Data Protection News Update 10 June 2024

United Kingdom

London hospital services impacted by ransomware incident

  • A ransomware incident is having significant impact on the delivery of services in some of London’s busiest hospitals, such as Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in South East London.
  • Synnovis, a provider of lab services, was the victim of the incident, according to a spokesperson for the state-run National Health Service (NHS) England.
  • The health service said it was working urgently with the country’s main cybersecurity agency, the National Cyber Security Centre (NCSC) and its own cyber operations team to fully understand the impact of this incident.

United States

New York lawmakers pass measure to protect youths on social media

  • New York state lawmakers on Friday passed legislation to bar social media platforms from exposing “addictive” algorithmic content to users under the age of 18 without parental consent.
  • A companion bill to restrict online sites from collecting and selling the personal data of underage users also gained final legislative approval in the New York Assembly on Friday.
  • Governor Kathy Hochul hailed the two measures as a “historic step forward in our efforts to address the youth mental health crisis and create a safer digital environment for young people.”

Lawsuit over Change Healthcare data breach centralised in Minnesota

  • A federal panel on Friday centralised lawsuits accusing UnitedHealth Group’s Change Healthcare payment processing unit of failing to protect personal data from February’s cyber-attack in Minnesota.
  • The federal Judicial Panel on Multidistrict Litigation said in an order on Friday that Minnesota is the most logical venue as that is where UnitedHealth is based and where several cases are already pending.
  • Change processes about half the medical claims in the United States, and an American Hospital Association survey found that 94% of the hospitals reported damage to their cash flow as a result of the attack.
  • The lawsuit accuses the company of negligence and are seeking damages to compensate providers for their losses and consumers for the cost of credit monitoring and potential identity theft.

Europe

Advocacy group accuses Microsoft of shifting child data role onto schools

  • Microsoft is shifting its responsibilities for children’s personal data onto schools who are not equipped to cope, according to complaints filed to Austria’s privacy watchdog on behalf of advocacy group NOYB (None of Your Business).
  • NOYB’s gripes centre on Microsoft’s 365 Education suite of software programmes for students that include Word, Excel, Microsoft Teams, PowerPoint, and Outlook.
  • The group alleges that Microsoft shifts its responsibilities as a data controller to process users’ personal data under the GDPR to schools, which do not hold necessary data, as well as the cookies installed in 365 Education, which appears to track users regardless of their age.
  • NOYB urged the Austrian Data Protection Authority to investigate its complaints and fine Microsoft.

Spain tightens protections for children on smartphones

  • Spain announced measures to ensure parental controls on smartphones by default as part of new steps to protect children from the harmful effects of social media.
  • The government will also criminalise the creation of “deepfake” AI-generated images involving sexual content and the sharing of pornographic material with children.
  • The age of data protection consent will be raised from 14 to 16 and a digital restraining order which bans certain people from contacting others online, is to be introduced.
  • The government also intends to roll out a national education campaign for children and teenagers to help them navigate social media and training for teachers and healthcare staff in identifying those struggling with it.

International

Canada does not have the tools to fight cybercrime, says watchdog

  • Canada’s federal government does not have the capacity and tools to effectively fight cybercrime in part because of excessive bureaucracy and staff shortages, the country’s top watchdog says.
  • In an official report, Auditor General Karen Hogan said she found breakdowns in response, coordination, tracking, and information sharing between and across the organisations responsible for protecting Canadians.
  • Last August, Canada’s national signal intelligence agency said organised cybercrime was set to pose a threat to national security and economic prosperity over the next two years.
  • In response, Public Safety Minister Dominic LeBlanc said Ottawa would soon launch a new strategy to protect economic interests from cyber threats.

Australia’s Northern Minerals says some company data leaked

  • Rare earths miner Northern Minerals said some of the company’s data has been compromised and released on the dark web from the cyberattack it faced in late March this year.
  • The data leak includes the firm’s corporate, operational, and financial information, details relating to current and former personnel, and some shareholder information.
  • The breach did not have a material impact on its operations or broader systems, and the company said that it has reviewed its processes and implemented actions to strengthen its systems.

Share:

More Posts

Send Us A Message