25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Center for Advanced Eye Care; Southwest C.A.R.E Center; Evergreen Healthcare Group Announce Data Breaches
Feb26

Center for Advanced Eye Care; Southwest C.A.R.E Center; Evergreen Healthcare Group Announce Data Breaches

The Center for Advanced Eye Care in Pennsylvania/Delaware, Southwest C.A.R.E Center in New Mexico, and Evergreen Healthcare Group in Washington have notified patients about cybersecurity incidents involving unauthorized access to patient information. The Center for Advanced Eye Care The Center for Advanced Eye Care, a provider of ophthalmology services in Pennsylvania and Delaware, has recently announced a security incident that involved unauthorized access to patient data. Suspicious activity was identified within its legacy environment on December 16, 2025. The affected systems were secured, and an investigation was launched to determine the nature and scope of the activity. Assisted by third-party cybersecurity experts, The Center for Advanced Eye Care confirmed that protected health information within the legacy environment was accessed by an unauthorized third party and was stolen in the attack. The exact types of data involved have not been publicly disclosed at present, and the types of information involved have been redacted from the notices provided to state attorneys...

Read More
Medical Device Manufacturer UFP Technologies Confirms Data Stolen in Cyberattack
Feb26

Medical Device Manufacturer UFP Technologies Confirms Data Stolen in Cyberattack

The U.S. medical device manufacturer UFP Technologies has submitted a FORM 8-K filing to the U.S Securities and Exchange Commission (SEC) to notify the SEC and investors about a cyberattack and data breach that could potentially impact its financial condition or operations. UFP Technologies is a publicly traded contract manufacturer based in Newburyport, Massachusetts, that makes single-use medical devices and highly engineered components for the aerospace, automotive, healthcare, and defense industries. The company produces a wide range of medical devices and medical components for products used in wound care, implants, and orthopedic and surgical products. UFP Technologies has an annual revenue of $600 million and employs 4,300 people. According to the filing, UFP Technologies detected an IT systems intrusion on February 14, 2026. Immediate action was taken to assess, contain, and remediate the threat, and third-party cybersecurity experts were engaged to assist with the investigation. UFP Technologies said it believes the cyber threat actor responsible for the attack has been...

Read More
North Korean Hackers Using Medusa Ransomware in Attacks on U.S. Healthcare Sector
Feb25

North Korean Hackers Using Medusa Ransomware in Attacks on U.S. Healthcare Sector

North Korean state-sponsored hackers are targeting U.S. healthcare organizations and non-profits and deploying Medusa ransomware, according to a joint investigation by Symantec and the Carbon Black Threat Hunter Team. A wave of recent attacks has been linked to the Lazarus Group, an umbrella term covering multiple cyber threat actors linked to the Reconnaissance General Bureau (RGB) of the North Korean government. The Lazarus Group engages in attacks for espionage purposes, as well as disruptive and destructive attacks on targets primarily in South Korea, but also engages in financially motivated campaigns, often targeting organizations in the United States. Medusa emerged in 2023 as a ransomware-as-a-service (RaaS) operation, which is believed to be run by a cybercrime group called Spearwing. Affiliates are recruited to conduct attacks using the Medusa encryptor and infrastructure in exchange for a percentage of any ransom payments they generate. Medusa actors engage in double extortion, stealing and encrypting data. A ransom must be paid to obtain the decryption keys and to...

Read More
Cedar Point Health; Wee Care Pediatrics; Easterseals NI Announce Data Breaches
Feb25

Cedar Point Health; Wee Care Pediatrics; Easterseals NI Announce Data Breaches

Data breaches have recently been announced by Cedar Point Health in Colorado, Wee Care Pediatrics in Utah, and Easterseals Northeast Indiana. Cedar Point Health Cedar Point Health, a network of health clinics in Colorado, has recently disclosed a cybersecurity incident involving unauthorized access to parts of its network containing patient and employee information.  The intrusion was detected on or around June 16, 2025, and third-party cybersecurity experts were engaged to investigate the incident. Cedar Point Health said it has taken several months of extensive efforts to identify, review, and analyze the impacted data, and on January 27, 2026, that process was completed. Data compromised in the incident includes full names, addresses, dates of birth, medical treatment information, diagnosis or procedure information, clinical information, health insurance information, financial account information, driver’s license or state-issued identification numbers, passport numbers, and/or Social Security numbers/ITINs. No evidence has been found to indicate any fraud as a result of the...

Read More
Catholic Health System & Northwell Health Settle Pixel Lawsuits
Feb24

Catholic Health System & Northwell Health Settle Pixel Lawsuits

The New York-based health systems, Catholic Health System & Northwell Health, have agreed to settle class action lawsuits stemming from their use of pixels and other website tracking and analytics tools, which are alleged to have disclosed sensitive personal and protected health information to third parties such as Meta and Google without consent. Website tracking and analytics tools are used extensively across the internet for tracking website visitors. While these tools can collect valuable information to help website owners improve their websites, they can also collect and transmit sensitive data to the third-party providers of the tools. That disclosed information may then be used for advertising purposes. Depending on how these tools are implemented, they may violate the HIPAA Privacy Rule, such as if they are added to web pages or apps that require authentication. Over the past three years, many lawsuits have been filed over the use of these tools by healthcare providers. HIPAA has no private cause of action, so individuals cannot sue for HIPAA violations. The lawsuits...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist