25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

2021 Saw Record Numbers of DDoS Attacks on the Healthcare Industry

A new report from Comcast Business indicates 2021 was another record-breaking year for Distributed Denial of Service (DDoS) attacks. 9.84 million DDoS attacks were reported in 2021, which is a 14% increase from 2019, although slightly lower than the previous year when 10.1 million attacks were reported. The slight decline in attacks was due to several factors. 2020 was a particularly bad year as it was a full lockdown year where employees were working remotely and students were learning from home, which provided attackers with a unique landscape against which to launch an unprecedented number of DDoS attacks, and the high prices of cryptocurrencies in 2021 meant many threat actors diverted their botnets from conducting DDoS attacks to mining cryptocurrencies. DDoS attackers spared no one in 2021; however, 73% of attacks were conducted on just four sectors – healthcare, government, finance, and education. Attackers followed seasonal trends and activities throughout the year, with education being attacked to coincide with the school year, and COVID-19 and vaccine availability drove...

Read More
FBI Issues Warning About BlackCat Ransomware Operation
Apr21

FBI Issues Warning About BlackCat Ransomware Operation

The Federal Bureau of Investigation (FBI) has issued a TLP: WHITE flash alert about the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also known as ALPHAV, was launched in November 2021. It was launched shortly after the shutdown of the BlackMatter ransomware operation, which was a rebrand of DarkSide.  Darkside was behind the ransomware attack on the Colonial Pipeline. A member of the operation has claimed they are a former affiliate of BlackMatter/DarkSide that branched out on their own. However, it is more likely that BlackCat is simply a rebrand of BlackMatter/DarkSide. The FBI said many of the developers and money launderers involved with the BlackCat operation have been linked to DarkSide/BlackMatter, which indicates they have extensive networks and considerable experience with running RaaS operations. The BlackCat RaaS operation has not been active for long, but the group has already claimed at least 60 victims worldwide. BlackCat typically targets large organizations and demands ransom payments of several million dollars in Bitcoin or Monero, although the...

Read More

HHS Issues Warning to HPH Sector about Hive Ransomware

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has issued a TLP: White alert about the Hive ransomware group – A particularly aggressive cybercriminal operation that has extensively targeted the healthcare sector in the United States. HC3 has shared an analysis of the tactics, techniques, and procedures (TTPs) known to be used by the group in their attacks and has shared cybersecurity principles and mitigations that can be adopted to improve resilience against Hive ransomware attacks. The Hive ransomware group has been conducting attacks since at least June 2021. The group is known for using double extortion tactics, where sensitive data is exfiltrated prior to file encryption and threats are issued to publish the data if the ransom is not paid. The group is also known to contact victims by phone to pressure them into paying the ransom. Hive is a ransomware-a-service (RaaS) operation where affiliates are recruited to conduct attacks on the gang’s behalf in exchange for a cut of the profits that are generated, which allows the core...

Read More

Adaptive Health Integrations Data Breach Affects More Than 510,000 Individuals

An Adaptive Health Integrations data breach has recently been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) that involved the protected health information (PHI) of 510,574 individuals. Adaptive Health Integrations is listed as a Williston, North Dakota-based provider of LIS software services and billing/revenue services to laboratories, physician offices, and other healthcare companies. The notification letters, a copy of which was found on the Montana Attorney General website, state that the company recently became aware that an unauthorized individual had gained access to its system on or around October 17, 2021, and may have accessed “a limited amount of data stored on our systems.” The letters explained that when the unauthorized access was discovered, the threat was immediately contained, and an investigation was launched. A comprehensive review of affected files was conducted, and that process was concluded on February 23, 2022. The notification letters state that credit monitoring, fraud consultation, and identity theft restoration...

Read More
March 2022 Healthcare Data Breach Report
Apr19

March 2022 Healthcare Data Breach Report

For the fourth successive month, the number of reported healthcare data breaches has fallen. In March 2022, 43 HIPAA compliance breaches of 500 or more records were reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), which is a 6.52% fall from February and well below the 12-month average of 57.75 data breaches a month. However, there was a 36.94% increase in the number of breached records compared to February. Across the 43 reported breaches, 3,083,988 healthcare records were exposed, stolen, or impermissibly disclosed, which is slightly below the average of 3,424,818 breached records a month over the past 12 months. Largest Healthcare Data Breaches in March 2022 In March 2022, there were 25 data breaches reported to OCR that affected 10,000 or more individuals, all but one of which were hacking incidents. The largest data breach of the month affected over half a million patients. Christie Business Holdings Company, which operates Christie Clinic in Illinois, discovered an employee email account had been accessed by unauthorized individuals...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist