psychiatry and therapy provider Mindpath Health, Springfield Hospital in Vermont, and Lone Peak Psychiatry in Utah. Community Psychiatry Management (Mindpath Health) Community Psychiatry Management, LLC, doing business as Mindpath Health, a Sacramento, California-based provider of in-person and online psychiatry and therapy services, has notified the Maine Attorney General about a hacking incident that Mindpath Health learned about on November 14, 2025. The personal and protected health information of 14,060 individuals was potentially compromised in the incident, including 2 Maine residents. The incident is part of a much larger data breach at its vendor, Pinnacle Holdings, LTD. Pinnacle Holdings provides healthcare consulting services, and the data breach affected many of the company’s healthcare clients. The incident was detected by Pinnacle Holdings on November 25, 2024, when Pinnacle Holdings experienced a network disruption. The forensic investigation confirmed unauthorized network access between November 11, 2024, and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist