At a glance.
- Michigan healthcare system succumbs to phishing scam.
- Meta temporarily banned from tracking Norwegian user behavioral data.
Michigan healthcare system succumbs to phishing scam.
A data breach at US nonprofit healthcare organization Henry Ford Health has exposed the data of 168,000 patients, WDIV reports. The health system, which is based in the US state of Michigan, informed patients yesterday that the breach stemmed from an email phishing scam that allowed the intruder to gain access to three business email accounts last March. However, the breach wasn’t discovered until May. The potentially compromised data include name, gender, date of birth, lab results, procedure type, diagnosis, date of service, telephone number, and medical record number. Henry Ford released a statement explaining, “We quickly discovered the unauthorized access, secured the accounts and the threat, and then launched a thorough investigation. We are doing everything that’s required by privacy laws to alert potentially impacted patients, as well as enhancing our already rigorous security measures and providing additional training to our team members.”
Meta temporarily banned from tracking Norwegian user behavioral data.
The Norwegian Data Protection Authority has decided to temporarily prohibit Facebook and Instagram parent company Meta from serving Norwegian users personalized ads based on their behavioral data. The order follows a decision made earlier this year by the Court of Justice of the European Union determining that Meta was unlawfully collecting user data for targeted ads without explicit consent. Norway's Datatilsynet agency says the platforms’ current advertising practices include the "processing of very private and sensitive personal data through highly opaque and intrusive monitoring and profiling operations.” The ban starts on August 4 and will last three months, and the tech giant could face daily fines of 1 million Norwegian Krone (€89,500) for noncompliance. POLITICO explains that customized ads will be allowed, but only based on data the user voluntarily shares in the "about" section of their profile. That said, the order could be lifted if Meta uses a method of legally processing personal data and allows users the right to opt out of targeted advertising. In response to the ban, Meta spokesperson Matt Pollard stated, “We continue to constructively engage with the Irish DPC, our lead regulator in the EU, regarding our compliance with its decision. We will review the Norway DPA’s decision, and there is no immediate impact to our services.” The action makes Norway the first country to restrict Meta’s data tracking since the Irish Data Protection Commission (DPC) fined the company €390 million in January after determining that its business practices infringe Europeans' privacy rights. (Meta appealed the decision.) Ireland’s DPC, which oversees Meta under the General Data Protection Regulation (GDPR) for all of the EU, has asked other European authorities to submit their views on Meta’s user data practices, and whether they are compliant with the GDPR, by July 21.