25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

FBI and CISA Issue Joint Warning About Vishing Campaign Targeting Teleworkers

An ongoing voice phishing (vishing) campaign is being conducted targeting remote workers from multiple industry sectors. The threat actors impersonate a trusted entity and use social engineering techniques get targets to disclose their corporate Virtual Private Network (VPN) credentials. The Federal Bureau of Investigation (FBI) and the DHS Cybersecurity and infrastructure Security Agency (CISA) have issued a joint advisory about the campaign, which has been running since mid-July. The COVID-19 pandemic forced many employers to allow their entire workforce to work from home and connect to the corporate network using VPNs. If those credentials are obtained by cybercriminals, they can be used to access the corporate network. The threat group first purchases and registers domains that are used to host phishing pages that spoof the targeted company’s internal VPN login page and SSL certificates are obtained for the domains to make them appear authentic. Several naming schemes are used for the domains to make them appear legitimate, such as [company]-support, support-[company], and...

Read More

Federal Judge Dismisses Heritage Valley Health System NotPetya Lawsuit Against Nuance Communications

In 2019, Beaver, PA-based Heritage Valley Health System filed a lawsuit against its vendor Nuance Communications over its NotPetya malware attack in 2017. The lawsuit was recently dismissed by a federal judge for the US District Court of the Western District of Pennsylvania. The NotPetya attacks occurred a short time after the WannaCry ransomware attacks in 2017 and targeted the same vulnerability in Windows Server Message Block (SMB). NotPetya encrypted the master boot record of infected computers, rendering them unusable. The attacks occurred in June 2017, more than three months after Microsoft released a patch to fix the SMB vulnerability that was exploited in the attacks. The cyberattack on Nuance Communications saw 14,800 servers and 26,000 workstations encrypted by NotPetya. The extent of the damage meant 7,600 servers and 9,000 workstations needed to be replaced. Heritage Valley Health System was also affected by the attack, with the investigation revealing the malware had spread to the health system’s computer network via a trusted virtual private network (VPN) connection...

Read More

Global Cloud Budget Survey Reveals Complexity of IT Spend Management

Rackspace has published the findings from its Global Cloud Budget Survey, revealing some of the key challenges companies have managing their IT and cloud spending. The survey, Technology Budgets: Managing Shifting Priorities, explored the proliferation of IT budget management across organizations. With many groups within an organization being given part of the IT budget it has become difficult for organizations to have visibility into how the It budget is being spent, making it difficult to control costs. This is especially true of cloud costs. The survey revealed cloud environments were not subject to appropriate governance and optimization, resulting in considerable waste and excessive spending. 50% of IT decision makers who took part in the survey lacked a basic understanding of cloud cost governance and cloud cost optimization. As a result, the companies are at risk of cloud sprawl – excess machines and workloads running in the cloud, oftentimes without the knowledge of the company. All companies that fail to monitor and manage their cloud environment face a high risk of cloud...

Read More

Millions of Devices Affected by Vulnerability in Thales Wireless IoT Modules

A vulnerability in components used in millions of IoT devices could be exploited by hackers and used to steal sensitive information and gain control of vulnerable devices, which could then be used in attacks on internal networks. Thales components are used by more than 30,000 companies, whose products are used across a broad range of industry sectors including energy, telecommunications, and healthcare. The flaw exists in the Cinterion EHS8 M2M module, along with several other products in the same line (BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, PLS62). The embedded modules provide processing power and allow devices to send and receive data over wireless mobile connections. The module is also used as a digital secure repository for sensitive information such as passwords, credentials and operational code. The flaw would allow an attacker to gain access to the contents of that repository. X-Force Red researchers discovered a method for bypassing security measures protecting code and files in the EHS8 module. “[The modules] store and run Java code, often containing confidential...

Read More

New FritzFrog P2P Botnet Targets SSH Servers of Banks, Educational Institutions, and Medical Centers

A new peer-to-peer (P2P) botnet has been discovered that is targeting SSH servers found in IoT devices and routers which accept connections from remote computers. The botnet, named FritzFrog, spreads like a computer worm by brute forcing credentials. The botnet was analyzed by security researchers at Guardicore Labs and was found to have successfully breached more than 500 servers, with that number growing rapidly. FritzFrog is modular, multi-threaded, and fileless, and leaves no trace on the machines it infects. FritzFrog assembles and executes malicious payloads entirely in the memory, making infections hard to detect. When a machine is infected, a backdoor is created in the form of an SSH public key, which provides the attackers with persistent access to the device. Additional payloads can then be downloaded, such as a cryptocurrency miner. Once a machine is compromised, the self-replicating process starts to execute the malware throughout the host server. The machine is added to the P2P network, can receive and execute commands sent from the P2P network, and is used to...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist