It’s been a busy week in the world of I.T. and Tech, with the Labour Party hit by not one but two cyberattacks in as many days. Google is also under investigation for its processing of patient data and Spain’s largest radio network has been held to ransom for Bitcoin. In case you missed the comings and goings, here’s our roundup of some of the biggest stories of the week.
Labour Party hit by two cyberattacks
We reported earlier in the week that the Labour Party was hit by a “very serious cyberattack.” Further information has now emerged and it appears that the party, which is in the middle of election campaigning, was hit by a second attack on Tuesday afternoon. Labour claims that both attacks were thwarted and the integrity of its data was maintained.
It has also been reported that donor names were revealed online. However, the party claims that only a very small number of full names were revealed. In most cases, this was limited to a sum and first name.
While alarming for the political party, the attack was not sophisticated, and it is not thought to have come from a state backed agency. Emily Orton, a cybersecurity expert said: "Really this is the tip of the iceberg in terms of the types of threats that, not just the Labour Party, but all political parties are going to be without a doubt experiencing on a daily basis."
Orton added; “I think anyone involved in politics and in government needs to be preparing themselves for a lot more stealthy, sophisticated attacks than this.” Read more here.
Spanish radio network hit by huge ransomware attack
Spain’s largest radio network, Cadena SER (Sociedad Española de Radiodifusión), has been hit by a ransomware attack. The hackers behind it are demanding a €750,000 of Bitcoin to decrypt systems.
It’s thought that the attack could be related to Everis, one of Spain’s largest managed service providers, which was hit at the same time. A note sent to Everis warned against disclosing the contacts of the attackers, which reportedly change from note to note. Cadena SER’s is thought to be affected as it is a client of Everis.
Telecoms provider Orange has cut off Everis’ access to its network, in order to prevent the ransomware attack from infecting it. INCIBE, the country’s national cybersecurity institute is helping it restore systems.
It seems the attack occurred after an Everis employee clicked on a link in a fraudulent email, which asked him to sign a petition. Everis employees revealed that when they attempted to implement a patch to fix its vulnerabilities their screens turned black “because of an antivirus rule.” The attack is ongoing as security researchers have yet to decrypt the affected machines.
Google under investigation for “Project Nightingale”
A report this week revealed that internet giant Google is to be investigated over how it is accessing US patient data via a major health firm. This coincides with an investigation by the Financial Times which revealed how popular health websites in the UK frequently shared personal data with companies including Google, Amazon and Facebook.
The US Department of Health and Human Services will examine the details of a deal between Google and US based Ascension - which runs almost 300 hospitals in the states. Dubbed "Project Nightingale", the deal has been criticised as the Wall Street Journal revealed it will allow Google to access patient data without permission.
Google has responded saying that patient data will remain "secure". In a blog post, the tech giant claimed that the deal "adheres to industry-wide regulations" and that access to patient data by its employees was controlled. It went on to say that patient data would not be combined with customer data from other parts of its business.
In the UK, websites such as WebMD and Bupa use cookies that allow other companies to track users’ activity on the web. The data shared from health websites include medical symptoms, diagnoses, and menstrual and fertility information, as well as the names of drugs. Google has said it has strict policies preventing advertisers from using sensitive data to target ads.
Those were some of this week’s top stories but if you want more content, follow us across our four social media channels:
Request for Information