DAL Global Services LLC, an aviation ground handling service provider, was hit with a proposed biometric privacy class action in April of this year in the U.S. District Court for the Northern District of Illinois. This week the court ruled that the class action may proceed after the court ruled that the plaintiff’s claims were not preempted by other state and federal laws as argued by DAL.

Plaintiff, Eric Nseumen, brought claims against DAL, his former employer, for alleged violations of the Biometric Information Privacy Act (BIPA). Nseumen claimed that DAL violated BIPA by collecting his biometric data as part of its timekeeping system during his employment as a forklift operator at Chicago O’Hare International Airport without first obtaining consent. However, DAL argued that BIPA is preempted by the Airline Deregulation Act and the Illinois Workers’ Compensation Act.

District Judge Matthew F. Kennelly explained in his decision that the Airline Deregulation Act prohibits states from enacting or enforcing laws that have the “force and effect” of law related to “a price, route, or service of an air carrier that may provide air transportation.” (emphasis added). While DAL argued that this preempted BIPA, Judge Kennelly disagreed: “BIPA does not expressly refer in any way, shape, or form to airline-related services [. . .] [a]nd its impact on DAL’s services or prices is, at most, remote.”

Further, Judge Kennelly also rejected DAL’s argument that the Illinois Workers’ Compensation Act barred BIPA claims, holding “Extended analysis is unnecessary; the Court agrees on this point with its colleagues, who as best as the Court can determine have uniformly rejected similar arguments regarding BIPA claims by employees.”

This is yet another warning to employers to determine what biometric data collection laws apply to them and to determine what they must do to comply (such as getting prior consent) with those laws.

When you are educating your employees about the importance of maintaining a complex password or passphrase, share this story to show why it is so important and to emphasize not to use same or similar passphrases across multiple platforms. It is not just a matter of getting into the company’s systems, but also one of national security.

This week, Microsoft shared research “that it is likely” that Iranian-backed hackers launched attacks against more than 250 U.S. and Israeli defense contractors and global maritime companies through Office 365 accounts, and were successful 20 times.

The Iranian-backed hackers used a “password spraying” techniques, that is, rapidly spraying the account with compromised passwords to see if one will work. It is disappointing to see how often this technique works to access an account. The reason why it works is because employees are using the same password across different platforms, which the hackers know, and when a password is compromised and sold on the dark web, they know where and when to use it, with devastating consequences.

Microsoft predicts that Iran and its hackers will continue this activity, particularly against defense contractors and the shipping and maritime industries.

Educate your employees on how important their passphrases are to company data and national security as foreign adversaries are using these easy techniques to gain valuable company data as well as data important to national security.

Last month, in Canada, a 63-year old engineer received his lung transplant via drone delivery. This was the world’s first drone-delivered lung transplant. The drone flew for approximately 6 minutes from Toronto Western Hospital across the city to Toronto General Hospital to deliver the organ. The organ was packed in a lightweight, carbon fiber container suspended from the drone. This maiden voyage stems from Sirius Satellite Radio co-founder, Martine Rothblatt’s, desire to cut the wait-list in Canada. In 2020, 2,622 Canadians received transplants, 4,129 were on waiting lists and 276 died before an organ came available. Rothblatt started United Therapeutics in 1996 after his daughter was diagnosed with pulmonary arterial hypertension, and the drone that delivered this lung belongs to Unither Bioelectronique, which is a wholly owned subsidiary of Unither.

In 2019, the first organ delivered by a drone was completed by the University of Maryland Medical Center in Baltimore, with a drone-delivered kidney. Thereafter, MissionGo and Nevada Donor Network sent corneas on a 5-minute flight, a kidney on a 25-minute journey and, in May of this year, a pancreas was shipped via Minnesota’s skies.

This method is increasingly likely to become the norm in health care as a fast, safe way to deliver organs in the timeliest manner.

If you think the Russians are only targeting U.S. companies and the defense industry, think again. The cyber war between Russia and the U.S. has escalated since the President threw down the gauntlet on Putin, and the retaliation is to attack Gmail users in the U.S. Yes, Gmail users are part of the war.

According to Google’s research, last month, Russian hackers (APT28 or “Fancy Bear”) targeted around 14,000 Gmail users, which it claimed to be an above-average number of attacks in one month. Although 14,000 Gmail users is relatively small, it shows that hackers are sneaky and trying different techniques to gather information, disrupt users, and hop from one target to the next.

According to the alert from Google, “we detected government-backed attackers trying to steal your password…if they are successful at some point they could access your data or take other actions using your account.”

Google recommends that all users keep Microsoft Word up to data and open Microsoft Word documents with Google docs.

As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by Critical Insight.

The report states that “Data on cyber-attacks from the first half of 2021 shows criminals are changing targets within the healthcare ecosystem, with breaches increasing for outpatient facilities and business associates. The data also shows some long-term trends continuing, with overall attacks on an upward trend.”

Analyzing data on the Department of Health and Human Services’s breach reporting website, the report states that “more than 70% of the breaches reported during the first six months of 2021 were classified as a ‘hacking/IT incident….Outpatient facilities, including family medicine and specialty clinics, were a common source of data breaches, and business associates were heavily targeted as well.”

Key findings of the report show:

  • Breaches up nearly 2x since 2018 and on an increasing trajectory;
  • Increase in breaches attributed to hacking/IT incidents, with the number of hacking/IT incidents up over 3x since 2018 and on an increasing trajectory;
  • Business Associates now account for 43 percent of all health care breaches, the continuation of a three-year upward trend; and
  • Outpatient facilities and specialty clinics were breached nearly as much as hospitals in H1 2021.

The message is clear that threat actors are shifting their targets to smaller entities that may not have sophisticated security measures in place to defend themselves against attacks and these attacks have been successful. The trend is alarming and worthy of attention for smaller healthcare entities and business associates.

Google Chrome, touted as the world’s most popular browser (you’ve made it when your brand becomes a commonly-used noun), has issued patches for zero-day vulnerabilities that it or external researchers have identified as being exploited in the wild. Kudos to the research team at Google, as well as outside researchers who help identify vulnerabilities before they are widely exploited.

The four patches released include one designed to address a memory-corruption bug that was listed as high severity, and another described as an “information leak in core” that was listed as medium severity.

Patching any vulnerabilities discovered and issued by a manufacturer is an important part of an enterprise-wide information security program. Google’s security alert can be accessed here.

Trucking company Forward Air revealed in a filing with the Securities and Exchange Commission that it suffered a ransomware attack in December 2020 (reportedly by Hades), which caused business disruption as it was forced to “suspend its electronic data interfaces with its customers.” The attack also inhibited its ability to release freight for transport.

Forward Air is now notifying current and former employees that their personal information was “potentially viewed or taken by an unknown actor.” The data that were compromised included names, addresses, dates of birth, Social Security numbers, passport numbers, bank account numbers, and driver’s license numbers.

Forward Air is offering the effected individuals with one year of credit monitoring.

One of the most prevalent areas for drone use is within the agricultural industry, in which drones offer the potential to address several major challenges. Recently, Global Market Insights predicted that the agricultural drone market will surpass $1 billion by 2024. What drives that growth? Most likely it is the increasing technological advancements that are focused on enhancing quality farming techniques, and the increased need for automation due to the lack in skilled labor in that space.

Drones can improve many different aspects of the agricultural industry. For example, drones can carry out crop monitoring, soil assessment, review of plant population, irrigation and drainage, fertility and crop protection, spraying of fertilizer and pesticides, and harvest planning.

One specific example: a drone can fly over a farm property to take aerial images of the crops using red, green, blue, red edge, near-infrared, and thermal image bands. With those images, the farmer can then create normalized difference vegetation index (NDVI) maps. Then these NDVI drone-created mapscan be used to help analyze and assess whether the target crop or area being observed contains live green vegetation or not. Digital surface maps, thermal maps, and other types of maps can also be generated using the images gathered by the drone. This information can increase crop production, lower water usage, and uncover many other types of issues, such as the presence (and prevalence) of pests. The infrared images can also help determine the health of crops. All of this can be done with the push of a button using a drone.

Why is this important? Not only does this help to fill some of the labor gap, but a farmer also now has the ability to gather and review this type of information so efficiently and effortlessly (and to adjust tactics and plans just as easily), that they can maintain (and keep) the farm running and producing crop. As the statistics show, drones are surely a vital technological component to the future of farming and agriculture.

Facebook had a rough week on many fronts, including the publishing of “The Facebook Files” by the Wall Street Journal, segments on CBS Sunday Morning, the revelation of on 60 Minutes of Frances Haugen as the whistleblower,  and culminating with the testimony of the whistleblower before Congress.

Haugen alleges that Facebook knew that its platform and Instagram are harmful to the mental health of children. Facebook struck back by releasing internal research that disputes what has been called a “meticulous” gathering of internal documents by Haugen.

The lead-up to this drama (which will no doubt be a movie someday) reminds me of other instances of when companies have internal research showing that aspects of their product may be harmful, yet continuing to offer the product to consumers, such as tobacco and lead pigment in paint. Don’t get me started on lead paint! I spent three years of my professional career learning all about lead paint. It took many years for laws and regulations to catch up to how those products harmed kids and adults (lead pigment in paint was finally outlawed in 1976, though there was research that showed lead pigment was harmful to health decades earlier), and technology is changing even more rapidly.

No matter how the controversy with Facebook and Instagram plays out, the revelation of the research by both Haugen and Facebook is worth considering, especially if you have children. Don’t wait for Congress or state legislatures to regulate what may be harmful to your kids. You talk to them about the hazards of smoking, drinking, drugs, driving while under the influence, and other risky behavior. Similarly, talk to your kids about their online activities, including how they use Facebook and Instagram and how they can limit their use and exposure.

According to Haugen, “Kids are saying ‘I am unhappy when I use Instagram and I can’t stop. If I leave, I’m afraid I’ll be ostracized.’” Find out what mental health professionals are suggesting about how to talk with your children about their use of social media, then include some of those helpful hints when chatting with your kids about their online and social media activity. Included here are tips from one mental health professional.

The message here is that we are all in this together. Some of us are dependent on social media and online activities, which have become a part of the fabric of our lives. We need to understand the potential harm in our social media use, take responsibility for it, and determine how we will minimize the risk to ourselves and our children, just as we do with other products that may be harmful to us.