25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Agent Tesla Trojan Distributed in COVID-19 Phishing Campaign Offering PPE

A sophisticated COVID-19 themed phishing campaign has been detected that spoofs chemical manufacturers and importers and exporters offering the recipient personal protective equipment (PPE) such as disposable face masks, forehead temperature thermometers, and other medical supplies to help in the fight against COVID-19. The campaign was detected by researchers at Area 1 Security, who say the campaign has been active since at least May 2020 and has so far targeted thousands of inboxes. The threat actors behind the campaign regularly change their tactics, techniques, and procedures (TTPs) to evade detection by security tools, typically every 10 days. The threat actors regularly rotate IP addresses for each new wave of phishing emails, frequently change the companies they impersonate, and revise their phishing lures. In several of the intercepted emails, in addition to spoofing a legitimate company, the names of real employees along with their email addresses and contact information are used to add legitimacy. The emails use the logos of the spoofed companies and the correct URL of...

Read More

Konica Minolta Settles EHR False Claims Case for $500,000

Konica Minolta Healthcare Americas Inc. has agreed to pay a $500,000 financial penalty to settle a case against its former subsidiary, Viztek LLC, to resolve False Claims Act violations related to its electronic health record (EHR) product. The American Recovery and Reinvestment Act of 2009 established the Medicare & Medicaid EHR Incentive Programs to encourage healthcare providers to adopt a certified EHR. Healthcare providers that adopted a certified EHR were entitled to claim incentive payments to offset the cost purchasing the solution, provided they were able to demonstrate meaningful use of the EHR technology. Companies that developed and marketed EHR solutions were required to demonstrate that their products met the HHS-adopted criteria and obtain certification for their solutions. According to a Viztek whistleblower, a former product manager at the company, Viztek and Konica Minolta Healthcare had falsified testing results of the Viztek solution, EXA EHR, in 2015 and misrepresented the capabilities of the product. Konica Minolta acquired Viztek in October 2015 during...

Read More

Utah Pathology Services Email Breach Potentially Affects 112,000 Patients

Utah Pathology Services has announced an unauthorized individual has gained access to the email account of an employee and attempted to redirect funds from Utah Pathology. The breach was detected promptly, the compromised email account was secured, and the attempted fraud was unsuccessful and did not involve any patient information. Independent IT and forensic investigators were engaged to assist with the investigation and help determine the extent of the breach. The investigation is ongoing, but it has now been confirmed that the compromised email account contained the personal and protected health information of 112,124 patients. The purpose of the attack appears to have been to redirect funds to an account under the control of the attacker, rather than to steal patient data; however, the possibility of data theft could not be ruled out and affected individuals are now being notified about the breach. The compromised email account contained the following types of information in addition to patient names: Gender, date of birth, mailing address, phone number, email address, health...

Read More
Radiology Groups Issue Warning About PHI Exposure in Online Medical Presentations
Aug28

Radiology Groups Issue Warning About PHI Exposure in Online Medical Presentations

The American College of Radiology, the Society for Imaging Informatics in Medicine, and the Radiological Society of North America have issued a warning about the risk of accidental exposure of protected health information (PHI) in online medical presentations. Healthcare professionals often create presentations that include medical images for educational purposes; however, care must be taken to ensure that protected health information is not accidentally exposed or disclosed. Medical images contain embedded patient identifiers to ensure the images can be easily matched with the right patient but advances in web crawling technology is now allowing that information to be extracted, which places patient privacy at risk. The web crawling technology used by search engines such as Google and Bing have enabled the large-scale extraction of information from previously stored files. Advances in the technology now allow information in slide presentations that was previously considered to be de-identified to be indexed, which can include patient identifiers. Source images can be extracted...

Read More

Former Nursing Home Employee Accused of Defrauding Residents Out of $25,000

A former nursing home employee has been accused of stealing the identities of dozens of nursing home residents and using their accounts to pay her bills. The woman, Anna Zur, 39, of Franklin Park, IL, previously worked in the corporate office of a care facility and abused her access rights to residents’ information to obtain documents and financial information, which she sent to a personal email account. She has been accused of stealing the identities of residents and using their accounts to purchase goods and services and pay her bills. The Palos Heights Police Department conducted a year-long investigation into cases of identity theft and fraud and issued a warrant for the woman’s arrest. She was taken into custody on August 26, 2020 and has been charged with felony counts of wire fraud and continuing a financial crimes enterprise. The woman has been linked to 35 cases of identity theft and is alleged to have defrauded individuals out of $25,000. Patient Data Stolen in Ventura Orthopedics Ransomware Attack The Californian healthcare provider Ventura Orthopedics has experienced a...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist