25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Universal Health Services Ransomware Attack Cost $67 Million in 2020
Mar24

Universal Health Services Ransomware Attack Cost $67 Million in 2020

2020 was a particularly bad year for healthcare industry ransomware attacks, with one of the worst suffered by the King of Prussia, PA-based Fortune 500 healthcare system, Universal Health Services (UHS). UHS, which operates 400 hospitals and behavioral health facilities in the United States and United Kingdom, suffered a cyberattack in September 2020 that wiped out all of its IT systems, affecting its hospitals and other healthcare facilities across the country. The phone system was taken out of action, and without access to computers and electronic health records, employees had to resort to pen and paper to record patient information. In the early hours after the attack occurred, the health system diverted ambulances to alternative facilities and some elective procedures were either postponed or diverted to competitors. Patients reported delays receiving test results while UHS recovered from the attack. UHS worked fast to restore its information technology infrastructure following the attack and worked around the clock to return to normal business operations; however, the...

Read More

Hospice CEO Pleads Guilty to Falsifying Healthcare Claims and Inappropriate Medical Record Access

The former CEO of Novus and Optimum Health Services, which operates two hospices in Texas, has pleaded guilty in a fraud case that saw Medicare and Medicaid defrauded out of tens of millions of dollars through the submission of falsified health care claims. Prerak Shah, Acting U.S. Attorney for the Northern District of Texas, recently announced that Bradley Harris, 39, pleaded guilty to conspiracy to commit healthcare fraud and healthcare fraud and is now awaiting sentencing. In addition to defrauding federal healthcare programs out of tens of millions of dollars, the actions of Harris resulted in vulnerable patients being denied the medical oversight they deserved, saw prescriptions for pain medication written without physician input for his financial benefit, and allowed terminally ill patients to go unexamined. Harris admitted billing Medicare and Medicaid for hospice services between 2012 and 2016 that were not provided, not directed by medical professional, or were provided to individuals who were not eligible for hospice services. Harris also admitted to using blank,...

Read More

FBI Warns of Increase in Business Email Compromise Attacks on Local and State Governments

State, local, tribal, and territorial (SLTT) governments have been warned they are being targeted by Business Email Compromise (BEC) scammers. In a March 17, 2021 Private Industry Notification, the Federal Bureau of Investigation (FBI) explained it has observed an increase in BEC attacks on SLTT government entities between 2018 and 2020. Losses to these attacks range from $10,000 to $4 million. BEC attacks involve gaining access to an email account and sending messages impersonating the account holder with a view to convincing the target to make a fraudulent transaction. The email account is often used to send messages to the payroll department to change employee direct deposit information or to individuals authorized to make wire transfers, to request changes to bank account details or payment methods. In 2020, the FBI’s Internet Crime Complaint Center (IC3) was notified about 19,369 BEC attacks and losses of almost $1.9 billion were reported. In July 2019, a small city government was scammed out of $3 million after receiving a spoofed email that appeared to be from a contractor...

Read More

UPMC and Charles Hilton and Associates Facing Class Action Lawsuit Over 36,000-Record Breach

University of Pittsburgh Medical Center (UPMC) and the law firm Charles Hilton and Associates are facing a class action lawsuit over a breach of the protected health information of 36,000 UPMC patients. Charles Hilton and Associates, which handles collections for UPMC, announced that hackers had gained access to the email accounts of some of its employees between April and June 2020. The investigation revealed the compromised accounts contained the protected health information of UPMC patients, some of which was potentially viewed or obtained by the attackers. The accounts contained a wide range of data including names, dates of birth, Social Security numbers, bank account information, driver’s licenses, health insurance information, and state ID card numbers. UPMC stated in its breach notice that no reports had been received to suggest information in the compromised accounts had been misused; however, the lawsuit alleges the plaintiffs’ personal and protected health information was obtained and used to open accounts in their names. Lead plaintiff, Vince Ranalli, received a letter...

Read More
Verkada Surveillance Camera Hacker Indicted on Multiple Counts of Conspiracy, Wire Fraud and Aggravated Identity Theft
Mar22

Verkada Surveillance Camera Hacker Indicted on Multiple Counts of Conspiracy, Wire Fraud and Aggravated Identity Theft

The Swiss hacktivist who gained access to the security cameras of the California startup Verkada in March 2021 has been indicted by the US government for computer crimes from 2019 to present, including accessing and publicly disclosing source code and proprietary data of corporate and government victims in the United States and beyond. Till Kottmann, 21, aka ‘tillie crimew’ and ‘deletescape’ resides in Lucerne, Switzerland and is a member of a hacking collective self-named APT 69420 / Arson Cats. Most recently, Kottman admitted accessing the Verkada surveillance cameras used by many large enterprises, including Tesla, Okta, Cloudflare, Nissan, as well as schools, correctional facilities, and hospitals. Live streams of surveillance camera and archived footage were accessed between March 7 and March 9, 2021, screenshots and videos of which were published online. Ethical hackers often exploit vulnerabilities and gain access to systems and their efforts often result in vulnerabilities being addressed before they can be exploited by bad actors. The vulnerabilities are reported to the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist