25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

National Cybersecurity Awareness Month: Do Your Part, #BeCyberSmart
Oct04

National Cybersecurity Awareness Month: Do Your Part, #BeCyberSmart

October is National Cybersecurity Awareness Month. Throughout October, the importance of cybersecurity is highlighted and resources are made available to raise awareness of cyber threats and encourage individuals and organizations to adopt cybersecurity best practices and better protect accounts and sensitive data. Cybersecurity Awareness Month was launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 to raise awareness of the importance of cybersecurity. Each year has a different theme, although the overall aim is the same – To empower individuals and the organizations they work for to improve cybersecurity and make it harder for hackers and scammers to succeed. The month is focused on improving education about cybersecurity best practices, raising awareness of the digital threats to privacy, encouraging organizations and individuals to put stronger safeguards in place to protect sensitive data, and highlighting the importance of security awareness training. This year has the overall theme – “Do Your Part,...

Read More

Ransomware Attack on Florida Behavioral Health Service Provider Affects 19,000 Individuals

The Clearwater, FL-based non-profit behavioral health service provider Directions for Living was the victim of a ransomware attack on July 17, 2021. Upon detection of the attack, law enforcement was notified and third-party computer forensics experts were engaged to investigate the scope of the attack and assist with remediation efforts. The investigation concluded on August 30, 2021. A review of servers potentially accessed by the attackers confirmed they contained personal and protected health information of current and former clients, including names, addresses, dates of birth, Social Security numbers, diagnostic codes, claims information, insurance information, healthcare provider names, date of service, and certain health information. Directions for Living said its electronic medical record system was not affected and could not be accessed by the attackers and clients’ financial information was not stored on the affected servers. While personal and protected health information may have been accessed by unauthorized individuals, Directions for Living said no evidence has been...

Read More
PHI of Navistar Health Plan Members Compromised in May 2021 Cyberattack
Sep30

PHI of Navistar Health Plan Members Compromised in May 2021 Cyberattack

Lisle, IL-based Navistar Inc. has issued further notification letters to individuals affected by a security breach that was detected on May 20, 2021. The U.S. truck manufacturer immediately implemented its cybersecurity response plan when a potential breach of its information technology systems was detected, and third-party cybersecurity experts were engaged to assist with the investigation and determine the nature and scope of the breach. On May 31, 2021, Navistar was informed that certain data had been extracted from its systems in the attack. The investigation into the data theft confirmed on August 20, 2021 that the exfiltrated files contained the protected health information of current and former members of Navistar Health Plan and the Navistar Retiree Health Benefit and Life Insurance Plan. That information is understood to have been stolen prior to the discovery of the security breach on May 20. Navistar said the exfiltrated data potentially included names, addresses, dates of birth, and information related to participation on the health and insurance plans, which may have...

Read More
NSA/CISA Issue Guidance on Selecting Secure VPN Solutions and Hardening Security
Sep30

NSA/CISA Issue Guidance on Selecting Secure VPN Solutions and Hardening Security

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued new guidance on selecting and improving the security of Virtual Private Networks (VPN) solutions. VPN solutions allow remote workers to securely connect to business networks. Data traffic is routed through an encrypted virtual tunnel to prevent the interception of sensitive data and to block external attacks. VPNs are an attractive target for hackers, and vulnerabilities in VPN solutions have been targeted by several Advanced Persistent Threat (APT) groups. APT actors have been observed exploiting vulnerabilities in VPN solutions to remotely gain access to business networks, harvest credentials, remotely execute code on the VPN devices, hijack encrypted traffic sessions, and obtain sensitive data from the devices. Several common vulnerabilities and exposures (CVEs) have been weaponized to gain access to the vulnerable devices, including Pulse Connect Secure SSL VPN (CVE-2019-11510), Fortinet FortiOS SSL VPN (CVE-2018-13379), and Palo Alto Networks PAN-OS (CVE_2020-2050)....

Read More

Healthcare Workers in Minnesota File Lawsuit Against Employers to Block Vaccine Mandate

A lawsuit has been filed in U.S. District Court in Minnesota on behalf of 180 healthcare workers over the COVID-19 vaccine mandates of their employers. The plaintiffs, who have not been named in the lawsuit, claim vaccine mandates are a violation of religious freedom and state and federal laws. The lawsuit is one of several that challenge the legality of such mandates. Vaccines remain the most effective way to prevent the spread of COVID-19, stop individuals becoming seriously ill, and reduce the number of hospitalizations from the illness. The vaccines are safe and are backed up by data showing they are highly effective at preventing serious illness. The majority of individuals who are hospitalized and/or die from COVID-19 are unvaccinated. Many employers have opted to implement vaccine mandates and President Biden has announced a vaccine mandate covering 17 million healthcare workers at facilities that receive Medicare and Medicaid funding. Most hospitals have reported high levels of vaccination, with Mayo Clinic saying 98% of its physicians have been vaccinated, as have 87% of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist