25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

On-the-spot Email Interventions Reduce Repeat Medical Record Snooping Incidents by 95%

Immediate intervention following an instance of unauthorized access to protected health information (PHI) by a healthcare employee is 95% effective at preventing repeat offenses, according to a new study published in JAMA Open Network. Healthcare data breaches are occurring at record levels, and while large data breaches are often the result of hacking and other IT incidents, insider breaches such as snooping on medical records are common. According to HHS data, in 2019, 92% of combined small and large breaches were tied to unauthorized access. While many cases of employees snooping on the medical records of VIP patients have been covered in the media, these types of snooping incidents are relatively uncommon. It is much more common for healthcare employees to access the medical records of family members, friends, and colleagues, and those privacy violations can be just as damaging for patients. All cases of unauthorized access start with an employee accessing a single patient record, but they can easily turn into major data breaches if left unchecked. There have been several HIPAA...

Read More

Deaconess Health System and Blue Earth County Notify Patients About Insider Data Breaches

Indiana-based Deaconess Health System and Blue Earth County in Minnesota have notified individuals that sensitive personal information has been accessed by employees without authorization. Deaconess Health System Notifies Female Patients About Unauthorized Medical Record Access by Physician A physician formerly employed by Deaconess Health System in Evansville, IN, has been discovered to have accessed the medical records of female patients without authorization. On January 26, 2022, the unauthorized medical record access was discovered by Deaconess Health System during a routine audit of access logs. According to the law firm Ladendorf Law of Indianapolis, which spoke with six women who were notified about the privacy breach by Deaconess Health System, the unauthorized first occurred no later than June 2020. According to attorney Taylor Ivy, all six of the women said the first contact occurred in bars in the West Side of the city. The physician had approached them and started talking to them and obtained information about them during the encounter. It appears that the physician...

Read More

Email Account Breaches Reported by Newman Regional Health and Contra Costa County

Newman Regional Health (NRH), which operates a 25-bed critical access hospital in Emporia, KS, has recently started notifying 52,224 patients that unauthorized individuals have gained access to certain employee email accounts that contained protected health information. NRH explained on its website that a limited number of employee email accounts were accessed by unauthorized individuals over a period of 10 months in 2021 between January 26, 2021, and November 23, 2021. When the security breach was identified, prompt action was taken to secure the accounts and an investigation was launched to determine the extent and nature of the breach. NRH said a review of the emails in the compromised accounts confirmed on March 14, 2022, that the following types of patient information had been exposed: Names, dates of birth, medical record/ID numbers, addresses, phone numbers, e-mail addresses, and limited heath, treatment or insurance information, and for employees, information collected in connection with an individual’s receipt of services from or employment with NRH. A subset of...

Read More

Urgent Team Holdings Reports Breach of the PHI of 166,600 Individuals

Urgent Team Holdings, which operates more than 70 urgent care and walk-in centers in Alabama, Arkansas, Georgia, Mississippi, and Tennessee, has recently notified 166,601 patients that some of their protected health information may have been obtained by unauthorized individuals in a November 2021 cyberattack. Urgent Team said it discovered its network had been compromised between November 12, 2021, and November 18, 2021. Assisted by third-party cybersecurity experts, Urgent Team discovered files may have been exfiltrated from its systems that contained the protected health information of patients. A comprehensive review of the files was completed on January 31, 2022, and confirmed they contained patients’ full names, dates of birth, and medical record numbers. While data theft may have occurred, no evidence of data exfiltration was identified and there have been no reports of any misuse of patient data. To improve security, Urgent Team has implemented multi-factor authentication and has added extra layers of security to its systems to reduce the risk of unauthorized access. A new...

Read More

Microsoft Sinkholes Notorious ZLoader Botnet

The notorious ZLoader cybercrime botnet, which was used to deliver Ryuk ransomware in attacks on healthcare providers, has been disabled by Microsoft’s Digital Crimes Unit (DCU). Microsoft recently obtained a court order from the United States District Court for the Northern District of Georgia authorizing the seizure of 65 hard-coded domains used by the ZLoader botnet for command-and-control communications. Those domains have now been sinkholed, preventing the operator of the botnet from communicating with devices infected with ZLoader malware. ZLoader malware included a domain generation algorithm (DGA) which is triggered if communication with the hard-coded domains is not possible, which serves as a failsafe against any takedown efforts. The court order also allowed Microsoft to seize 319 DGA-registered domains. Microsoft is working to block the registration of any future DGA domains. ZLoader is part of a family of malware variants that descended from the ZeuS banking Trojan. Initially, ZeuS was used for credential and financial theft, with the aim of transferring money out of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist