25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

CaptureRx Facing Multiple Class Action Lawsuits Over Ransomware Attack Involving PHI of 2.4 Million Patients

The healthcare administrative services provider CaptureRx is facing multiple class action lawsuits for failing to protect patient data, which was obtained by unauthorized individuals in a February 2021 ransomware attack. NEC Networks, doing business as CaptureRx, provides IT services to hospitals to help them manage their 340B drug discount programs. Through the provision of those services, CaptureRx is provided with the protected health information of patients. Around February 6, 2021, CaptureRx identified suspicious activity in some of its IT systems, which included the encryption of files. The investigation confirmed that files containing the protected health information of 2,400,000 or more patients were compromised in the attack. CaptureRx said in its breach notification letters that, “all policies and procedures are being reviewed and enhanced and additional workforce training is being conducted to reduce the likelihood of a similar future event.” Affected individuals were advised to “remain vigilant against incidents of identity theft and fraud, to review account statements...

Read More
Former Scripps Health Worker Charged Over HIPAA Violation in COVID-19 Unemployment Benefit Fraud Case
Jul23

Former Scripps Health Worker Charged Over HIPAA Violation in COVID-19 Unemployment Benefit Fraud Case

The Department of Justice has announced nine San Diego residents have been charged in two separate indictments in connection with the theft of patients’ protected information and the submission of fraudulent pandemic unemployment insurance claims. Under the Coronavirus Aid, Relief, and Economic Security (CARES) Act of 2020, new unemployment benefits were offered to individuals affected by the COVID-19 pandemic, who would not, under normal circumstances, qualify for payments. In one of the cases, Matthew Lombardo, a former Scripps Health employee, was charged with felony HIPAA violations for obtaining and disclosing the protected health information of patients to his alleged co-conspirators. Lombardo was also charged with conspiracy to commit wire fraud, along with three alleged co-conspirators – Konrad Piekos, Ryan Genetti, and Dobrila Milosavljevic. Piekos, Genetti, and Milosavljevic were also charged with aggravated identity theft and are alleged to have used the stolen information to submit fraudulent pandemic unemployment insurance claims. The San Diego Sheriff’s’...

Read More
UPMC Settles Employee Data Breach Lawsuit for $2.65 Million
Jul22

UPMC Settles Employee Data Breach Lawsuit for $2.65 Million

UPMC has proposed a $2.65 million settlement to resolve a data breach lawsuit filed by employees affected by a February 2014 data breach. Pittsburg, PA-based UPMC announced the data breach in February 2021 and initially believed the attackers had only obtained the tax-information of a few hundred of its employees; however, in April 2014, UPMC determined that the breach was far more extensive and had affected 27,000 of its 66,000 employees. In May 2014, UPMC confirmed that the personal data of all of its employees had likely been compromised. The data compromised in the attack included names and Social Security numbers, some of which were used by the attackers to file fraudulent tax returns. Four individuals involved in the cyberattack have been charged and pleaded guilty to tax fraud and identity theft charges. They attempted to obtain around $2.2 million in tax refunds and received $1.7 million from the IRS. Under the terms of the settlement, current and former employees whose personal information was compromised in the data breach will be able to submit claims for fraud-related...

Read More

Cyber Incident Notification Act of 2021 Introduced in the Senate

In June, a bipartisan group of senators circulated a draft federal breach notification bill – the Cyber Incident Notification Act of 2021 – that requires all federal agencies, contractors, and organizations considered critical to U.S. national security to report data breaches and security incidents to the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of discovery. On Wednesday this week, an amended bill was formally introduced in the Senate. The draft bill was introduced by Senators Mark Warner (D-VA) and Marco Rubio (R-FL), and Susan Collins (R-ME). Another 12 senators across both parties have now added their names to the bill. The bill seeks to address some of the key issues that have come to light in the wake of recent cyberattacks that impacted U.S. critical infrastructure, including the SolarWinds Orion supply chain attack and the ransomware attacks on JBS and Colonial Pipeline. “The SolarWinds breach demonstrated how broad the ripple effects of these attacks can be, affecting hundreds or even thousands of entities connected to the...

Read More
June 2021 Healthcare Data Breach Report
Jul21

June 2021 Healthcare Data Breach Report

For the third consecutive month, the number of reported healthcare data breaches of 500 or more records increased. June saw an 11% increase in reported breaches from the previous month with 70 data breaches of 500 or more records reported to the HHS’ Office for Civil Rights – the highest monthly total since September 2020 and well above the average of 56 breaches per month over the past year. While the number of reported breaches increased, there was a substantial fall in the number of breached healthcare records, which decreased 80.24% from the previous month to 1,290,991 breached records. That equates to more than 43,000 breached records a day in June. More than 40 million healthcare records have been exposed or impermissibly disclosed over the past 12 months across 674 reported breaches. On average, between July 2020 and June 2021, an average of 3,343,448 healthcare records were breached each month. Largest Healthcare Data Breaches in June 2021 There were 19 healthcare data breaches of 10,000 or more records reported in June. Ransomware continues to pose problems for healthcare...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist