25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Phishing Attack on Business Associate Affects Tens of Thousands of Professional Dental Alliance Patients

Professional Dental Alliance, a network of dental practices affiliated with the North American Dental Group, has notified tens of thousands of patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual between March 31 and April 1, 2021. Professional Dental Alliance says the breach occurred at its vendor North American Dental Management. Steps were immediately taken to secure the affected accounts and prevent further unauthorized access. An investigation was launched which revealed several email accounts were accessed by an unauthorized individual after employees responded to phishing emails. The investigation into the breach uncovered no evidence of attempted or actual misuse of patient data, with the investigators concluding the breach was likely limited to credential harvesting. A comprehensive review of the affected email accounts confirmed they contained protected health information (PHI) such as names, addresses, email addresses, phone numbers, insurance information, Social Security numbers, dental...

Read More
American Osteopathic Association Notifies 27,500 Individuals About June 2020 Data Theft Incident
Oct15

American Osteopathic Association Notifies 27,500 Individuals About June 2020 Data Theft Incident

Approximately 27,500 individuals are being notified that some of their personal information was stolen in a cyberattack on the American Osteopathic Association (AOA). AOA is a Chicago-based professional organization that represents around 151,000 osteopathic physicians and medical students across the United States. On June 25, 2020, the AOA identified suspicious activity within some of its systems. Its network was taken offline, and forensic investigators were engaged to determine the nature and scope of the incident. The investigation confirmed the attackers gained access to systems that contained personally identifiable information and exfiltrated data from those systems. A comprehensive review of the files was conducted to determine which individuals had been affected. That review determined names, addresses, dates of birth, Social Security numbers, financial account information, and email addresses/usernames and passwords were in the exfiltrated data. The AOA said its investigation did not uncover any evidence of actual or attempted misuse of the stolen data, but as a...

Read More
MITRE Launches Centers to Protect Critical Infrastructure and Public Health
Oct15

MITRE Launches Centers to Protect Critical Infrastructure and Public Health

MITRE has launched two new organizations which have been tasked with addressing critical healthcare challenges and improving cybersecurity to better protect critical infrastructure. MITRE is a nonprofit organization that manages federally funded research and development centers to support government agencies in defense, healthcare, homeland security, cybersecurity, and other fields. MITRE Labs was established in 2020 as part of a restructuring of MITRE, with the new unit tasked with driving breakthroughs in applied science and advanced technology to transform the future of U.S. scientific and economic leadership. Two new organizations have now been established within MITRE labs – The Cyber Infrastructure Protection Innovation Center and the Clinical Insights Innovation Cell. The Cyber Infrastructure Protection Innovation Center was set up to bridge the technology gap between the public and private sector and ensure the operational technology, industrial control systems, and cyber-physical systems of critical infrastructure organizations are protected. Nation-state actors and...

Read More
New Jersey Infertility Clinic Settles Data Breach Investigation with State and Pays $495,000 Penalty
Oct14

New Jersey Infertility Clinic Settles Data Breach Investigation with State and Pays $495,000 Penalty

A New Jersey infertility clinic accused of violating HIPAA and New Jersey laws by failing to implement appropriate cybersecurity measures has settled the investigation with the state and will pay a $495,000 penalty. Millburn, NJ-based Diamond Institute for Infertility and Menopause, LLC (Diamond) operates two healthcare facilities in New Jersey, one in New York, and provides consultancy services in Bermuda. Providing those services involves the collection, storage, and use of personal and protected health information (PHI). Between August 2016 and January 2017, at least one unauthorized individual accessed Diamond’s network which contained the PHI of 14,663 patients, 11,071 of which were New Jersey residents. As a HIPAA-covered entity, Diamond is required to implement technical, physical, and administrative safeguards to ensure the confidentiality, integrity, and availability of PHI. Diamond is also subject to New Jersey laws and is similarly required to implement reasonable and adequate safeguards to protect medical data from unauthorized access. Diamond Investigated for...

Read More

350,000 Patients of ReproSource Fertility Diagnostics Affected by Ransomware Attack

Malborough, MA-based ReproSource Fertility Diagnostics has suffered a ransomware attack in which hackers gained access to systems containing the protected health information of up to 350,000 patients. ReproSource is a leading laboratory for reproductive health that is owned by Quest Diagnostics. ReproSource discovered the ransomware attack on August 10, 2021 and promptly severed network connections to contain the incident. An investigation into the security breach confirmed the attack occurred on August 8. While it is possible that patient data was exfiltrated by the attackers prior to the deployment of ransomware, at this stage no evidence of data theft has been identified. A review of the files on the affected systems was completed on September 24 and revealed they contained the following types of protected health information: Names, phone numbers, addresses, email addresses, dates of birth, billing and health information (CPT codes, diagnosis codes, test requisitions and results, test reports and/or medical history information), health insurance or group plan identification...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist