25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Online Pharmacy Notifies 105,000 Patients About Cyberattack and Potential Theft of PHI
Jan14

Online Pharmacy Notifies 105,000 Patients About Cyberattack and Potential Theft of PHI

The Auburndale, FL-based digital pharmacy and health app developer Ravkoo has started notifying 105,000 patients that some of their sensitive personal information has been exposed and potentially obtained by an unauthorized individual. Ravkoo hosts its online prescription portal on Amazon Web Services (AWS). The portal was targeted in a cyberattack that was detected on September 27, 2021. Upon discovery of the security breach, steps were immediately taken to secure the portal and third-party cybersecurity experts were engaged to assist with the forensic investigation, mitigation, restoration, and remediation efforts. The investigation confirmed sensitive patient data had been exposed and may have been compromised, including names, addresses, phone numbers, certain prescription information, and limited medical data. Ravkoo said the impacted portal did not contain any Social Security numbers, which are not maintained in the affected portal. The forensic investigation did not uncover any evidence that indicated information contained within the portal has been or will be misused....

Read More

EHR Vendor Facing Class Action Lawsuit Over 320,000-Record Data Breach

QRS, a Tennessee-based healthcare technology services company and EHR vendor, is facing a class action lawsuit over an August 2021 cyberattack in which the protected health information (PHI) of almost 320,000 patients was exposed and potentially stolen. The investigation into the data breach confirmed a hacker had gained access to one of its dedicated patient portal servers between August 23 and August 26, 2021, and viewed and possibly obtained files containing patients’ PHI. Sensitive data stored on the server included patients’ names, addresses, birth dates, usernames, medical information, and Social Security numbers. QRS started sending notification letters to affected individuals in late October and offered identity theft protection services to individuals who had their Social Security number exposed. On January 3, 2022, Matthew Tincher, a Frankfurt, KY resident, filed a class action complaint in the U.S. District Court for the Eastern District of Tennessee against QRS. The lawsuit alleges QRS was negligent for failing to reasonably secure, monitor, and maintain the PHI...

Read More
Disruption to Services at Maryland Department of Health Continues One Month After Ransomware Attack
Jan14

Disruption to Services at Maryland Department of Health Continues One Month After Ransomware Attack

Maryland Chief Information Security Officer (CISO) Chip Stewart has issued a statement confirming the disruption to services at the Maryland Department of Health (MDH) was the result of a ransomware attack. A security breach was detected in the early hours of December 4, 2021, and prompt action was taken to isolate the affected server and contain the attack. Stewart said the Department of Information Technology successfully isolated and contained the affected systems within a matter of hours, limiting the severity of the attack. “It is in part because of this swift response that we have not identified, to this point in our ongoing investigation, evidence of the unauthorized access to or acquisition of State data,” said Stewart in a statement issued on January 12, 2022. According to Stewart, there was an attempted distributed-denial-of-service (DDoS) attack shortly after the ransomware attack; however, that attack was not successful. Evidence gathered during the investigation of the ransomware and DDoS attacks indicates they were conducted by different threat actors. Stewart said he...

Read More

Critical Infrastructure Entities Warned About Cyberattacks by State-sponsored Russian APT Actors

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have issued a joint advisory warning about the threat of Russian cyberattacks on critical infrastructure, including the healthcare, energy, government, and telecommunications sectors. “CISA, the FBI, and NSA encourage the cybersecurity community – especially critical infrastructure network defenders – to adopt a heightened state of awareness and to conduct proactive threat hunting,” explained the agencies in the advisory. The agencies have shared details of the tactics, techniques, and procedures (TTPs) commonly used by Russian state-sponsored advanced persistent threat (APT) actors to gain persistent access to networks for espionage and destructive cyberattacks. Russian APT actors use a variety of methods to breach perimeter defenses including spear phishing, brute force attacks against accounts and networks with weak security, and the exploitation of unpatched vulnerabilities, and have previously targeted vulnerable...

Read More

PHI of Anthem Members and Advocate Aurora Health Patients Potentially Compromised

Anthem Inc. has alerted 2,003 members that some of their protected health information has potentially been viewed or obtained by an unauthorized individual who gained access to the network of one of its business associates. Anthem works with the Atlanta, GA-based insurance broker OneDigital, which provides support for individuals enrolled in group health plans to help them procure and manage their health insurance. OneDigital had been provided with the protected health information of certain members to assist them or their current or former employer to obtain and manage their health insurance plan. On November 24, 2021, Anthem was notified by OneDigital about a network server hacking incident that occurred in January 2021. Anthem said the investigation into the breach did not uncover any direct evidence of unauthorized viewing or theft of protected health information, but those activities could not be ruled out. The types of data stored on the compromised systems included names, addresses, dates of birth, healthcare provider names, health insurance numbers, group numbers, dates and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist