Hello. European privacy regulators and courts have ordered some companies to suspend certain data flows to the U.S., WSJ Pro’s Catherine Stupp reports. In one instance, a group of French drivers for Uber filed a lawsuit in the country’s top court asking for the company to stop sending drivers’ personal information to the U.S. 

Also today: SmileDirectClub shares drop after cyber disclosure; Scripps Health contends with security incident; banks and insurers report concerns about cybersecurity and remote work.

Happening Wednesday: U.S. officials discuss escalating ransomware threats and possible policy responses.

Follow us on Twitter: @WSJCyber.

European privacy regulators and courts have ordered suspensions of some data flows between the European Union and the U.S.

Portugal’s data protection authority last week required the country’s statistical institute to stop sending personal information to the U.S. from Portuguese residents filling out the national census, after determining that there weren’t sufficient privacy safeguards in the institute’s contract with California-based cloud security and infrastructure provider Cloudflare Inc.

The decision is the latest move by European officials to clamp down on how companies transfer data from the European Union to the U.S. following a ruling last July by the bloc’s top court. The ruling demanded additional privacy protections if businesses move data outside the 27-country union. 

One cybersecurity and privacy attorney says that “It’s obvious not everyone is undertaking the level of assessment that’s required.”

Read the full story. 

Unhappy investors: Shares of SmileDirectClub Inc. dropped 6% in after-hours trading Monday after the company, which sells teeth-straightening retainers, said a ransomware attack last month disrupted operations and will hurt its sales this quarter. SmileDirectClub said in a securities filing that it isolated the hack by shutting down affected systems and related manufacturing operations.

• The company estimated the attack and downtime would cost it $10 million to $15 million in revenue. The company said it now expects revenue in the second quarter to be $195 million to $200 million. Analysts polled by FactSet were expecting sales of $206.7 million for the second quarter.
• The stock closed Monday at $10.63 a share. It is up 53% in the last 12 months.

Scripps Health deals with ‘information technology security incident.’ San Diego-based Scripps Health shut down its website, patient portal and applications related to operations at its healthcare facilities as it responds to a cyber incident it detected over the weekend. Some appointments will have to be rescheduled, Scripps said in a Facebook post, adding that patient care continues at its facilities. 

• The post prompted questions on Facebook from patients about whether their procedures, including radiation treatment and blood tests, have been canceled. Some complained about busy phone lines at facilities and doctors’ offices.
• Responses from Scripps on Facebook asked for private messages with specifics so hospital representatives could follow up with information.

Also Wednesday: The House Homeland Security Committee plans to hold a hearing to discuss federal policy responses to ranswomare. Among the speakers are Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency; and Megan Stifel, Americas executive director at the Global Cyber Alliance. Watch here at 2:30 p.m. ET.

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.