25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

eHI and CDT Collaborate to Develop Consumer Privacy Framework for Health Data not Covered by HIPAA
Feb14

eHI and CDT Collaborate to Develop Consumer Privacy Framework for Health Data not Covered by HIPAA

The eHealth Initiative (eHI) and the Center for Democracy & Technology (CDT) have joined forces to develop a new consumer privacy framework for health data not covered by Health Insurance Portability and Accountability Act Rules. Personally identifiable health data collected, stored, maintained, processed, or transmitted by HIPAA-covered entities and their business associates is subject to the protections of the HIPAA Privacy and Security Rules. If the same data is collected, stored, maintained, processed, or transmitted by a non-HIPAA covered entity, those protections are not required by law. Currently health data is collected, stored, and transmitted by health and wellness apps, wearable devices, and informational health websites, but without HIPAA-like protections the privacy of consumer health data is put at risk. eHI and CDT have received funding for the new initiative, Building a Consumer Privacy Framework for Health Data, from the Robert Wood Johnson Foundation. They have already formed a Steering Committee for Consumer Health Privacy consisting of experts and leaders...

Read More

Malware Attack Disables Servers at Physician Network Affiliated with Boston Children’s Hospital

On Monday, February 10, 2020, Pediatric Physicians’ Organization at Children’s (PPOC), a physician group affiliated with Boston Children’s Hospital, experienced a malware attack that caused a system outage which prevented its 500+ pediatricians, nurse practitioners, and physician assistants from accessing patient data and scheduling calendars. PPOC has approximately 200 servers, 11 of which were impacted by the attack. IT teams at PPOC and Boston Children’s Hospital worked swiftly to contain the malware and the affected servers have now been quarantined. Servers unaffected by the attack were shut down as a precautionary measure. Boston Children’s Hospital issued a statement confirming its systems were unaffected by the attack. Patients were advised to reschedule non-urgent appointments as health records cannot be accessed until the malware is removed and the servers are brought back online. Children’s Hospital issued a statement on Wednesday saying progress was being made restoring the servers, but it was still unclear how long the recovery process would take. PPOC has...

Read More

Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016

A new study by Comparitech has shed light on the extent to which ransomware has been used to attack healthcare organizations and the true cost of ransomware attacks on the healthcare industry. The study revealed there have been at least 172 ransomware attacks on healthcare organizations in the United States in the past three years. 1,446 hospitals, clinics, and other healthcare facilities have been affected as have at least 6,649,713 patients. 2018 saw a reduction in the number of attacks, falling from 53 incidents in 2017 to 31 in 2018, but the attacks increased to 2017 levels in 2019 with 50 reported attacks on healthcare organizations. 74% of healthcare ransomware attacks since 2016 have targeted hospitals and health clinics. The remaining 26% of attacks have been on other healthcare organizations such as nursing homes, dental practices, medical testing laboratories, health insurance providers, plastic surgeons, optometry practices, medical supply companies, government healthcare providers, and managed service providers. Ransom demands can vary considerably from attack to...

Read More

$1.77 Billion Was Lost to Business Email Compromise Attacks in 2019

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) has published its 2019 Internet Crime Report. The report shows losses to cybercrime exceeded $3.5 million in 2019. More than half of the losses were due to business email compromise (BEC) attacks. BEC, also known as email account compromise (EAC), involves the impersonation of a legitimate person or company to obtain money via email. These sophisticated scams often start with a phishing attack on an executive to obtain email credentials. The email account is then used to send a wire transfer request to an individual in the company with access to corporate bank accounts. Sometimes this step is skipped and the attackers simply spoof an individual’s email account. While BEC attacks mostly involve wire transfer requests, in 2019 there was an increase in attacks on human resources and payroll departments to divert employee payroll funds to attacker-controlled pre-paid card accounts. The potential profit from such an attack is lower than a wire transfer request, but changes to payroll are less likely to be...

Read More
Hospital Sisters Health System Email Breach Impacts 16,167 Patients
Feb12

Hospital Sisters Health System Email Breach Impacts 16,167 Patients

Hospital Sisters Health System has recently discovered an email security breach in August 2019 potentially resulted in unauthorized individuals gaining access to access emails and email attachments containing the protected health information of 16,167 patients. Hospital Sisters Health System is a 15-hospital health system serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized individuals gained access to the email accounts of several employees. Prompt action was taken to secure the affected email accounts by changing passwords and a leading computer forensic firm was retained to investigate the breach and determine whether the compromised accounts contained patient information. On December 2, 2019, Hospital Sisters Health System was informed that patient information had potentially been accessed by the attackers. The compromised email accounts were found to contain patient names, birth dates, and a limited amount of clinical information. Some patients also had their health insurance information, Social Security number, and/or driver’s...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist