On July 23 and 25, 2018, the U.S. Department of Homeland Security (DHS) held public briefings about an attempt by a state-sponsored Russian hacking group to target control systems for U.S. electrical grids and power plants. DHS’ webinar explained that the hackers obtained access to vendors providing computer services to electric utilities companies. This initial access enabled the hackers to gain entry to power company control systems through a complex series of security compromises lasting quite some time.

Alexis Wilpon (US)
US Supreme Court expands digital privacy rights in Carpenter v. United States
On June 22, 2018, the US Supreme Court issued a 5-4 decision in Carpenter v. United States, holding that the federal government needs a warrant to access cellphone location records.
In the decision, the Court agreed that there should be a higher standard for accessing location records due to their intrusive nature.
Uber as a HIPAA business associate
Uber recently announced the launch of Uber Health, a non-emergency ride service that allows healthcare providers to schedule and pay for transportation for their patients. The stated purpose of the service is to expand medical transportation to traditionally underserved areas. Roughly 3.6 million Americans miss medical appointments each year due to lack of reliable transportation, contributing to the roughly $150 billion per year the healthcare industry loses due to missed appointments.
US HHS OCR issues cyber extortion newsletter
This week, the US Department of Health and Human Services HHS Office for Civil Rights published a January 2018 newsletter focusing on cyber extortion.…
European Commission issues new GDPR guidance
The GDPR will come into force exactly four months from Thursday. In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR. While much of the guidance is already known to privacy professionals, there are new insights as well.