25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Allina Health System to Pay $12.5 Million to Settle Pixel Litigation
Jun30

Allina Health System to Pay $12.5 Million to Settle Pixel Litigation

Allina Health System, a nonprofit health system based in Minneapolis, Minnesota, that serves patients in Minnesota and Western Wisconsin, has agreed to pay $12,500,000 to resolve litigation over its use of website tracking technologies such as pixels. Those tools were alleged to have resulted in the disclosure of personally identifiable information (PII) and protected health information (PHI) to third parties such as Facebook (Meta) and Google, in violation of federal and state laws. Those tools are extensively used on websites for marketing and advertising purposes. The tools collect information about website usage, and that information can be used to improve web services. It can also be used to serve targeted advertisements to individuals, based on their interactions on a website. Depending on how they are configured, these tools can collect individually identifiable health information when installed on healthcare providers’ websites, and if they are used on authenticated pages such as a patient portal, that information may include HIPAA-protected data. The first lawsuit...

Read More
Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System
Jun30

Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System

Amicus Solutions (Fedora Solutions) has been affected by a cybersecurity incident, and Huntsville Hospital has confirmed it was affected by a January 2025 breach at Cerner (Oracle Health). Amicus Solutions Amicus Solutions, Inc., doing business as Fedora Solutions, a provider of managed IT and revenue cycle management services, has experienced a cybersecurity incident involving the protected health information of 1,137 individuals. According to the breach notification to the Massachusetts Office of Consumer Affairs and Business Regulation, the breach affected patients of medical practices managed by OneOncology, LLC, including New York Cancer and Blood Specialists. Suspicious activity was identified within the Amicus Solutions network on April 2, 2026, with the unauthorized access believed to have occurred between February 2, 2026, and February 18, 2026. During that time, a threat actor exfiltrated data from its systems, and some of that data was posted to the threat actor’s website, including personally identifiable information and protected health information. The data review...

Read More
Washington Dept. Health & Social Services Insider Breach Affects 8,600 Individuals
Jun30

Washington Dept. Health & Social Services Insider Breach Affects 8,600 Individuals

The Washington Department of Social and Health Services (DSHS) has identified an insider data breach involving unauthorized access to the protected health information of approximately 8,600 individuals. Insider threats are a major problem in healthcare, more so than in other sectors. While most insider incidents are unintentional, and snooping on medical records is a common cause of healthcare data breaches. Patient records may also be obtained for financial gain. Regular workforce HIPAA training is important to remind employees of their responsibilities with respect to patient privacy, and employee access logs should be routinely monitored. Without active monitoring, these privacy violations can persist for long periods before unauthorized access is identified. In this case, a DSHS employee was discovered to have accessed a DSHS internal client data system without authorization and viewed records containing full names, dates of birth, Social Security numbers, DSHS client numbers, and information about DSHS program enrollment. The DSHS investigation found no evidence that health...

Read More
South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches
Jun29

South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches

A hacking incident has been reported by South Florida Injury Centers, and Chickasaw Nation Department of Health has discovered that an employee accessed patient data without authorization. South Florida Injury Centers South Florida Injury Centers, Inc., a medical practice with locations in Tamarac and Port Saint Lucie that specializes in treating patients injured in automobile accidents, has recently reported a hacking-related data breach to the HHS’ Office for Civil Rights that has affected up to 1,525 patients. While few details have been released about the incident, this appears to have been a cyberattack by the threat actor Kairos. Kairos is a financially motivated threat group that engages in data theft and extortion, breaching networks, exfiltrating data, and demanding payment to prevent the data from being leaked online. The group has conducted attacks on several healthcare organizations and claims to have exfiltrated 45 GB of data from South Florida Injury Centers. South Florida Injury Centers was added to its dark web data leak site on April 7, 2026, along with samples of...

Read More
Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through
Jun29

Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through

There is some positive news from the data collected by cybersecurity firm SonicWall, as cyberattacks have declined by up to 57% in some sectors; however, the healthcare industry has seen the smallest decline out of all tracked verticals, registering just a 17% year-over-year decline, compared to -23% for professional services, -42% for education, -46% for retail and -57% for manufacturing. Healthcare is still persistently targeted by cyber actors, and the gap between healthcare and other sectors is growing, according to the SonicWall 2026 Healthcare Protect Brief. There are more active ransomware groups (10) attacking healthcare organizations than any other sector, indicating the industry is being actively targeted rather than falling victim to spray-and-pray attacks, and in H1 2026, there were four times as many malware hits per firewall in healthcare as the next most attacked sector. UltraVNC buffer overflow attacks generated 13.3 million hits in just 5 months, as hackers primarily targeted remote desktop tools to attack healthcare organizations – no other vertical experienced...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist