25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Ransomware Attacks Reported by 5 HIPAA Covered Entities and Business Associates

Professional Business Systems, Inc. operating as Practicefirst Medical Management Solutions and PBS Medcode Corp, a provider of medical management services involving data processing for healthcare providers, has suffered a ransomware attack in which files containing patient information were obtained by the attackers. The ransomware attack was identified on December 30, 2020, and its systems were promptly shut down in an effort to contain the attack. Third-party cybersecurity experts were engaged to investigate the incident and law enforcement was notified. Practicefirst has not confirmed whether the ransom was paid but did say it received assurances from the attacker that the files copied from its systems have been destroyed and were not further disclosed. There have been no identified cases of misuse of patient information; however, all affected individuals have been advised to monitor their accounts for any sign of fraudulent activity. The types of patient information contained in the files differed from patient to patient and may have included the following data elements:  name,...

Read More

UW Health Discovers 4-Month Breach of Its MyChart Portal

University of Wisconsin Hospitals and Clinics Authority has reported a breach of its Epic MyChart portal which has affected 4,318 UW Health patients. Unusual activity was detected in the portal and an investigation was launched on April 20, 2021, to determine the nature and extent of the breach. The investigation ran until May 4, 2021, and determined unauthorized individuals had access to the portal for a period of around 4 months, with dates of access ranging from December 27, 2020 to April 13, 2021. UW Health said the individual had viewed the MyChart patient portal homepage which displays clinical information such as hospital admission dates, appointment reminders, care team, subject lines of messages from providers, and prompts to view new test results. Pages were also accessed that included some patient appointment and admission dates, demographic information such as names, addresses, phone numbers, and email addresses, health insurance and claims information, diagnoses, medications, and test results. Notification letters were sent to affected patients starting on June 18,...

Read More
Multiple Critical Vulnerabilities Affect Philips Vue PACS Products
Jul07

Multiple Critical Vulnerabilities Affect Philips Vue PACS Products

Multiple vulnerabilities have been identified in Philips Vue PACS products, including 5 critical flaws with a 9.8 severity rating and 4 high severity flaws. Some of the vulnerabilities can be exploited remotely and there is a low attack complexity. Successful exploitation of the flaws would allow an unauthorized to gain system access, eavesdrop, view and modify data, execute arbitrary code, install unauthorized software, or compromise system integrity and gain access to sensitive data or negatively affect the availability of the system. The vulnerabilities were recently reported to CISA by Philips and affect the following Philips Vue PACS products: Vue PACS: Versions 12.2.x.x and prior Vue MyVue: Versions 12.2.x.x and prior Vue Speech: Versions 12.2.x.x and prior Vue Motion: Versions 12.2.1.5 and prior Critical Vulnerabilities CVE-2020-1938 – Improper validation of input to ensure safe and correct data processing, potentially allowing remote code execution – (CVSS v3 9.8/10) CVE-2018-12326 – Buffer overflow issue in Redis third-party software allowing code execution and...

Read More

Flaw in Kaspersky Password Manager Password Generator Made Passwords Susceptible to Brute Force Attacks

Security researchers have discovered the random password generator of the Kaspersky Password Manager (KPM) was generating passwords that were susceptible to brute-force attacks. Password managers often include a password generator to help users create unique, random, complex passwords for their accounts. In a recent blog post, researchers at security firm Donjon said the pseudo-random number generator (PRNG) used by the KPM solution was not sufficiently random to create strong passwords. As a result, any passwords generated could be brute forced in a matter of minutes, and in seconds if the approximate time that the account password was created is known. Password generation in KPG involves suggesting a password based on the policy created by the user. Those policies are set for password length and the characters that must be included (upper/lower case letters, numbers, special characters).  While several issues were found with the solution, the main problem was the PRNG was not suitable for cryptographic purposes, as the single source of entropy was the current time in seconds....

Read More

PHI of Veterans with PTSD Potentially Compromised in OSU Data Breach

An Ohio State University (OSU) pilot program to help veterans recover from Post Traumatic Stress Disorder (PTSD) and other mental health issues was breached and the personal information of patients has been compromised, according to a recent NBC4 Investigates Report. The (OSU) Veterans Neuromodulation Operation Wellness (NOW) pilot program was shut down permanently on June 15, 2021, but prior to the closure, a data breach occurred. OSU explained in its notification letters to affected individuals that the breach was detected on April 24, 2021, and occurred between January 25, 2021, and March 4, 2021. NBC4 Investigates spoke with one veteran who received a June 14, 2021, notification letter from the Office of Compliance and Integrity informing him that his name, address, Social Security number, and medical history may have been compromised. It is currently unclear how many individuals have been affected by the breach. The Veterans Now Program was paused in March 2021 for a week, with the program’s lead doctor placed on leave. The program was then re-started without the lead doctor...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist