The round-up of the stories that a budding Student Lawyer should be aware of this week. Sign up here to get these updates in your inbox every week.
Article by Fozia Iftikar (Final Year Law Student at the University of Leeds)
The ongoing threat
Individuals and organisations across the globe have been blitzed with cyber security issues in recent times, which have seemingly become an involuntary side-effect of COVID-19 in cyber space. The threats range from phishing and malware, to eavesdropping and password attacks. These have been increasingly unpredictable – with Deloitte reporting cyberattacks utilising previously unseen malware or methods increasing by 15% during the pandemic.
Casualties across the board
Cyberattacks have certainly not discriminated against any sector, with healthcare being one of the biggest victims. This comes as no surprise, considering how valuable private patient information is to attackers (due to the data being sold on easily) and the sheer volume of devices used in hospitals making it more of a challenge to prioritise security.
Some of the largest glitches arose in hospitals in France, Ireland, and New Zealand respectively – all in the space of the last 6 months. A French hospital faced ransomware attacks, whilst Irish healthcare authorities witnessed hackers demanding £14 million to restore services (after handing it back for free eventually) and New Zealand faced two prolonged weeks of disruption to its computer systems. These continued attacks have subjected patients to risks with their private information getting out into the open, made the life of healthcare workers with little knowledge of cybersecurity issues more complex and caused a catastrophe by wiping out imperative information relating to scheduled hospital appointments.
Are companies upping their game?
The United Kingdom has been considered amongst the highest ranked in terms of its cybersecurity. However, the NHS has faced major cybersecurity incidents in the past: namingly, the NHS ‘WannaCry’ ransomware attack of May 2017. Emergency rooms were shut, and patients were denied service. So, what changed? And what lessons could be learnt for cybersecurity companies seeking to guard the healthcare sector?
After the disastrous events of 2017, some companies made a rapid move to upgrade their outdated operating systems and implement backup solutions which would minimise the chances of ransomware affecting their networks. However, three years on, many companies have still refused to learn from the lessons of the 2017. Thus, to eradicate cyberattack issues in the healthcare sector once and for all, companies across the globe must take proactive steps to strengthen their systems by implementing solid software which is not vulnerable to attacks, for the safety of all concerned.
For more on this topic please see here, here and here.
Article by Jamie Adair (1st year LLB student at Warwick University)
Chinese ride-hailing giant, Didi, is facing the possibility of serious penalties from Chinese regulators. The report emerged just two days after they raised $4.4 billion through their listing on the New York Stock Exchange, leading to a 20% fall in their share price.
Chinese regulators are planning a wave of punishments against Didi, including a fine which is likely to be bigger than the record $2.8 billion fine which Alibaba had to pay earlier this year. The penalties may also include the suspension of certain operations and delisting of Didi’s US shares. The report has surfaced a week after Chinese government officials visited Didi’s offices last week to carry out a cybersecurity review and alleged that they were illegally collecting users’ data. The CAC accordingly forced them to prevent new users from signing up and ordered the removal of Didi’s app from Chinese app stores.
Officials in Beijing have called for a new regulatory regime to monitor overseas IPOs, with the Cyberspace Administration of China (CAC) proposing rules to ban companies with more than 1 million users from listing abroad without undergoing a security review and receiving official permission. Chinese tech groups have historically preferred listing in New York because of its more liquid markets and the ease of going public compared to Hong Kong. However, regulators have perceived Didi’s recent listing in New York despite the CAC’s pushback as a challenge to Beijing’s authority which they are eager to punish. Beijing recently announced it is stepping up its scrutiny of Chinese listings in the US and tightening restrictions on cross-border data flows and security.
In response to the news, global investment banks are rushing to redirect a number of Chinese groups’ IPOs to Hong Kong, concerned that they may face similar treatment to Didi if they were to go ahead with their planned US listings. Advising Chinese companies on their IPOs has been incredibly profitable for banks such as Goldman Sachs and Morgan Stanley, which have generated fee revenue of $460 million in the first half of 2021. However, the recent announcement from Beijing may put an end to this trend and further restrictions could pose a threat to more than $2 trillion worth of Chinese shares on Wall Street.
You can read more about it here, here, and here.