25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

2025 Losses to Cybercrime Exceeded $20 Billion
Apr08

2025 Losses to Cybercrime Exceeded $20 Billion

In 2025, another unwanted record was set for losses to cybercrime, with almost $21 billion in reported losses, beating the previous record of $16.6 in losses set in 2024 by 26%, according to the Federal Bureau of Investigation (FBI) Internet Crime Report 2025. The report was compiled based on complaints filed with the FBI’s Internet Crime Complaint Center (IC3), which topped 1 million for the first time, increasing from 859,000 complaints in 2024. This is the 25th year that the FBI has released its annual report, which started with a few thousand complaints filed per month to an average of almost 3,000 complaints per day in 2025. The increase in losses was largely driven by an increase in losses to investment fraud ($8,648,617,756), which was the largest cause of losses in 2025, followed by business email compromise – BEC – ($3,046,598,558) and tech support scams ($2,134,675,818). In terms of complaint volume, phishing topped the list (191,561 complaints), followed by extortion (89,129 complaints), investment fraud (72,984 complaints), and personal data breaches (67,456),...

Read More
OrthopedicsNY Settles Class Action Data Breach Lawsuit for $1.45M
Apr08

OrthopedicsNY Settles Class Action Data Breach Lawsuit for $1.45M

A $1,450,000 settlement has been agreed upon to resolve a class action lawsuit against the New York orthopedic medicine and surgery practice OrthopedicsNY. The class action complaint was filed in response to a December 2023 ransomware attack and data breach that exposed the personal and electronic protected health information of 656,086 patients. OrthopedicsNY, which operates almost 20 clinics in the Capital Region in New York State, was attacked by the INC Ransom threat group on or around December 28, 2023. Prior to encrypting files, INC Ransom exfiltrated sensitive patient data, including names, contact information, financial information, protected health information, Social Security numbers, passport numbers, and driver’s license numbers. The affected individuals were notified on November 4, 2024. Several class action lawsuits were filed in response to the data breach, which were consolidated in a single action – Michael Sayers, et al. v. OrthopedicsNY, LLP – in the Circuit Court of the 17th Judicial Circuit in and for Broward County, Florida. The plaintiffs alleged...

Read More
Data Breaches Reported by Southern Illinois Dermatology; Heart South Cardiovascular Group
Apr08

Data Breaches Reported by Southern Illinois Dermatology; Heart South Cardiovascular Group

Patient data has potentially been compromised in data incidents at Southern Illinois Dermatology and Heart South Cardiovascular Group in Alabama. Southern Illinois Dermatology, Illinois Southern Illinois Dermatology has notified an unspecified number of individuals about a data security incident it identified on November 28, 2025. An investigation was immediately launched to determine the nature and scope of the activity, with assistance provided by third-party cybersecurity experts. The investigation confirmed unauthorized access to parts of its network where patient data was stored, and potentially, files were copied from its network. The affected data was reviewed and found to contain personal information and protected health information, including full names, addresses, dates of birth, Social Security numbers, telephone numbers, email addresses, person numbers, and medical record numbers. The types of data involved vary from individual to individual. Notification letters started to be mailed to the affected individuals on April 2, 2026. Southern Illinois Dermatology has taken...

Read More
Woodfords Family Services Data Breach Affected Almost 42,000 Individuals
Apr08

Woodfords Family Services Data Breach Affected Almost 42,000 Individuals

Legal counsel for Woodfords Family Services has provided an updated breach notice to the Maine Attorney General, confirming that more individuals were affected by its ransomware attack than previously reported. The initial breach report submitted to the Maine Attorney General on March 27, 2026, stated that 8,073 individuals had been affected; however, a substitute notice has been issued for 33,911 individuals, with 41,984 individuals in total confirmed as affected by the data breach. The data breach has been reported to the HHS’ Office for Civil Rights as involving unauthorized access to the electronic protected health information of 38,061 individuals. March 30, 2026: Woodfords Family Services Notifies Patients Affected by April 2024 Ransomware Attack Westbrook, Maine-based Woodfords Family Services, a provider of services to individuals with special needs and their families, has notified the Maine Attorney General about a breach of the personal and protected health information of 8,073 individuals in a ransomware attack, including 7,701 Maine residents. Suspicious network...

Read More
HIPAA Security Officer Responsibilities in Small Practices
Apr08

HIPAA Security Officer Responsibilities in Small Practices

Article Summary The HIPAA Security Officer’s position on the compliance team places the role alongside the HIPAA Privacy Officer and HIPAA Compliance Officer rather than working in isolation. Formal designation of the Security Officer role requires a written record naming the individual and the scope of their authority. Owning the HIPAA Security Risk Analysis means sorting each finding into a policy fix, a facility fix, or a system fix. Setting administrative safeguard policy includes designing the workforce security training program staff must complete. HIPAA Security Officer duties across the three safeguard categories cover policy for access control, physical space, and technical configuration standards. Contingency planning ownership requires a tested plan for system outages and disasters, not just a written document. Enforcing sanctions for security violations means flagging bypassed controls and routing them through the practice’s discipline process. Keeping the security program current relies on software that updates policy templates and tracks remediation as...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist