25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Assured Imaging Ransomware Attack Affects Almost 245,000 Patients

Tucson, AZ-based Assured Imaging, a subsidiary of Rezolut Medical Imaging and provider of Health Screening and Diagnostic Services, has announced it has suffered a ransomware attack that resulted in the encryption of its medical record system. Assured Imaging discovered the attack on May 19, 2020 and worked quickly to stop any further unauthorized access and restore the encrypted data. Assisted by a third-party computer forensics firm, Assured Imaging investigated the ransomware attack to determine the scope of the breach. The investigation revealed an unauthorized individual gained access to its systems between May 15, 2020 and May 17, 2020 and exfiltrated “limited data” prior to the deployment of ransomware. The forensic investigation confirmed data had been stolen but it was not possible to determine exactly what information was exfiltrated by the attackers. A review was conducted to identify all types of information that could potentially have been accessed. The compromised system was found to contain full names, addresses, dates of birth, patient IDs, facility used, treating...

Read More
California Senate Passes Bill Establishing the Genetic Information Privacy Act
Sep03

California Senate Passes Bill Establishing the Genetic Information Privacy Act

A bill (SB-980) that establishes the Genetic Information Privacy Act has been passed by the California Senate and now awaits California Governor Gavin Newsom’s signature. The Genetic Information Privacy Act will introduce new requirements for companies offering direct-to-consumer genetic tests to protect consumer privacy and safeguard personal and genetic data. Currently, direct-to-consumer genetic testing services are largely unregulated. There is concern that the practices of companies that offer these services could potentially expose sensitive genetic information and that outside parties could exploit the use of genetic data for questionable purposes, such as mass surveillance, tracking individuals without authorization, or disclose genetic data resulting in discrimination against certain individuals. In contrast to many elements of “protected health information”, genomic data is stable and undergoes little change over the lifetime of an individual, so any disclosures of genetic data could have life-long consequences for the individual concerned. The Genetic Information Privacy...

Read More

56,000 Northwestern Memorial HealthCare Donors Impacted by Blackbaud Ransomware Attack

Northwestern Memorial HealthCare has discovered the personal information of individuals who had previously made donations to Northwestern Memorial HealthCare was potentially compromised in the recent Blackbaud ransomware attack. An unauthorized individual first gained access to Blackbaud systems on February 7, 2020, with the access possible until May 20,2020 when ransomware was deployed. Prior to the use of ransomware, the attacker may have accessed a backup of a database that contained names, age, gender, dates of birth, medical record number, dates of service, departments of service, treating physicians, and/or limited clinical information. The database also contained the Social Security numbers and/or financial/payment card information of 5 individuals. In total, the information of 55,983 Northwestern Memorial HealthCare donors was potentially compromised in the attack. Northwestern Memorial HealthCare is conducting a review of its third-party database storage vendors and its relationship with Blackbaud in order to prevent similar data breaches in the future. Names and Health...

Read More

Cisco Warns of Active Exploitation of Zero Day Flaws in IOS XR Software Used by Cisco Carrier-Grade Routers

Two zero-day vulnerabilities in the IOS XR software used by Cisco Network Converging System carrier-grade routers are being actively exploited by hackers. The first attempts at exploitation of the vulnerabilities were detected by Cisco on August 25, 2020. While patches have yet to be released by Cisco to correct the vulnerabilities, there are workarounds that can be used to reduce the risk of the vulnerabilities being exploited. The vulnerabilities, tracked as CVE-2020-3566 and CVE-2020-3569, are present in the distance vector multicast routing protocol (DVMRP) and affect all Cisco devices that use the IOS XR version of its Internetworking Operating System, if the software has been configured to use multicast routing. Multicast routing is used to save bandwidth and involves sending certain data in a single stream to multiple recipients. An unauthenticated attacker could exploit the flaws to exhaust the process memory of a device by remotely sending specially crafted internet group management protocol (IGMP) packets to the device. If the flaws are successfully exploited it would...

Read More
TigerSchedule Automated On-Call Physician Scheduling Added to TigerConnect CC&C Platform
Sep01

TigerSchedule Automated On-Call Physician Scheduling Added to TigerConnect CC&C Platform

TigerConnect has announced it has acquired Adjuvant’s Call Scheduler solution, which has now been incorporated into the TigerConnect clinical communication and collaboration (CC&C) platform as TigerSchedule™. The Call Scheduler solution adds innovative on-call physician scheduling capabilities to the TigerConnect platform, allowing users to automate on-call and work assignments, improve efficiency, and bolster collaboration across complex healthcare teams. Close collaboration between clinicians is vital in healthcare and has become even more so during the COVID-19 era, as has the need to improve efficiency and cut costs with the revenue challenges caused by the pandemic. TigerSchedule™ is a rules-based automated physician scheduling solution which has been made available as a standalone solution and also part of the TigerConnect Platform. The Adjuvant-developed solution already has an extensive user base in the United States, having been adopted by a wide range of healthcare organizations from care centers including Huntsville Memorial Hospital and Community Hospital of the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist