25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Spacelabs Xhibit Telemetry Receiver and GE Healthcare Ultrasound Products Vulnerabilities Reported

A critical vulnerability has been identified in the Xhibit Telemetry Receiver and GE Healthcare has issued an advisory about a flaw in its ultrasound products. Xhibit Telemetry Receiver Vulnerable to Critical BlueKeep Windows Vulnerability The Xhibit Telemetry Receiver (XTR), Model number 96280, v1.0.2 and all versions of the now unsupported Xhibit Arkon (99999) are vulnerable to the critical BlueKeep Remote code execution vulnerability. The vulnerability – CVE-2019-0708 – affects the Remote Desktop Protocol feature of the underlying Microsoft Windows operating system. The flaw can be exploited by sending specially crafted packets to Windows operating systems that have RDP enabled. The vulnerability is pre-authentication and no user interaction is required to exploit the flaw. The BlueKeep vulnerability is also worm-able. Malware could be developed to exploit the vulnerability allowing propagation to other vulnerable systems, as was the case with the WannaCry ransomware attacks in 2017. Successful exploitation would allow a remote attacker to add accounts with full user...

Read More

MyEyeDr. Patients Notified of Ransomware Attack and Improper Disposal Incident

MyEyeDr. Optometry of Colorado P.C, a network of vision care offices, is notifying 1,475 Colorado residents that some of their protected health information was potentially compromised prior to a recent ransomware attack. Certain MyEyeDr. systems were accessed by the attacker on December 11, 2019 and ransomware was downloaded and deployed. Steps were immediately taken by MyEyeDr. to prevent further unauthorized access and restore all affected records. The ransom was not paid. While it was possible to restore the majority of encrypted data, some files could not be recovered and remain encrypted. A third-party computer forensics firm was engaged to investigate the attack and determine whether any data had been stolen prior to file encryption. The forensics firm found no evidence to suggest data had been exfiltrated and the attack is believed to have only involved file encryption with a view to extorting money from MyEyeDr. A review of the affected systems revealed they contained patient information such as names, dates of birth, diagnoses, clinical information, and treatment...

Read More

Wise Health System Notifies 66,934 Patients of Phishing Attack

Wise Health System in Decatur, TX, is notifying 66,934 patients that some of their protected health information was potentially compromised in a phishing attack that occurred on March 14, 2019. Wise Health System previously reported the phishing attack to the Department of Health and Human Services’ Office for Civil Rights on July 13, 2019 as having affected 35,899 individuals. That total has now been updated following the completion of a data audit. The data audit commenced in June 2019 and has only just been completed. New notifications started to be sent to affected patients on February 13, 2020. In March 2019, several employees responded to phishing emails and disclosed their account credentials. The attackers used those credentials to access the Employee Kiosk and attempted to reroute payroll direct deposits. Wise Health System reports that attempts were made to reroute approximately 100 direct deposit payments. Security protocols required two checks to be issued to employees following a change to direct deposit information. This security measure was key to identifying the...

Read More

Senator Gillibrand Proposes Data Protection Act and Creation of Federal Data Protection Agency

Senator Kirsten Gillibrand has introduced a new Senate bill – the Data Protection Act – to create new standards for data privacy and give consumers more rights over their personal data. Currently, consumer data is collected and used by a vast number of companies. That personal information has, in many cases, been collected without the knowledge of consumers and is being exploited for profit. The California Consumer Privacy Act (CCPA) has given Californian consumers greater rights over their personal data, but most U.S. consumers can do little about the collection, use, and sale of their personal data. Sen. Gillibrand’s Data Protection Act is intended to bring the protection of [consumer] privacy and freedom into the digital age.” The Data Protection Act calls for the creation of a new consumer watchdog agency – the Data Protection Agency (DPA) – which will be tasked with protecting the data of consumers, safeguarding their privacy, and ensuring data practices are fair and transparent. The Director of the DPA would be appointed by the president, confirmed by the Senate, and...

Read More
OIG Audit Reveals Widespread Improper Use of Medicare Part D Eligibility Verification Transactions
Feb17

OIG Audit Reveals Widespread Improper Use of Medicare Part D Eligibility Verification Transactions

An audit conducted by the Department of Health and Human Services’ Office of Inspector General (OIG) has revealed many pharmacies and other healthcare providers are improperly using Medicare beneficiaries’ data. OIG conducted the audit at the request of the HHS’ Centers for Medicare and Medicaid Services (CMS) to determine whether there was inappropriate access and use of Medicare recipients’ data by mail-order and retail pharmacies and other healthcare providers, such as doctors’ offices, clinics, long-term care facilities, and hospitals. CMS was concerned that a mail order pharmacy and other healthcare providers were misusing Medicare Part D Eligibility Verification Transactions (E1 transactions), which should be only be used to verify Medicare recipients’ eligibility for certain coverage benefits. OIG conducted the audit to determine whether E1 transactions were only being used for their intended purpose. Since E1 transactions contain Medicare beneficiaries’ protected health information (PHI), they could potentially be used for fraud or other malicious or inappropriate purposes....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist