25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Arizona Asthma and Allergy Institute Notifies 70,372 Patients About Data Breach

Arizona Asthma and Allergy Institute has issued breach notification letters to 70,372 patients who received services between October 1, 2015 and June 15, 2020. According to the breach notice, a range of their personal and protected health information including names, patient ID numbers, provider names, health insurance information, and treatment cost information was exposed online under the name of a different organization for a brief period in September 2020. After being alerted about the exposed data, a third-party forensics company was engaged to investigate the breach. The investigation concluded on March 8, 2021 and confirmed that protected health information had been exposed. According to databreaches.net, which contacted Arizona Asthma and Allergy Institute to alert them about the breach, this was a ransomware attack by the Maze ransomware operation. Sensitive data obtained in the breach had been posted to the Maze Group’s data leak site for a short period in September under the name Medical Management Inc. Stillwater Medical Center Investigation Security Breach Stillwater...

Read More
SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals
Jun16

SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals

A benefits administrator for home healthcare and nursing home workers, Service Employees International Union 775 (SEIU 775) Benefits Group, has experienced a cyberattack that resulted in the deletion of sensitive data. IT staff detected anomalies within SEIU 775’s data systems on or around April 4, 2021, which included the deletion of certain data. An investigation was launched into the malicious activity, led by third-party cybersecurity experts and forensic consultants. The investigation confirmed that its systems had been hacked and the data of unknown individuals had been deleted, including personally identifiable and protected health information. While information was deleted, no evidence was found to indicate any PII or PHI was viewed or acquired by the attackers and there have been no reported cases of misuse of data. Data potentially compromised included names, addresses, and demographic data along with Social Security numbers and potentially health plan eligibility information. Upon discovery of the malicious activity, steps were immediately taken to prevent further...

Read More

Avaddon Ransomware Operation Shuts Down and Releases Decryption Keys

The Avaddon ransomware-as-a-service operation was shut down on Friday and the threat group released the decryption keys for all victims. Bleeping Computer was sent an email with password and a link to a password protected ZIP file that contained the private keys for 2,934 Avaddon ransomware victims. The keys were confirmed as legitimate by Emsisoft and Coveware, with the former now having released a free decryptor that can be used by all Avaddon ransomware victims to decrypt their files. Avaddon is a relatively new ransomware-as-a-service operation which started up in March 2020. The threat group behind the operation recruited affiliates to conduct attacks and provided them with a portal through which they could generate copies of the ransomware to conduct their own attacks. All ransoms generated were then shared between the affiliate and the RaaS operator. It is not uncommon for RaaS operations to suddenly stop and release the keys for victims that have not yet paid, but the timing of the shut down suggests the RaaS operator may have got nervous with the increased focus of...

Read More

Houston Hospital Workers’ Lawsuit over Vaccine Mandate Dismissed by Federal Judge

Many U.S. employers have implemented a policy that requires their workers to be vaccinated against COVID-19, including several major healthcare systems and hospitals. These policies are in line with the guidance issued by the U.S. Equal Employment Opportunity Commission last month, which confirmed that U.S. employers are within their rights to require their employees to be vaccinated, with certain exceptions such as on medical or religious grounds. Houston Methodist Hospital in Texas introduced its vaccine mandate to ensure patients were protected against COVID-19 and set a June 7, 2021 deadline for employees to be vaccinated. While the majority of workers at Houston Methodist Hospital have been or have agreed to receive a COVID-19 vaccine, On Monday June 7, a walkout was staged by a small minority of workers over the vaccine requirements. On Tuesday, the hospital took the decision to suspend 178 workers without pay over their refusal to be inoculated. A lawsuit was brought by 117 of those workers, with lead plaintiff, Jennifer Bridges, claiming that if she is dismissed for...

Read More
IT Security Company COO Charged with Cyberattack on Georgia Medical Center
Jun14

IT Security Company COO Charged with Cyberattack on Georgia Medical Center

The Chief Operating Officer of an IT security firm has been charged over a financially motivated cyberattack on Gwinnett Medical Center in Lawrenceville, GA in September 2018. Vikas Singla, 45, of Marietta, GA is the COO of Securolytics, a network security company in the metro Atlanta region. On June 8, 2021, Singla was indicted by a federal grand jury for allegedly accessing the systems of the healthcare provider, disrupting its phone and network printer services, and stealing information from a Hologic R2 digitizing device. According to the Department of Justice, the attack was conducted, in part, for financial gain and commercial advantage. According to court documents at least 10 protected computers were damaged in the attack. It is unclear whether Singla or his IT company had any previous business relationship with Gwinnett Medical Center and why the medical center was targeted. Singla was arraigned in the U.S. District Court for the Northern District of Georgia on June 10, 2021, and was charged with 17 counts of causing intentional damage to a protected computer and one count...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist