25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Audit of Utah Department of Health and Human Services Identifies Critical Privacy & Security Weaknesses
Feb20

Audit of Utah Department of Health and Human Services Identifies Critical Privacy & Security Weaknesses

An audit of the Utah Department of Health and Human Services (DHHS) by the Office of the Utah State Auditor has identified privacy and security weaknesses that are putting the health information privacy of state residents at risk, especially children. The audit was conducted in response to a complaint by a DHHS whistleblower employee who alleged that the DHHS had not implemented adequate incident response procedures and had insufficient monitoring mechanisms for detecting and managing privacy incidents. According to the complainant, the deficiencies have resulted in under-reporting of incidents and unmitigated exposure of sensitive data, especially the data of children. The audit was led by Tina M. Cannon, State Auditor; Nora Kurzova, State Privacy Auditor; and Mark Meyer, Assistant State Privacy Auditor, and involved a review of applicable laws related to incident response and data protection, a privacy risk assessment of the most significant data processing activities as they relate to children, an evaluation of incident response documentation and internal privacy and...

Read More
UMMC Shuts Clinics While it Grapples with Ransomware Attack
Feb20

UMMC Shuts Clinics While it Grapples with Ransomware Attack

University of Mississippi Medical Center (UMMC) has temporarily closed most of its clinics following a ransomware attack, and scheduled appointments and surgeries have been cancelled and will be rebooked once the attack has been remediated. Mississippi MED-COM, the network that coordinates hospital transfers across the state, has also been affected by the ransomware attack, but had redundancies in place, and patients continue to be routed to hospitals in the state without disruption. The attack was detected in the early hours of Thursday, February 19, 2026, and has impacted the UMMC network and many of its IT systems, including its EPIC electronic medical record system. According to LouAnn Woodward, vice chancellor for health affairs and dean of the School of Medicine, all clinics will remain closed on Friday, February 20, 2026, as a result of the attack, with the exception of its kidney dialysis clinic at Jackson Medical Mall, which remains open with appointments proceeding as scheduled. Without access to key systems, including its electronic medical record system, information is...

Read More
Granite Wellness Centers & Pediatric Home Service Settle Class Action Data Breach Lawsuits
Feb20

Granite Wellness Centers & Pediatric Home Service Settle Class Action Data Breach Lawsuits

Granite Wellness Centers in California and Pediatric Home Service in Minnesota have both settled lawsuits stemming from cyberattacks that exposed sensitive patient data. Granite Wellness Centers Data Breach Settlement Granite Wellness Centers, a network of drug addiction treatment centers in Northern California, has agreed to settle class action litigation over a January 2021 ransomware attack and data breach that affected up to 15,600 individuals. The attack was detected on or around January 5, 2021, and the forensic investigation confirmed that the ransomware actor acquired files containing sensitive patient data, including names, dates of birth, home addresses, dates of care, treatment information, treatment providers, health information, health insurance information, driver’s license numbers, medical histories, Social Security numbers, and bank account numbers. The affected individuals were notified on or around March 5, 2021, and the first class action lawsuit was filed on June 14, 2023. An amended complaint was filed in September 2023 – Bente, et al. v. Granite Wellness...

Read More
Cyberattacks Announced by WIRX Pharmacy and Emanuel Medical Center
Feb20

Cyberattacks Announced by WIRX Pharmacy and Emanuel Medical Center

WIRX Pharmacy in Pennsylvania has experienced a security incident that exposed the protected health information of more than 20,000 current and former patients. Emanuel Medical Center in California has started notifying patients about a May 2025 cyberattack that exposed patient data. WIRX Pharmacy, Pennsylvania WIRX Pharmacy in Fort Washington, Pennsylvania, has notified 20,104 individuals about a December 2025 cybersecurity incident that may have resulted in unauthorized access and/or theft of protected health information. Suspicious activity was identified within its network environment on or around December 7, 2025. Systems were secured, and an investigation was launched, which confirmed unauthorized access to certain data on its systems between December 6, 2025, and December 7, 2025. A review of the exposed files confirmed that personal and protected health information were present in files on the compromised parts of its network. The affected data varies from individual to individual and may include names in combination with one or more of the following: clinical information...

Read More
Top of the World Ranch Treatment Center Settles Alleged Risk Analysis HIPAA Violation
Feb20

Top of the World Ranch Treatment Center Settles Alleged Risk Analysis HIPAA Violation

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its first financial penalty of the year to resolve an alleged violation of the HIPAA Rules. Top of the World Ranch Treatment Center, a Milan, Illinois-based addiction treatment provider, has agreed to pay a $103,000 financial penalty to settle an allegation that it violated the risk analysis requirement of the HIPAA Security Rule. The number of data breaches reported to OCR involving hacking increased by 239% between 2018 and 2023, and hacking incidents have continued to be reported in high numbers since. In an effort to improve healthcare cybersecurity and reduce the number of successful hacking incidents, OCR launched an enforcement initiative targeting noncompliance with a specific requirement of the HIPAA Security Rule – the risk analysis. The risk analysis is one of the most important HIPAA requirements for improving security. The enforcement initiative is intended to make it harder for hackers to succeed by ensuring that the vulnerabilities they exploit to gain access to healthcare...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist