25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

PHI Potentially Compromised in Security Incidents at People Incorporated and My Choice HouseCalls

People Incorporated Mental Health Services, a provider of integrated behavioral and mental health services in Minnesota, is notifying 27,500 patients that some of their protected health information was exposed in an email account breach between April 28, 2020 and May 4, 2020. Prompt action was taken to block further access to the email accounts and an investigation was launched to determine the nature and scope of the breach. Assisted by third-party cybersecurity experts, and after conducting a manual document review, People Incorporated discovered on September 8, 2020 that the email accounts contained patients’ personal and protected health information. While third party access to the email accounts had occurred, no evidence was found to indicate any information was stolen or has been misused. The PHI in the compromised accounts included names, dates of birth, addresses, treatment information, insurance information, and medical record numbers and, for a limited number of individuals, Social Security numbers, financial account information, health insurance information, and...

Read More

Vendor Access and HIPAA Compliance: Are you Secured?

It can be hard to remember a time before the Health Insurance Portability and Accountability Act, known as HIPAA, was enacted in 1996. These were the days that paper files were still stored in cabinets and sensitive information was generally delivered by hand, or if you were really sophisticated, it was sent via a fax machine. Fast forward almost 25 years later and unsurprisingly, the world in the healthcare industry looks completely different, except some providers do still use fax machines. Nothing surprising here, but everything is now stored on computers and transmitted over the internet, which has led to obvious increases in terms of efficiency, but, with this comes risk. We’ve seen an increase in serious data breaches tied to healthcare entities that are exposing highly sensitive personal health information. And not just any type of data breach, these are the ones that are tied to third-party and vendor access, which are known to be more costly in terms of fines and reputational damage. A hacker can quickly access hundreds of patient files and cause widespread damage,...

Read More

Ransomware Attacks Impact First Impressions Orthodontics, Kids First Dentistry & Orthodontics, and Hendrick Health Patients

First Impressions Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut PLLC, experienced a ransomware attack on September 28, 2020 that potentially saw the protected health information of 23,000 patients accessed by the attackers. Backups were regularly performed and stored securely, so patient data could be recovered without having to pay the ransom. In addition to the 23,000 First Impressions Orthodontics patients, 5,000 patients of Kids First Dentistry & Orthodontics who had x-rays performed at First Impressions Orthodontics were also impacted by the breach. The types of data potentially compromised included names, addresses, telephone numbers, email addresses, contact telephone numbers, Social Security numbers, dental insurance numbers, dental records, dental images, service charge amounts, and payments received for services provided. Patients who only had their x-ray images compromised only had their name, date of birth, and insurance information exposed. Affected individuals were notified in accordance with HIPAA requirements, but no evidence of data...

Read More

North Dakota and Delaware State Departments Report Breaches of PHI

The North Dakota Department of Health, Department of Human Services, Cavalier County Health District, and other state agencies were impacted by a phishing attack that saw multiple employee email accounts compromised between November 23 and December 23, 2019. The breach investigation did not uncover any evidence to suggest protected health information was stolen or misused or that the attack was conducted in order to obtain patient information. An analysis of the compromised accounts revealed they contained names, dates of birth, addresses, medical diagnoses and treatment information, driver’s license numbers and mothers’ maiden name and, for a limited number of individuals, Social Security numbers and/or financial information. The breach report submitted to the HHS’ Office for Civil Rights indicates 35,416 individuals were affected by the breach. All individuals affected have been notified and those who had their Social Security number exposed have been offered free membership to credit monitoring services. North Dakota has since taken steps to improve email security to prevent...

Read More
Nation State APT Groups Targeting Companies Involved in COVID-19 Research and Vaccine Development
Nov16

Nation State APT Groups Targeting Companies Involved in COVID-19 Research and Vaccine Development

Advanced Persistent Threat (APT) groups in Russia and North Korea are targeting companies involved in research into COVID-19 and vaccine development, according to Microsoft. Six large pharmaceutical firms and a clinical research company are known to have been targeted by three APT groups who are attempting to gain access to research and vaccine data. The cyberattacks have been on “pharmaceutical companies in Canada, France, India, South Korea and the United States,” according to Microsoft and three APT groups are known to be conducting attacks – the Russian APT group Strontium (aka Fancy Bear/APT28) and two APT groups with links to North Korea – The Lazarus Group (aka Zinc) and Cerium. Additionally, in the summer of 2020, warnings were issued by several government agencies about attacks on COVID-19 research firms by another Russian APT group, Cozy Bear (aka APT29). The targeted organizations have contracts with or investments from governments to advance research into COVID-19 and vaccine development. Most of the targeted companies have developed vaccines which are currently...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist