25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

CISA Publishes List of the Most Commonly Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint cybersecurity advisory about the most common vulnerabilities exploited by cyber actors in 2020, many of which are still being widely exploited in 2021. The advisory lists the top 30 exploited Common Vulnerabilities and Exposures (CVEs), how each vulnerability is exploited, recommended mitigations, indicators of compromise, and tools and methods that can be used to check whether the vulnerabilities have already been exploited. Recently disclosed vulnerabilities are exploited by cyber threat actors, but most of the commonly exploited vulnerabilities are not new and were disclosed in the past two years. In 2020, the pandemic forced many businesses to switch from an office-based to a remote workforce, so it is not surprising that 4 of the most commonly exploited vulnerabilities in 2020 concern remote working solutions such as VPNs and cloud-based technologies....

Read More

The Average Cost of a Healthcare Data Breach is Now $9.42 Million

IBM Security has published its 2021 Cost of a Data Breach Report, which shows data breach costs have risen once again and are now at the highest level since IBM started publishing the reports 17 years ago. There was a 10% year-over-year increase in data breach costs, with the average cost rising to $4.24 million per incident. Healthcare data breaches are the costliest HIPAA compliance breach, with the average cost increasing by $2 million to $9.42 million per incident. Ransomware attacks cost an average of $4.62 million per incident. The large year-over-year increase in data breach costs has been attributed to the drastic operational shifts due to the pandemic. With employees forced to work remotely during the pandemic, organizations had to rapidly adapt their technology. The pandemic forced 60% of organizations to move further into the cloud. Such a rapid change resulted in vulnerabilities being introduced and security often lagged behind the rapid IT changes. Remote working also hindered organizations’ ability to quickly respond to security incidents and data breaches. According...

Read More

Report: The State of Privacy and Security in Healthcare

2020 was a particularly bad year for the healthcare industry with record numbers of data breaches reported. Ransomware was a major threat, with Emsisoft identifying 560 ransomware attacks on healthcare providers in 2020. Those attacks cost the healthcare industry dearly. $20.8 billion was lost in downtime in 2020, according to Comparitech, which is more than twice the ransomware downtime cost to the healthcare industry in 2019. With the healthcare industry facing such high numbers of cyberattacks, the risk of a security breach is considerable, yet many healthcare organizations are still not fully conforming with the NIST Cybersecurity Framework (NIST CSF) and the HIPAA Security Rule, according to the 2021 Annual State of Healthcare Privacy and Security Report published today by healthcare cybersecurity consulting firm CynergisTek. To compile the report – The State of Healthcare Privacy and Security – Maturity Paradox: New World, New Threats, New Focus – CynergisTek used annual risk assessments at 100 healthcare organizations and measured progress alongside overall NIST CSF...

Read More

McLaren Health Care and Greenwood Leflore Hospital Impacted by Elekta Ransomware Attack

McLaren Health Care Corporation (MHCC), the operator of 15 hospitals and over 100 primary care locations in Michigan and Ohio, has announced the protected health information of 64,600 of its cancer patients may have been compromised in a ransomware attack on vendor Elekta Inc. Elekta provides software and technology services to MHCC facilities in Macomb, Northern Michigan, Gaylord, Cheboygan, West Branch, Lapeer, Central and Bay City, which includes data storage. Between April 2 and April 20, 2021, Hackers had access to Elekta’s systems, exfiltrated data, then deployed ransomware to encrypt files. A ransom demand was issued, payment of which was required to decrypt data and prevent the exposure of data stolen in the attack. Elekta notified MHCC about the breach on May 17, 2021. While patient data was affected, Elekta said it has no reason to believe that any of the stolen information will be further disclosed or published online. However, as a precaution against identity theft and fraud, complimentary identity theft protection and credit monitoring services are being offered to...

Read More

Phishing Attacks Reported by UC San Diego Health and UnitedHealthcare

UC San Diego Health has discovered unauthorized individuals gained access to the email accounts of some of its employees and may have accessed or exfiltrated emails containing patient data. The email accounts were compromised as a result of employees responding to phishing emails and disclosing their email credentials. The email environment has now been secured and additional measures have been implemented to improve security. The investigation into the breach revealed the first email account was compromised on December 2, 2020, and others were compromised up until April 8, 2020. At this stage, no evidence has been found to indicate any emails or email attachments were subjected to unauthorized access between December 2020 and April 2021, and no reports have been received that suggest the protected health information (PHI) of patients has been misused; however, it was not possible to rule out unauthorized PHI access and data exfiltration. The investigation into the breach is ongoing to identify exactly what happened and the information that has been affected. Notification letters...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist