25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Over 535,000 Individuals Affected by Ransomware Attack on Texas ENT Specialists

Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) has recently announced it was the victim of a cyberattack that was detected on October 19, 2021. When the attack was detected, prompt action was taken to prevent further unauthorized system access and a third-party cybersecurity firm was engaged to investigate and determine the nature and extent of the attack. The forensic investigation revealed the attackers first gained access to its systems on August 9, 2021, and between then and August 15, files were copied and exfiltrated from its systems. A review of those files confirmed they contained the protected health information (PHI) of 535,489 patients, including names, dates of birth, medical record numbers, and procedure codes. A subset of individuals also had their Social Security numbers stolen; however, its electronic medical record system was unaffected. Texas ENT Specialists mailed notification letters to affected individuals on December 10, 2021. Patients who had their Social Security number stolen have been offered complimentary membership to Experian’s...

Read More
New Jersey Fines Hackensack Healthcare Providers for PHI Breach and HIPAA Violations
Dec16

New Jersey Fines Hackensack Healthcare Providers for PHI Breach and HIPAA Violations

The New Jersey Division of Consumer Affairs has agreed to settle a data breach investigation that uncovered violations of the New Jersey Consumer Fraud Act and the federal Health Insurance Portability and Accountability Act (HIPAA) Hackensack, NJ-based Regional Cancer Care Associates is an umbrella name for three healthcare providers that operate healthcare facilities in 30 locations in Connecticut, New Jersey, and Maryland: Regional Cancer Care Associates LLC, RCCA MSO LLC, and RCCA MD LLC. Between April and June 2019, several employee email accounts were compromised. Employees had responded to targeted phishing emails and disclosed their credentials, which allowed the scammers to access their email accounts and the protected health information (PHI) of more than 105,000 individuals. The email accounts contained PHI such as names, Social Security numbers, driver’s license numbers, health records, bank account information, and credit card details. In July 2019, notification letters were sent to 13,047 individuals by a third-party vendor; however, the letters were mismailed to the...

Read More
Almost 50,000 Health Plan Members Affected by Ransomware Attack on Broward County Public Schools
Dec15

Almost 50,000 Health Plan Members Affected by Ransomware Attack on Broward County Public Schools

In March 2021, ransomware was used in an attack on Broward County Public Schools in Florida and files were encrypted. The investigation into the breach revealed access to the school network was first gained by unauthorized individuals on November 12, 2020, with the ransomware deployed on March 6, 2021. The attack was detected on March 7, 2021. The hackers demanded a ransom payment of $40 million for the keys to decrypt files, which was later reduced to $10, million but the school district refused to pay. Initially, it did not appear that any sensitive data had been obtained in the attack, but on April 19, 2021, it was discovered that some files stored on its systems had been stolen when they were released publicly on the Conti ransomware gang’s data leak website. Schools are not usually covered by the Health Insurance Portability and Accountability Act (HIPAA), so HIPAA breach notifications are not required when student records are compromised; however, in this case, the school district is a HIPAA-covered entity as it operates a self-insured health plan. On June 8, 2021, it was...

Read More

Chicago Accountancy Firm Discovers Data was Stolen in December 2020 Ransomware Attack

The Chicago, IL-based accountancy firm Bansley and Kiener LLP has announced it was the victim of a December 2020 ransomware attack that saw certain files within its systems encrypted. The attack only caused temporary disruption, and it was possible to restore all encrypted systems from backups and rapidly return to normal operations. The attack occurred on December 10, 2020, and the subsequent investigation into the incident found no evidence of data theft and confirmed that the breach had been fully contained. However, Bansley and Kiener said in a December 3, 2021 data breach notification letter that the firm learned on May 24, 2021, that the attackers had exfiltrated some files from its systems, and those files contained sensitive client information. A third-party cybersecurity firm was engaged to assist with the subsequent investigation and while it was not possible to confirm the specific types of information that had been accessed and exfiltrated, on August 24, 2021, the investigation confirmed the names and Social Security numbers of some individuals may have been obtained by...

Read More
PHI of 750,000 Patients of Oregon Anesthesiology Recovered Following Ransomware Attack
Dec14

PHI of 750,000 Patients of Oregon Anesthesiology Recovered Following Ransomware Attack

On July 11, 2021, Oregon Anesthesiology Group discovered it was the victim of a ransomware attack. Files on its systems had been encrypted which prevented access to its servers and patient data. Following the attack, its IT infrastructure was reconstructed and offline data backups were used to promptly restore the affected files. A digital forensics firm was engaged to investigate the breach and it was confirmed that patient and employee information had been compromised, with the affected parts of its network found to contain files that included names, addresses, dates of service, diagnosis and procedure codes and descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Employee data potentially compromised in the attack included names, addresses, Social Security numbers, and other information contained in W-2 forms. The forensic investigation revealed that once the hackers had gained access to its network, they data-mined administrator credentials which allowed them to access encrypted data on its network. The FBI told Oregon Anesthesiology Group...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist