25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

ANCHOR-CI Framework Strengthens Partnerships and Information Sharing to Secure Critical Infrastructure
Jul03

ANCHOR-CI Framework Strengthens Partnerships and Information Sharing to Secure Critical Infrastructure

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has announced the formation of the Alliance of National Councils for Homeland Operational Resilience–Critical Infrastructure, or ANCHOR-CI for short. ANCHOR-CI will operate for two years initially but may be extended by DHS Secretary under the authority provided by Section 871 of the Homeland Security Act. ANCHOR-CI is the successor to the Critical Infrastructure Partnership Advisory Council (CIPAC), which enabled critical infrastructure entities to exchange sensitive information with the federal government about physical and cyber risks. CIPAC was established by the DHS in March 2006 and served as the framework for public collaboration on security for almost two decades, until it was eliminated by then DHS Secretary Kristi Noem in March 2025. There has been no formal framework for government-industry coordination on critical infrastructure cybersecurity for more than a year, and without the legal protections provided by CIPAC or an equivalent framework, some critical infrastructure...

Read More
AdaptHealth Reports Material Cybersecurity Incident and Theft of Patient Data
Jul03

AdaptHealth Reports Material Cybersecurity Incident and Theft of Patient Data

AdaptHealth, a publicly traded healthcare company that provides home medical equipment, diabetes supplies, and sleep therapy products, has informed the U.S. Securities and Exchange Commission (SEC) that it is investigating a material cybersecurity incident involving unauthorized access to patient data. According to the company’s Form 8-K filing, a threat actor contacted the company on June 15, 2026, claiming to have obtained files containing patient data. AdaptHealth launched an investigation, engaged third-party cybersecurity experts, and notified law enforcement. AdaptHealth has determined that certain cloud-based business applications were accessed by the threat actor, including internal patient management systems and document storage platforms. Files containing patients’ personally identifiable information (PII) and protected health information were exfiltrated by the threat actor. The investigation is ongoing; however, AdaptHealth has determined that the unauthorized access occurred as a result of a response to a social engineering attack on a third-party contractor, which...

Read More
Delaware & Florida Women’s Health Centers Announce Data Breaches
Jul03

Delaware & Florida Women’s Health Centers Announce Data Breaches

Two women’s healthcare providers have announced data privacy incidents. Women’s Wellness of Southern Delaware recently learned about unauthorized retention of patient data by a former provider of aesthetic services, and Women’s Center for Radiology has identified a hacking incident. Women’s Wellness of Southern Delaware Women’s Wellness of Southern Delaware, a Lewes, DE-based provider of obstetrics, gynecology, and facial aesthetic services, has recently learned that a former provider who rendered aesthetic services for the practice retained the protected health information of patients after engagement with the practice had terminated. Women’s Wellness of Southern Delaware was made aware of the data retention on April 28, 2026. The provider retained patients’ contact information and other patient-related information and is believed to have contacted certain patients to offer similar services at a new practice. The information retained relates to certain recipients of aesthetic services and clinical services patients. For the aesthetic services...

Read More
Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack
Jul03

Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack

A consolidated class action lawsuit against the medtech company Stryker over a March 2026 cyberattack has been voluntarily dismissed by the plaintiffs, shortly after Stryker filed a motion to dismiss the lawsuit, alleging a lack of standing. The Iranian hacktivist group Hamdala targeted Stryker in response to the military action in Iran by the United States and Israel. The hackers breached certain Stryker systems, stole around 50 terabytes of data, and permanently erased 12 petabytes of data on around 200,000 company devices. The attack caused considerable disruption, taking systems out of action for weeks. Eight current and former Stryker employees took legal action against the company alleging that their personal information was compromised in the attack. The lawsuits started to be filed within hours of Stryker announcing the cyberattack, before Stryker had completed its investigation. While a significant amount of data was stolen in the attack, Stryker said its forensic investigation found no evidence to suggest that any of the plaintiffs’ data was compromised. Stryker...

Read More
ClickFix Social Engineering Technique is the Leading Method for Malware Delivery
Jul02

ClickFix Social Engineering Technique is the Leading Method for Malware Delivery

The ClickFix social engineering technique is the leading method of malware delivery, according to an analysis by researchers at ReliaQuest. The researchers analyzed cyberattacks between March 1 and March 31, 2026, and found that attackers were most commonly exploiting trusted identities, devices, and tools in their attacks. This approach allows the attackers to hide their activities, which resemble normal user behavior, and bypass traditional perimeter and file scanning defenses. The leading technique was ClickFix, which involves tricking users into pasting the attacker’s commands and scripts into trusted system dialogs, such as the Windows Run dialog. Pressing the Windows Key + R, launches the Run dialog, and the user is convinced to copy the supplied code into the dialog and execute it, having been tricked into thinking that the command will resolve an IT issue. For instance, a user visits a website that triggers a pop-up, warning them that their browser contains a vulnerability or an image failed to load. They are told to click a button, which copies code, and then paste that...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist