25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Data Breaches Announced by MedRevenu & EyeCare Partners
Feb12

Data Breaches Announced by MedRevenu & EyeCare Partners

Data breaches have been confirmed by the revenue cycle management company MedRevenu Inland Physicians Hospitalist Services, and the Missouri-based eye care provider, EyeCare Partners. MedRevenu Inland Physicians Hospitalist Services MedRevenu Inland Physicians Hospitalist Services, a Montclair, CA-based vendor that provides revenue cycle management services to healthcare providers, has recently notified the California Attorney General about a cybersecurity incident. The incident occurred on or around December 12, 2024, and caused disruption to its network. The forensic investigation determined that files containing personal and protected health information may have been accessed or acquired in the incident, including names, dates of birth, Social Security numbers, driver’s license numbers/government identification numbers, health insurance information, medical information, financial account numbers, payment card numbers, and access information. MedRevenu said it is reviewing and enhancing its cybersecurity measures and has offered the affected individuals complimentary...

Read More
Aflac Data Breach: PHI of At Least 13.9 Million Individuals Compromised
Feb12

Aflac Data Breach: PHI of At Least 13.9 Million Individuals Compromised

We previously reported that the Aflac data breach had affected 22.65 million individuals worldwide; however, it was unclear exactly how many of those individuals were in the United States or how many individuals had protected health information (PHI) compromised in the incident. PHI is personally identifiable information related to healthcare that is afforded additional protections under the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA Breach Notification Rule requires notifications to be issued to the affected individuals and for the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to be notified about a data breach within 60 days of the discovery of a breach. If the number of affected individuals has not been determined by the breach reporting deadline, OCR requires an estimate to be provided for the number of affected individuals. Many entities use a placeholder figure of 500 or 501 affected individuals in such cases. Aflac reported the data breach using a 500 placeholder figure. Aflac has recently provided an update to OCR...

Read More
Pinehurst Radiology Associates & Tallahassee Memorial HealthCare Settle Class Action Data Breach Lawsuits
Feb12

Pinehurst Radiology Associates & Tallahassee Memorial HealthCare Settle Class Action Data Breach Lawsuits

Pinehurst Radiology Associates has agreed to settle a class action lawsuit over a January 2025 data breach, and Tallahassee Memorial HealthCare has agreed to settle class action litigation over its use of pixels on its website. Pinehurst Radiology Associates Settlement Pinehurst Radiology Associates, a medical diagnostic imaging center in Pinehurst, North Carolina, has agreed to settle a class action lawsuit over a January 2025 security incident that affected 8,682 individuals. Pinehurst Radiology Associates identified a cybersecurity incident on January 20, 2025, and determined that patients’ protected health information had been exposed. Data exposed in the incident included names, addresses, dates of birth, Social Security numbers, diagnoses, treatment information, medical record numbers, health insurance information, and Medicare/Medicaid numbers. The affected patients were notified on or around May 22, 2025. Two class action lawsuits were filed in response to the data breach, which were consolidated in the Superior Court of Moore County, North Carolina – McNeill, et al....

Read More
ApolloMD Confirms 626,500 Patients Affected by May 2025 Ransomware Attack
Feb12

ApolloMD Confirms 626,500 Patients Affected by May 2025 Ransomware Attack

The extent of a May 2025 ransomware attack on the Georgia-based physician- and clinician-owned staffing and management group ApolloMD has recently been confirmed. The ransomware attack was detected on May 22, 2025; however, it has taken months for the investigation and data review to be completed. ApolloMD announced the attack in September 2025, when it started sending notification letters to the affected individuals’ physician practices, and on February 2, 2026, almost 9 months after the ransomware attack occurred, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) was informed that the incident involved unauthorized access to the electronic protected health information of 626,540 individuals. With more than 626,000 individuals affected, it was one of the most impactful healthcare ransomware attacks of the year, ranking above Covenant Health’s Qilin ransomware attack, which affected 478,188 patients. While severe, these attacks are small in comparison to the ransomware attack on Conduent Business Services, which is known to have affected...

Read More
Three Healthcare Providers Settle Class Action Data Breach Lawsuits
Feb11

Three Healthcare Providers Settle Class Action Data Breach Lawsuits

Settlements have received preliminary approval from the courts to resolve class action lawsuits against Northeast Rehabilitation Hospital Network, American Addiction Centers, and Midwest Physician Administrative Services (Duly Health and Care) over alleged impermissible disclosures of patients’ protected health information. Northeast Rehabilitation Hospital Network Data Breach Settlement Northeast Rehabilitation Hospital Network in New Hampshire has agreed to a settlement to resolve a class action data breach lawsuit stemming from a 2024 cyberattack by the Hunters International cyber threat group. The cyberattack was detected on or around May 22, 2024, and the lawsuit states that the private information of 148,515 individuals was compromised in the incident. The data breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 136,724 individuals. Data compromised in the incident included names, medical histories, treatment information, patient account numbers, billing/claims information, and health insurance information. Patients were...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist