25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Former Mayo Clinic Doctor Charged Over Improper Medical Record Access

In October 2020, Mayo Clinic announced a former employee was discovered to have impermissibly accessed the medical records of approximately 1,600 patients. According to a statement issued by the Mayo Clinic, the former employee viewed demographic information, date of birth, medical record number, clinical notes, and in some cases images. Mayo Clinic said its investigation uncovered no evidence to suggest any patient data was copied or retained. All affected patients were notified about the breach by mail. The employee in question was Ahmad Maher Abdel-Munim Alsughayer, 28, of Saginaw, MI, who was a doctor at Mayo Clinic. Alsughayer ended his employment with Mayo Clinic in August 2020, around the time that the privacy violation was discovered. A criminal case has now been opened by the Olmsted County Attorney’s Office. Alsughayer has been charged with gross misdemeanor unauthorized computer access and has been scheduled to appear in court on July 8, 2021. The criminal case stems from allegations that Alsughayer had abused his access rights to view medical records when there was no...

Read More

Former Cedar Rapids Hospital Employee Who Weaponized Ex-Boyfriend’s PHI Sentenced to Probation

A former Cedar Rapids Hospital employee has been sentenced to 5 years’ probation for wrongfully accessing and distributing the protected health information (PHI) of her ex-boyfriend. Jennifer Lynne Bacor, 41, of Las Vegas, NV, was employed as a patient care technician at a Cedar Rapids hospital. The position gave her access to systems containing the individually identifiable information of patients. While she was authorized to access that information, she was only permitted to view the information of patients in order to complete her work duties. Bacor’s ex-boyfriend had visited the hospital on multiple occasions in 2017 to receive treatment. Bacor used her login credentials to access his medical records from October 2013 to September 2017 on multiple occasions between April and October 2017, when there was no legitimate work reason for doing so. Accessing the protected health information of an individual when there is no legitimate work purpose for doing so is a violation of the Health Insurance Portability and Accountability Act (HIPAA), for which criminal charges can be filed....

Read More
Scripps Health Facing Multiple Class Action Lawsuits over Ransomware Attack
Jun24

Scripps Health Facing Multiple Class Action Lawsuits over Ransomware Attack

San Diego-based Scripps Health is facing multiple class action lawsuits over an April 29, 2021 ransomware attack that affected 147,267 individuals. The attack forced the 5-hospital healthcare system to take systems offline while the attack was remediated, including its patient portal. While care continued to be provided, some patients were diverted to other facilities as a precaution. The investigation into the HIPAA breach confirmed that prior to the deployment of ransomware the attacker exfiltrated documents that contained patients’ protected health information. Information compromised in the attack included names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers, and/or clinical information, such as physician name, dates of service, and/or treatment information. A lawsuit was filed on June 1 in the San Diego County Superior Court that named Kenneth Garcia as plaintiff. The lawsuit, which seeks class action status, alleges Scripps Health was negligent for failing to prevent the theft of protected health information, which...

Read More
Maximus Reports Breach Affecting 334,000 Medicaid Healthcare Providers
Jun24

Maximus Reports Breach Affecting 334,000 Medicaid Healthcare Providers

Ohio Medicaid has announced that its data manager, Maximus Corp, has experienced a data breach in which the personal information of Medicaid healthcare providers has been compromised. Maximus is a global provider of government health data services. Through the provision of those services the company had been provided with the personal information of Medicaid healthcare providers. On May 19, 2021, Maximus discovered a server that contained personal information provided to the Ohio Department of Medicaid (ODM) or to a Managed Care Plan had been accessed by unauthorized individuals between May 17 and May 19, 2021. Upon discovery of the breach, Maximus took the server offline to prevent any further unauthorized access and a leading third-party cybersecurity firm was engaged to assist with the investigation. The cybersecurity firm confirmed that the breach was confined to an application on the server and no other servers, applications, or systems were affected. No evidence was found to indicate any information within the application has been misused, although data theft could not be...

Read More
PHI of Up to 500,000 Individuals Potentially Stolen in Wolfe Eye Clinic Ransomware Attack
Jun24

PHI of Up to 500,000 Individuals Potentially Stolen in Wolfe Eye Clinic Ransomware Attack

Wolfe Eye Clinic, an operator of a network of eye health clinics throughout Iowa, has announced it was the victim of a ransomware attack on February 8, 2021. Hackers gained access to its systems and used ransomware to encrypt files. A ransom demand was issued for the keys to decrypt files, but the clinic refused to pay and opted to recover files from backups. As is now common in ransomware attacks, prior to file encryption the attackers exfiltrated data from Wolfe Eye Clinic systems. Wolfe Eye Clinic explained in its substitute breach notification letter that immediate action was taken to secure its network environment and independent IT security and forensic investigators were engaged to determine the scope and extent of the security breach. Due to the scale and complexity of the attack, it took until May 28, 2021 for the full scope of the security breach to be determined and to identify the information compromised in the attack. The forensic investigation concluded on June 8, 2021, when it was confirmed the attackers accessed and exfiltrated the data of current and former...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist