25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Starling Physicians Email Breach Impacts 7,777 Patients

Rocky Hill, CT-based Starling Physicians has started notifying 7,777 patients that some of their protected health information was stored in email accounts that were found to have been accessed by an unauthorized individual. A breach of its email environment was detected on or around July 7, 2020. A comprehensive review was conducted to determine the extent of the breach and whether any patient data had been accessed. While evidence of PHI access was not found, it was not possible to rule out unauthorized data access. Emails and email attachments were found to include names along with some of the following data elements: Dates of birth, medical record numbers, patient account numbers, diagnostic information, healthcare provider information, prescription information, and treatment information. A small number of affected individuals also had their address, social security number, and/or Medicare/Medicaid ID number exposed. Starling Physicians is strengthening its cybersecurity defenses to prevent similar data security events in the future. Advocate Aurora Health Notifies 2,979...

Read More
8 Vulnerabilities Identified in Philips Patient Monitoring Devices
Sep14

8 Vulnerabilities Identified in Philips Patient Monitoring Devices

8 low- to moderate-severity vulnerabilities have been identified in Philips patient monitoring devices. Exploitation of the vulnerabilities could result in information disclosure, interrupted monitoring, denial of service, and an escape from the restricted environment with limited privileges. The vulnerabilities affect the following Philips patient monitoring devices: Patient Information Center iX (PICiX) Versions B.02, C.02, C.03 PerformanceBridge Focal Point Version A.01 IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior IntelliVue X3 and X2 Versions N and prior Vulnerabilities CVE-2020-16212 – CVSS 6.8/10 – Moderate Severity. A resource is exposed to wrong control sphere, which could allow an unauthorized individual to gain access to the resource and escape the restricted environment with limited privileges. Physical access to a vulnerable device is required to exploit the flaw. CVE-2020-16216 – CVSS 6.5/10 – Moderate Severity. The product does not validate or incorrectly validates input or data to ensure it has the necessary properties to allow it...

Read More

HealthAlliance Hospital and Ciox Health Facing Class Action Medical Records Lawsuit

A lawsuit has been filed against HealthAlliance Hospital and Ciox Health, its health record management vendor, for denying a widow from obtaining her deceased husband’s medical records. Sherry Russell, 62, from Woodstock NY, lost her husband of 42 years to lung cancer in October 2020. Mr. Russell visited HealthAlliance Hospital: Broadway Campus for a chest x-ray in March 2017 but lung cancer was not diagnosed. The cancer diagnosis came two years later when the tumor was 2 inches in diameter and it was too late to provide treatment. Mrs. Russell believes the radiologist failed to identify the tumor on the x-ray, resulting in a misdiagnosis. Had the tumor been found earlier, it is possible that treatment could have been provided in time to save her husband’s life. Mrs. Russell requested a copy of her husband’s medical records from HealthAlliance Hospital in order to obtain a copy of the chest x-ray report to support her malpractice lawsuit against the hospital over the failure to diagnose lung cancer; however, she has been unable to obtain a copy of the report. Under HIPAA, patients...

Read More
Inova Health System Says 1.05 Million Individuals Impacted by Blackbaud Ransomware Attack
Sep11

Inova Health System Says 1.05 Million Individuals Impacted by Blackbaud Ransomware Attack

Falls Church, VA-based Inova Health System is one of the latest healthcare providers to confirm that it has been affected by the ransomware attack on Blackbaud. A backup of its donor database contained the information of 1,045,270 donors, patients, and prospective donors, which takes the total number of healthcare victims in the United States past 2.99 million. That total is also likely to grow as the deadline for reporting the breach to the HHS has not yet been reached. On July 16, 2020, Blackbaud issued notifications to its clients that it had suffered a ransomware attack. Unauthorized individuals gained access to its systems on February 7, 2020, with access possible until May 20, 2020 when the attack was detected when ransomware was deployed. Prior to the deployment of ransomware, certain data were exfiltrated from Blackbaud’s servers. While not all clients were affected, the attackers were able to obtain backups of fundraising databases of many of the firm’s clients. For most organizations, the breached data were limited to donor names, addresses, dates of birth, contact...

Read More

Hennepin County Medical Center Faces Possible Legal Action Over Snooping on George Floyd’s Medical Records

Hennepin County Medical Center in Minneapolis is potentially facing legal action after several employees were discovered to have snooped on George Floyd’s medical records. Attorney Antonio Romanucci of Chicago-based law firm Romanucci & Blandin said he was informed that several employees of Hennepin County Medical Center had accessed George Floyd’s medical records on multiple occasions when there was no legitimate reason for doing so, in clear violation of hospital policies and the Health Insurance Portability and Accountability Act (HIPAA). Attorneys representing Hennepin County Medical Center notified the family of George Floyd that certain records relating to George Floyd had been inappropriately accessed by certain employees. Details about the types of records viewed by the employees, the individuals involved, and their positions at Hennepin County Medical Center were not disclosed. Antonio Romanucci and the family’s legal team issued a statement to the Star Tribune saying they are currently “exploring all remedies” to “make this right and make the family whole for...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist