25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Healthcare Cybersecurity Risks in 2022

The healthcare industry continues to face a considerable range of threats, with ransomware attacks and data breaches still highly prevalent. Throughout 2021, healthcare data breaches were being reported at a rate of almost 2 per day, and while there was a reduction in the number of ransomware attacks compared to 2020, ransomware remains a major threat with several ransomware gangs actively targeting the healthcare sector. In its Q4, 2021 Healthcare Cybersecurity Bulletin, released on Friday, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) warned of some of the ongoing cyberattack trends that are expected to continue in Q1, 2022. Ransomware Law enforcement agencies in the United States and Europe have increased their efforts to bring the operators of ransomware operations and their affiliates to justice, with those efforts resulting in the arrests of key members of several ransomware groups. This year, in a rare act of cooperation between the United States and Russia, 14 suspected members of the notorious REvil ransomware gang...

Read More

Memorial Health System Confirms 216K Patients Affected by August 2021 Ransomware Attack

Ohio-based Memorial Health System has recently confirmed the ransomware attack it experienced in August 2021 potentially involved the protected health information of 216,478 patients. The ransomware attack forced the health system to divert certain patients to other facilities and cancel some appointments to ensure patient safety. The attack was announced shortly after the breach, which occurred on August 14, 2021. The investigation revealed its network was first breached on July 10, 2021. The HIPAA incident was reported to the HHS’ Office for Civil Rights promptly, although at the time it was not known how many individuals had been affected. Memorial Health System discovered patient data may have been involved on or around September 17, 2021, then followed a comprehensive review of all affected files. On November 1, 2021, the scope of the incident was determined but it took until December 9, 2021, to confirm the individuals affected and the specific types of data involved, hence the delay in issuing notifications. Written notices were sent to affected individuals on or around...

Read More
CISA Urges All U.S. Orgs to Take Immediate Action to Protect Against Wiper Malware Attacks
Jan21

CISA Urges All U.S. Orgs to Take Immediate Action to Protect Against Wiper Malware Attacks

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all organizations in the United States to take immediate steps to prepare for attempted cyberattacks involving a new wiper malware that has been used in targeted attacks on government agencies, non-profits, and information technology organizations in Ukraine. The malware – dubbed Whispergate – masquerades as ransomware and generates a ransom note when executed; however, the malware lacks the capabilities to allow files to be recovered. Whispergate consists of a Master Boot Record (MBR) wiper, a file corruption, and a Discord-based downloader. The MBR is the section of the hard drive that identifies how and where an operating system is located. Wiping the MBR will brick an infected device by making the hard drive inaccessible. The Microsoft Threat Intelligence Center (MSTIC) has recently performed an analysis of the new malware. The first stage of the malware, typically called stage1.exe, wipes the MBR and prevents the operating system from loading. The malware is executed when an infected...

Read More

Mass General Brigham Settles ‘Cookies Without Consent’ Lawsuit for $18.4 Million

An $18.4 million settlement has been approved that resolves a class action lawsuit against Mass General Brigham over the use of cookies, pixels, website analytics tools, and associated technologies on several websites without first obtaining the consent of website visitors. The defendants in the case operate informational websites that provide information about the healthcare services they provide and the programs they operate. Those websites can be accessed by the general public and do not require visitors to register or create accounts. The lawsuit was filed against Partners Healthcare System, now Mass General Brigham, by two plaintiffs – John Doe and Jane Doe – who alleged the websites contained third party analytics tools, cookies, and pixels that caused their web browsers to divulge information about their use of the Internet, and that the information was transferred and sold to third parties without their consent. While it is normal for websites to use third-party analytics tools like those on the defendants’ websites, the plaintiffs alleged they were not informed that...

Read More

4 Healthcare Providers and Health Plans Report Phishing-Related PHI Breaches

Email accounts containing the protected health information (PHI) of thousands of patients have been compromised at Loyola University Medical Center, Advent Health Partners, Signature Healthcare Brockton Hospital, and Welfare, Pension and Annuity Funds of Local No. ONE, I.A.T.S.E. Welfare, Pension, and Annuity Funds of Local No. ONE, I.A.T.S.E Welfare, Pension, and Annuity Funds of Local No. ONE, I.A.T.S.E has recently notified 20,579 individuals about an email security incident that resulted in the exposure of sensitive data. On December 21, 2021, suspicious activity was detected in an employee email account. The account was immediately secured to prevent further unauthorized access and a forensic investigation was conducted to determine the nature and scope of the breach. The investigation determined on October 25, 2021, that the email account had been accessed by an unauthorized individual between May 11, 2021, and August 2, 2021, as a result of the employee responding to a phishing email. A manual review of the emails and attachments confirmed they contained the following types...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist