25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Vulnerabilities Identified in Innokas Yhtymä Oy Vital Signs Monitors
Jan08

Vulnerabilities Identified in Innokas Yhtymä Oy Vital Signs Monitors

Two medium-severity vulnerabilities have been identified in Innokas Yhtymä Oy vital signs monitors which allow communications between downstream devices to be modified and certain features of the monitors to be disabled. The vulnerabilities affect All versions of VC150 patient monitors prior to software version 1.7.15. Vulnerable patient monitors have a stored cross-site scripting (XSS) vulnerability which allows a web script or HTML to be injected via the filename parameter to update multiple endpoints of the administrative web interface. The vulnerability is due to improper neutralization of input during web page generation. The vulnerability is tracked as CVE-2020-27262 and has been assigned a severity score of 4.6 out of 10. The second vulnerability, tracked as CVE-2020-27260, is due to improper neutralization of special elements in the output used by downstream components. HL7 v2.x injection vulnerabilities allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into HL7 v2.x messages via multiple expected parameters. The vulnerability...

Read More
Federal Task Force Says SolarWinds Supply Chain Attack Likely Russian in Origin
Jan07

Federal Task Force Says SolarWinds Supply Chain Attack Likely Russian in Origin

A joint statement has been issued by the Federal Bureau of Investigation (FBI), the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) on behalf of the Trump Administration attributing the supply chain attack on SolarWinds Orion software to Russian threat actors. Following the attack, the National Security Council created a task force known as the Cyber Unified Coordination Group (UCG) to investigate the breach, which consisted of the FBI, CISA, and ODNI, with support provided by the NSA. The task force is still investigating the scope of the data security incident but has announced that the attack was conducted by an Advanced Persistent Threat (APT) actor and was “likely Russian in origin.” Evidence has been mounting that the SolarWinds software was compromised as part of an intelligence gathering operation run by Russia. While several media outlets have previously reported the security breach as being a Russia-led operation, and Secretary of State Mike Pompeo and former...

Read More

Email Breaches Reported by Mattapan Community Health Center and Prestera Center for Mental Health Services

Prestera Center for Mental Health Services, the largest behavioral health services provider in West Virginia, has discovered an unauthorized individual potentially accessed the protected health information of a small percentage of its current and former patients. An unauthorized individual gained access to Prestera Center’s business email environment which contained protected health information such as patient names, dates of birth, medical record numbers, patient account numbers, diagnostic information, prescription information, treatment information, and healthcare provider information. The email system also contained a limited number of patient addresses, Social Security numbers, and Medicare/Medicaid numbers. A third-party vendor was engaged to assist with the investigation and determine whether any PHI was viewed or obtained during the data security incident. Prestera Center said the investigation did not uncover any evidence of attempted or actual misuse of patient information, but since PHI may have been viewed or acquired, affected individuals have been offered...

Read More
NSA Releases Guidance on Eliminating Weak Encryption Protocols
Jan06

NSA Releases Guidance on Eliminating Weak Encryption Protocols

The National Security Agency (NSA) has released guidance to help organizations eliminate weak encryption protocols, which are currently being exploited by threat actors to decrypt sensitive data. Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols were developed to create protected channels using encryption and authentication to ensure the security of sensitive data between a server and a client.  The algorithms used by these protocols to encrypt data have since been updated to improve the strength of encryption, but obsolete protocol configurations are still in use. New attacks have been developed that exploit weak encryption and authentication protocols, which are being actively used by threat actors to decrypt and obtain sensitive data. The NSA explains that most products that use obsolete TLS versions, cipher suites, and key exchange methods have been updated, but implementations have often not kept up and continued use of these out-of-date TLS configurations carries an elevated risk of exploitation. Continued use of outdated protocols provides a false sense...

Read More

Healthcare Industry Cyberattacks Increase by 45%

In the fall of 2020, a warning was issued to the healthcare and public health sector following a spike in ransomware activity. The joint CISA, FBI, and HHS cybersecurity advisory explained that the healthcare industry was being actively targeted by threat actors with the aim of infecting systems with ransomware. Several ransomware gangs had stepped up attacks on the healthcare and public health sector, with the Ryuk and Conti operations the most active. A new report from Check Point shows attacks continued to increase in November and December 2020, when there was a 45% increase in cyber-attacks on healthcare organizations globally. The increase was more than double the percentage rise in attacks on all industry sectors worldwide over the same period. Globally, there was an average of 626 cyberattacks on healthcare organizations each week in November and December, compared to 430 attacks in October. The vectors used in the attacks have been varied, with Check Point researchers identifying an increase in ransomware, botnet, remote code execution, and DDoS attacks in November and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist