25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Arizona & Texas Clinics Notify Patients About Ransomware Incidents
Apr20

Arizona & Texas Clinics Notify Patients About Ransomware Incidents

Ransomware attacks have been announced by Glendale Obstetrics & Gynecology in Arizona and Lymphedema Therapy Specialists in Texas, and City Health in California has notified patients about a recent data breach. City Health City Health, a California healthcare provider with locations in San Leandro and Oakland, has notified certain patients about a hacking incident that was identified on March 30, 2026. Assisted by third-party cybersecurity specialists, City Health determined that an unauthorized third party accessed its electronic medical record system network between March 2, 2026, and March 11, 2026, and viewed or acquired sensitive information. The electronic medical record system was accessed using credentials associated with a third-party account. “The individual involved was a former business counterparty whose access to City Health’s systems had been previously terminated,” explained City Health. “Upon discovery, City Health immediately revoked the unauthorized access and initiated an investigation into the scope and impact of the incident.” Data...

Read More
Court Rules State Regulator’s Investigation of Blue Cross Blue Shield of Montana May Proceed
Apr20

Court Rules State Regulator’s Investigation of Blue Cross Blue Shield of Montana May Proceed

A district court judge in Montana has ruled that the State Auditor and Insurance Commissioner’s investigation of Blue Cross Blue Shield of Montana (BCBSMT) over a data breach affecting 462,000 individuals may proceed. The data breach involved BCBSMT’s third-party vendor Conduent Business Services. The Safepay ransomware group claimed responsibility for the attack and stole 8.5 TB of data. While the full scale of the data breach is still unclear, at least 25 million Americans were affected nationwide. BCBSMT reported the data breach separately as affecting 462,000 Montanans. Commissioner Brown launched the investigation into BCBSMT and Conduent over the data breach to help educate the public about data breaches, improve the regulation of insurance companies to prevent further breaches, and determine if there have been any unlawful acts that warrant a financial penalty, namely, whether BCBSMT complied with state law requiring insurers to provide timely notice when a data breach occurred. The data breach was significant, as one-third of state residents had their data compromised, and...

Read More
Free Webinar: How to Stop Phishing Attacks Before They Reach Your Team
Apr20

Free Webinar: How to Stop Phishing Attacks Before They Reach Your Team

Phishing has long been a leading cause of healthcare data breaches. Hackers target employees as they are a weak link in the security chain, and many healthcare ransomware attacks start with credentials stolen in phishing attacks. Phishing attacks are often blamed on the employees who respond to phishing attempts. A survey of healthcare IT leaders found 85% of respondents believe employee negligence is a top email security risk, yet despite that, only 16% of respondents said they train their workforce on how to recognize phishing attempts quarterly or more frequently. The majority of healthcare organizations only provide training to their workforce once a year, and hope that the training sticks and employees will remain vigilant throughout the year, which is seldom the case. Unfortunately, the risk from phishing is getting worse as AI-generated phishing campaigns are difficult for employees to identify. AI-generated phishing emails are grammatically correct, free of spelling mistakes, and use advanced impersonation techniques. An analysis of phishing emails by KnowBe4 between late...

Read More
$3.75M Settlement Resolves Data Breach Lawsuit Against Chattanooga Heart Institute
Apr17

$3.75M Settlement Resolves Data Breach Lawsuit Against Chattanooga Heart Institute

Memorial Heart Institute, doing business as Chattanooga Heart Institute in Tennessee, was sued over a data breach in 2023. A $3.75 million settlement has been agreed upon and has received the first nod from a judge. The final fairness hearing has been scheduled for May 28, 2026. The cyberattack was identified on April 17, 2023. The investigation determined that a threat actor had access to the Chattanooga Heart Institute network between March 8 and March 16, 2023, and exfiltrated files, some of which contained patients’ protected health information. The file review confirmed that data compromised in the incident included names, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, Social Security numbers, account information, health insurance information, diagnosis/condition information, lab results, medications, and other clinical, demographic, or financial information. The Karakurt ransomware group claimed responsibility for the attack. The data breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of...

Read More
Illinois Bone and Joint Institute Settles Class Action Data Breach Lawsuit for $4M
Apr17

Illinois Bone and Joint Institute Settles Class Action Data Breach Lawsuit for $4M

Illinois Bone and Joint Institute (IBJI), one of the largest orthopedic group practices in Illinois, has agreed to settle a consolidated class action lawsuit stemming from a 2024 cyberattack and data breach that affected up to 665,321 individuals. IBJI identified unauthorized access to its computer systems on or around July 4, 2024. The forensic investigation determined that hackers had access to its network from May 30, 2024, to July 4, 2024, and copied files containing patient information. Data compromised in the incident included names, addresses, dates of birth, Social Security numbers, diagnosis and treatment information, and health insurance/claims information. The breach was initially reported to the HHS’ Office for Civil Rights as affecting approximately 183,000 individuals. The total was later amended to 665,321 individuals, although the lawsuit states that approximately 568,000 individuals are in the settlement class. The first class action lawsuit over the data breach was filed by plaintiff Guy Redman in the Circuit Court of Cook County, Illinois, County Department,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist