25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Singing River Health System Investigating Cyberattack
Dec31

Singing River Health System Investigating Cyberattack

Singing River Health System, the largest health system on the Mississippi Gulf Coast, has announced that action has been taken to address a cyber incident, which was identified in the early stages of the attack. Per its incident response procedures, internet access was cut while the incident was investigated, and access to the MyChart patient portal was temporarily blocked. The threat was determined to have been mitigated, as access to the MyChart portal has now been restored. The investigation into the incident is ongoing, and it has yet to be determined if the attack was blocked in time to prevent unauthorized access to patient records. This is the second known attack on the health system in the past two years. In 2023, the health system experienced a Rhysida ransomware attack that involved unauthorized access to the protected health information of 895,000 individuals. Update: Almost 54,000 individuals were affected by the incident. Consonus Healthcare Services, Oregon Consonus Healthcare Services in Milwaukie, OR, part of the senior living chain Marquis Companies, has...

Read More
AllerVie Health Patients Affected by Ransomware Attack
Dec31

AllerVie Health Patients Affected by Ransomware Attack

AllerVie Health, a Frisco, TX-based provider of allergy and immunology services, has announced a security incident that exposed personally identifiable information. Unusual network activity was identified on November 2, 2025, and an investigation was launched to determine the cause of the activity. The investigation confirmed unauthorized access to its network between October 24, 2025, and November 3, 2025, and during that time, “a limited amount of information was subject to unauthorized access.” The file review revealed on November 24, 2025, that names, Social Security numbers, driver’s license numbers, and state identification numbers were involved. The affected individuals were notified by mail on December 22, 2025, and have been offered complimentary credit monitoring and identity theft protection services. Allervie Health said it has reviewed its policies and procedures related to data protection. The number of affected individuals has yet to be confirmed. While not stated by Allervie Health in its notification letters, this appears to have been a ransomware attack by the...

Read More
Artemis Healthcare Falls Victim to Ransomware Attack
Dec30

Artemis Healthcare Falls Victim to Ransomware Attack

Tennessee-based Artemis Healthcare has experienced a ransomware attack involving data theft, and email account breaches have been announced by Greater St. Louis Oral & Maxillofacial Surgery in Missouri and St. John’s Riverside Hospital in New York. Artemis Healthcare, Tennessee Artemis Healthcare in Nashville, Tennessee, has recently announced a data security incident that was identified on May 31, 2025. According to the notification sent to the Vermont Attorney General, Artemis Healthcare confirmed that it was the target of a ransomware group, which accessed its network from May 5, 2025, to May 31, 2025. The investigation confirmed on September 12, 2025, that the ransomware group accessed personally identifiable and protected health information, including names, addresses, dates of birth, Social Security numbers, and health information. The Crypto24 ransomware group took responsibility for the attack and claimed on its dark web data leak site to have exfiltrated 1 terabyte of data, including image files for millions of patients. The stolen data has been leaked, indicating the...

Read More
New HIPAA Regulations in 2026
Dec30

New HIPAA Regulations in 2026

New HIPAA regulations may be implemented in 2026, such as the proposed update to the HIPAA Privacy Rule, a final rule for which is long overdue. An update to the HIPAA Security Rule was proposed in January 2025, and OCR has pencilled in a May 2026 date for issuing a final rule implementing the HIPAA Security Rule updates, although it is up to the current administration to determine whether a final rule will be issued. New HIPAA regulations were implemented in 2024 when a final rule was published updating the HIPAA Privacy Rule to strengthen reproductive health care privacy, and a final rule was published aligning the Part 2 regulations more closely with HIPAA, although in June 2025, the HIPAA Privacy Rule to strengthen reproductive health care privacy was vacated nationally by a Texas judge. This article explains the implemented and proposed new HIPAA regulations and can be used in conjunction with our HIPAA compliance checklist to help better understand how the HIPAA updates for 2026 may impact HIPAA compliance. Please use the form on this page to request your free copy of the...

Read More
New Liberty Hospital; New York Blood Center; Memorial Blood Centers Settle Data Breach Lawsuits
Dec30

New Liberty Hospital; New York Blood Center; Memorial Blood Centers Settle Data Breach Lawsuits

New Liberty Hospital in Missouri, Memorial Blood Centers in Minnesota, and the New York Blood Center have settled class action lawsuits over cyberattacks that exposed patient data. New Liberty Hospital Corporation A $1,500,000 settlement has received preliminary approval from the court to resolve a class action lawsuit against Liberty Hospital in Missouri over a 2023 data breach involving the protected health information of 264,541 individuals. Liberty Hospital experienced a cyberattack on or around December 19, 2023. While it is unclear if data was encrypted in the attack, a ransom note was received, and the attacker claimed to have downloaded sensitive data from its network. The investigation confirmed that protected health information had been accessed and potentially obtained in the attack, including names, addresses, email addresses, telephone numbers, dates of birth, medical records, medical treatment information, diagnoses, Social Security numbers, and health insurance information. The affected individuals were notified on or around February 8, 2024. The first class action...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist