25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Deaconess Health System Affected by Vendor Data Breach
Mar25

Deaconess Health System Affected by Vendor Data Breach

Evansville, Indiana-based Deaconess Health System has announced a data breach involving information shared with a third-party vendor, the MRO Corp-owned company MediCopy. Deaconess Health System is one of the largest health systems in the Illinois-Indiana-Kentucky tri-state area, and operates 18 hospitals in southwestern Indiana, western Kentucky, and southeastern Illinois. The data breach affects certain patients of two of its hospitals: Deaconess Henderson Hospital in Henderson, KY, and Deaconess Union County Hospital in Morganfield, KY. Deaconess Health System contracted with MediCopy to handle release of information (ROI) requests. Deaconess Health System’s substitute breach notice explains that MediCopy informed the health system about the security incident on February 2, 2026. The investigation determined that an unauthorized actor accessed MediCopy-controlled/managed cloud-based file-sharing software on January 13, 2026, and downloaded files related to ROI requests. The security incident was limited to the cloud-based platform. There was no unauthorized access to any...

Read More
Florida Insurance Commissioner Suspends Mirra Health for Medicare Data Transfers to Foreign Companies
Mar25

Florida Insurance Commissioner Suspends Mirra Health for Medicare Data Transfers to Foreign Companies

The sensitive data of more than 23,000 Florida Medicare members has been impermissibly shared with overseas companies, putting Medicare members’ sensitive health data at risk. The data was shared by Mirra Health, a provider of administrative services to health maintenance organizations (HMOs) in Florida. Mirra Health had contracts with three HMOs in Florida: Secure Inc, Solis Health Plans Inc., and Ultimate Health Plans Inc. Under those contracts, Mirra Health agreed to provide certain administrative services, including member enrollment, claims adjudication and payment, utilization management, and grievance and appeals processing. Mirra Health engaged four unlicensed companies in India and the Philippines to perform claims processing and other functions and provided those companies with the necessary data to perform those functions. While Mirra Health may choose to delegate certain functions to subcontractors, sensitive data was shared with unlicensed companies without the knowledge or prior approval of the HMOs or their enrollees. Under the terms of its contracts with the...

Read More
High Severity Vulnerability Identified in Grassroots DICOM
Mar25

High Severity Vulnerability Identified in Grassroots DICOM

A high-severity vulnerability has been identified in Grassroots DICOM that could be exploited by a remote threat actor to trigger a denial-of-service condition.  The vulnerability, tracked as CVE-2026-3650, is a memory leak issue that has been assigned a CVSS v3.1 severity score of 7.5. Grassroots DICOM is a C++ library for DICOM medical images that comes with a scanner implementation capable of quickly scanning hundreds of DICOM files for attributes. Grassroots DICOM is used by healthcare and public health sector organizations worldwide, including in the United States. The vulnerability affects Grassroots DICOM (GDCM) version 3.2.2 and occurs when parsing malformed DICOM files with non-standard VR types in file meta information. If an attacker sends a specially crafted file, when that file is parsed, it leads to vast memory allocations and resource depletion, triggering a denial of service condition. A maliciously crafted file could fill the heap in a single read operation without properly releasing it. The vulnerability was identified by Volodymyr Bihunenko, Mykyta Mudryi, and...

Read More
National Association on Drug Abuse Problems Announces Data Breach Affecting 90,000 Individuals
Mar24

National Association on Drug Abuse Problems Announces Data Breach Affecting 90,000 Individuals

The National Association on Drug Abuse Problems has experienced a data breach affecting up to 90,000 individuals. An insider data breach has been discovered by Weill Cornell Medicine, and Commonwealth Care Alliance has identified a mis-mailing incident. The National Association on Drug Abuse Problems Hacking Incident Affects 90K Individuals The National Association on Drug Abuse Problems (NADAP), a New York-based nonprofit, has disclosed a cybersecurity incident that has affected up to 90,000 individuals. Suspicious activity was identified within its network on or around January 10, 2026. Immediate action was taken to secure its network, and an investigation was launched to determine the nature and scope of the activity. On or around January 27, 2026, NADAP determined that the protected health information of certain clients, employees, and related individuals was present in files that were subject to unauthorized access. The files have been reviewed and found to contain names, Social Security numbers, dates of birth, medical or health information, health care treatment or...

Read More
CMS Releases Final Rule Implementing HIPAA Standards for Health Care Claims Attachments
Mar24

CMS Releases Final Rule Implementing HIPAA Standards for Health Care Claims Attachments

The U.S. Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) released a final rule on Friday establishing new standards for the electronic transfer of claims documentation, including a new standard for electronic signatures to ensure that claims attachment transactions are secure, authenticated, and compliant with federal regulations. While electronic health records have been widely adopted by healthcare providers, the healthcare industry is still reliant on outdated methods for transferring attachments to support electronic health care claims. The exchange of health care claims remains a manual process, with the necessary documentation transferred by fax or physical mail. These outdated methods of data transfer result in delays to patient care, increased health care costs, and place a considerable administrative burden on clinicians. The final rule modernizes health care administration, resulting in cost savings, time savings, enhanced security, improved efficiency, and faster care delivery. “The 1980s called, and they want their fax...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist