25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Insights into Healthcare Industry Cyber Threats and the Supply Chain Supporting Criminal Activity

Throughout the pandemic, cybercriminals have taken advantage of new opportunities and have been attacking hospitals, clinics and other businesses and organizations on the front line in the fight against COVID-19. Ransomware attacks on the healthcare industry soared in 2020, especially in the fall when a coordinated campaign claimed many healthcare victims. Ransomware remains a major threat to the healthcare sector and the high numbers of attacks have continued into 2021. A recent report from the CTI League provides further information on these attacks and some of the other ways the healthcare industry was targeted in 2020. The report highlights the work conducted by the CTIL Dark team, which monitors the darknet and deep web for signs of data breaches and cybercriminal activity that has potential to impact the healthcare industry or general public health. This is the first report to be released that highlights the discoveries and achievements of the CTIL Dark team, and delves into realm of healthcare ransomware attacks and the dark markets where access to healthcare networks are...

Read More

Ransom Paid to Recover Healthcare Data Stolen in Cyberattack on Online Storage Vendor

The protected health information of 29,982 patients of a Laguna Hills, CA-based provider of medical and surgical eye care services has potentially been stolen in a cyberattack on its online storage vendor. On January 15, 2021, Harvard Eye Associates was informed by its storage vendor that hackers had gained access to the vendor’s computer system and exfiltrated data. It is not clear whether files were encrypted to prevent access; however, a ransom demand was issued for the return of the stolen data. The storage vendor consulted with cybersecurity experts and the Federal Bureau of Investigation and took the decision to pay the ransom demand. The hackers returned the stolen data and provided assurances that no copies of the data had been made and there had been no further disclosures of the stolen information. The cybersecurity experts engaged by the security vendor have been monitoring the Internet and darknet and have not found any evidence to suggest the stolen data has been sold or leaked online. An investigation into the breach revealed the hackers first gained access to its...

Read More
LastPass Restricts Functionality of its Free Password Manager
Feb20

LastPass Restricts Functionality of its Free Password Manager

LastPass, one of the most popular free-to-use password manager solutions, has announced it will be restricting access to its services for free users of the solution. LastPass offers paid and free version of its password manager, with the paid service offering a more comprehensive range of features, but the free version was a solid choice, offering users most of the features of the paid version. That is now about to change. From March 20, 2021, users of the free version of LastPass will be faced with a choice. If they continue using the password manager under the free tier, they will only be able to do so for either desktop computers and laptops or mobile devices. Previously, the free version could be used across all device types, but now they face a desktop or mobile choice. Accompanying this change will be the end of access to customer support via email for free users of the solution. Support will continue until August 23, 2021, after which it will only be provided for Premium and Families accounts. While LastPass remains a great choice in terms of the quality of the password...

Read More
January 2021 Healthcare Data Breach Report
Feb19

January 2021 Healthcare Data Breach Report

January saw a 48% month-over-month reduction in the number of healthcare data breaches of 500 or more records, falling from 62 incidents in December to just 32 in January. While this is well below the average number of data breaches reported each month over the past 12 months (38), it is still more than 1 data breach per day. There would have been a significant decline in the number of breached records were it not for a major data breach discovered by Florida Healthy Kids Corporation that affected 3.5 million individuals. With that breach included, 4,467,098 records were reported as breached in January, which exceeded December’s total by more than 225,000 records. Largest Healthcare Data Breaches Reported in January 2021 The breach reported by Florida Healthy Kids Corporation was one of the largest healthcare data breaches of all time. The breach was reported by the health plan, but actually occurred at one of its business associates. The health plan used an IT company for hosting its website and an application for applications for insurance coverage. The company failed to apply...

Read More
HHS Secretary Announces Limited HIPAA Waiver in Texas Due to the Winter Storm
Feb19

HHS Secretary Announces Limited HIPAA Waiver in Texas Due to the Winter Storm

Following President Joseph R. Biden’s declaration of an emergency in the State of Texas, Norris Cochran, Acting Secretary of the Department of Health and Human Services, declared a public health emergency due to the consequences of the winter storm in the state of Texas. Pursuant to Section 1135(b)(7) of the Social Security Act, the HHS Secretary announced a limited waiver of sanctions and penalties arising from noncompliance with certain provisions of the HIPAA Privacy Rule. For the period of the waiver, sanctions and penalties will not be imposed for noncompliance with the following HIPAA Privacy Rule requirements: The requirement to obtain a patient’s agreement to speak with family members of friends – 45 C.F.R. § 164.510(a); The requirement to honor a patient’s request to opt out of the facility directory – 45 C.F.R. § 164.510(b); The requirement to distribute a notice of privacy practices – 45 C.F.R. § 164.520; The patient’s right to request privacy restrictions – 45 C.F.R. § 164.522(a); The patient’s right to request confidential communications –...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist