25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

OCR Imposes 2nd Largest Ever HIPAA Penalty of $6.85 Million on Premera Blue Cross
Sep28

OCR Imposes 2nd Largest Ever HIPAA Penalty of $6.85 Million on Premera Blue Cross

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85 million HIPAA penalty on Premera Blue Cross to resolve HIPAA violations discovered during the investigation of a 2014 data breach involving the electronic protected health information of 10.4 million individuals. Mountlake Terrace, WA-based Premera Blue Cross is the largest health plan in the Pacific Northwest and serves more than 2 million individuals in Washington and Alaska. In May 2014, an advanced persistent threat group gained access to Premera’s computer system where they remained undetected for almost 9 months. The hackers targeted the health plan with a spear phishing email that installed malware. The malware gave the APT group access to ePHI such as names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, and health plan clinical information. The breach was discovered by Premera Blue Cross in January 2015 and OCR was notified about the breach in March 2015. OCR launched an investigation into the breach and discovered “systemic...

Read More
NIST Publishes Updated Security and Privacy Controls Guidance for Information Systems and Organizations
Sep25

NIST Publishes Updated Security and Privacy Controls Guidance for Information Systems and Organizations

The National Institute of Standards and Technology (NIST) has released updated guidance on Security and Privacy Controls for Information Systems and Organizations (NIST SP 800-53 Revision 5). This is the first time that NIST has updated the guidance since 2013 and is a complete renovation rather than a minor update. NIST explained that the updated guidance will “provide a solid foundation for protecting organizations and systems—including the personal privacy of individuals—well into the 21st century.” The updated guidance is the result of years of effort “to develop the first comprehensive catalog of security and privacy controls that can be used to manage risk for organizations of any sector and size, and all types of systems—from super computers to industrial control systems to Internet of Things (IoT) devices.” This is the first control catalog to be released worldwide that includes privacy and security controls in the same catalog. The guidance will help to protect organizations from diverse threats and risks, including cyberattacks, human error, natural disasters, privacy...

Read More

Slew of Lawsuits Filed Over Recent Healthcare Data Breaches

Individuals impacted by the recent data breaches at Blackbaud, Assured Imaging, and BJC Healthcare have taken legal action over the exposure and theft of their personal and protected health information. Multiple Lawsuits Filed Over Blackbaud Ransomware Attack The data breach at Blackbaud is one of the largest ever breaches of healthcare data to be reported. It is currently unclear exactly how many healthcare entities have been affected, as each affected entity is reporting the breach separately. As the deadline for reporting approaches, the extent of the breach is becoming clearer. Currently, at least 5 million individuals are known to have been affected and around 60 healthcare organizations have confirmed they have been impacted by the breach. As is now common in ransomware attacks, data were exfiltrated by the hackers prior to the use of ransomware. Blackbaud paid the ransom demand to obtain the keys to decrypt data and to ensure that all stolen data were permanently deleted. Blackbaud has received assurances that the stolen data have been deleted, but as a result of the breach,...

Read More
Webinar: 24/9 | Save Time & Reduce Stress with Automated On-Call Physician Scheduling
Sep24

Webinar: 24/9 | Save Time & Reduce Stress with Automated On-Call Physician Scheduling

Are you still using paper, whiteboards, and spreadsheets for staff scheduling? If so, you will probably not be surprised to hear there is a far better and more efficient way of creating, managing, and distributing staff schedules. On Thursday, Sept. 24, TigerConnect is hosting a webinar to explain how automated, mobile-friendly, on-call physician scheduling, when integrated with a HIPAA-compliant messaging solution and systems such as EHRs, streamlines workflows, ensures accuracy, delivers fairness, reduces stress, and greatly reduces costs. TigerConnect will explain how its secure messaging platform integrates with the new TigerSchedule physician scheduling solution to drive efficiency, improve staff satisfaction, deliver huge time savings, and help healthcare providers deliver better care. Webinar Details: Save Time & Reduce Stress with Automated On-Call Physician Scheduling Date/Time:         Thursday, September 24 at 10 a.m. PT The webinar will be hosted by: Will O’Connor, M.D., TigerConnect Chief Medical Information Officer Justin Wampach, TigerConnect Vice...

Read More

CISA Issues Alert Following Surge in LokiBot Malware Activity

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert following a surge in LokiBot malware activity over the past two months. LokiBot – also known as Lokibot, Loki PWS, and Loki-bot – first appeared in 2015 and is an information stealer used to steal credentials and other sensitive data from victim machines. The malware targets Windows and Android operating systems and employs a keylogger to capture usernames and passwords and monitors browser and desktop activity. LokiBot can steal credentials from multiple applications and data sources, including Safari, Chrome, and Firefox web browsers, along with credentials for email accounts, FTP and sFTP clients. The malware is also capable of stealing other sensitive information and cryptocurrency wallets and can create backdoors in victims’ machines to provide persistent access, allowing the operators of the malware to deliver additional malicious payloads. The malware establishing a connection with its Command and Control Server and exfiltrates data via HyperText Transfer Protocol....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist