Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

U.S. Estimates that Cyber Hacks Cost Up to $109 Billion in 2016

The Council for Economic Advisors (CEA) issued a report this month, entitled “The Cost of Malicious Cyber Activity to the U.S. Economy,” which concludes that “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.” The Executive Summary further depressingly concludes: Malicious cyber activity directed at private and public entities … Continue Reading

DOJ Forms Cyber-Digital Task Force

The Department of Justice (DOJ) has announced that it is forming a Cyber-Digital Task Force that will combat global cyber threats. The Task Force will concentrate on gathering the methods that the DOJ uses to fight cyber threats and figure out ways law enforcement can combat the problem, starting with what efforts are being used … Continue Reading

SEC Updates Guidance on Public Companies’ Disclosure of Cyber-Attacks

The U.S. Securities and Exchange Commission (SEC) updated guidance to public companies this week on how and when they are to disclose cybersecurity risks and breaches. The SEC suggests that public companies should disclose potential weaknesses that have not been targeted by hackers. There has always been a tension between the SEC and public companies … Continue Reading

HaoBao Malware Hitting Banks Scans for Bitcoin Activity

Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.” The phishing campaign was discovered by McAfee Labs in mid-January. The way it works … Continue Reading

New York’s Landmark Cybersecurity Regulation Compliance Deadlines Looming

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”). The Regulation, which became effective on March 1, 2017, … Continue Reading

Privacy Tip #126 – Employee Training and Education Continues to be “Best” Cyberdefense

It is a myth that employees hate training and education. I have seen it with my own eyes. It is very exciting to watch an audience visibly cover their mouths when real life stories are told about cyber-attacks and phishing incidents that employees’ conduct cause because they are working too fast, not paying attention to … Continue Reading

Cisco Warns of VPN Bug

Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a VPN bug that could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code” and “allow an attacker to take full control of the system.” Because the bug, known as DVE-2018-0101 is easy to … Continue Reading

Fresenius Pays OCR $3.5M for Five Separate Data Breaches Affecting a Total of 521 Individuals

In the first settlement for HIPAA violations in 2018, Fresenius Medical Care North America (Fresenius) has agreed to pay $3.5 million to the Office for Civil Rights (OCR) to settle allegations against it relating to five data breaches that occurred over a four month period in 2012. Interestingly, the five separate breaches affected the information … Continue Reading

MA AG Launching Online Data Breach Reporting Portal

Massachusetts Attorney General Maura Healey recently announced that her office will be launching a new online data breach reporting portal for companies to use to report data breaches to her office pursuant to the Massachusetts data breach notification statute. The use of the portal is voluntary and does not relieve companies of their statutory obligations, … Continue Reading

Privacy Tip #125 – Check + Set LinkedIn Privacy Settings

It is well known that hackers and fraudsters surf Facebook to find individuals who have not protected their information through Facebook’s privacy settings. People put a lot of information on Facebook that is very personal and can give criminals detailed leads on how to launch successful campaigns against unsuspecting victims. Less publicized is the fact … Continue Reading

Class Action Suit Filed Against Allscripts for Ransomware Attack

Allscripts Healthcare Solutions Inc. notified its electronic medical record customers last week that a ransomware attack was behind the disruption of service for medical providers. Allscripts became the victim of the ransomware “SamSam” on January 18 which shut down providers’ access to their electronic medical records. Allscripts was able to restore some access, but a … Continue Reading

Oklahoma State Hack Compromises Half a Million Records

Oklahoma State University Center for Health Sciences (OSUCHS) has notified 279,865 patients that their protected health information may have been compromised as a result of a hacking incident. OSUCHS has determined that an unauthorized individual gained access to its system housing Medicaid billing information on November 7, 2017, but it is unable to determine whether … Continue Reading

Privacy Tip #124 – FTC Alerts Consumers to Social Security Administration Scammers

The Federal Trade Commission (FTC) issued a scam alert this week notifying consumers that it has received an up-tick in complaints that scammers are calling consumers claiming they are from the Social Security Administration. The scammers tell the individual that there has been a computer problem at the Social Security Administration and that they need … Continue Reading

Cyber-attacks are the Third Greatest Global Risk in 2018

A new report issued by the World Economic Forum (WEF), called “Global Risks Report 2018,” lists the threat of cyber-warfare and cyber-attacks affecting the public as the world’s third greatest threat in 2018, only behind natural disasters and extreme weather. The report notes that because of an increased global reliance on connected devices and the … Continue Reading

NIST Issues Blockchain Technology Report to Help Businesses “Make Good Decisions” About Using Blockchain

On January 24, 2018, the National Institute of Standards and Technology (NIST) issued its “Draft NIST Interagency Report 8202 Blockchain Technology Overview” which it announced as NIST’s “Report on Blockchain Technology Aims to Go Beyond the Hype.” The press release announcing the issuance of the report starts by stating “Beguiling, baffling or both—that’s blockchain. Aiming to … Continue Reading

European Commission Releases GDPR Guidance

All privacy professionals, whether in the EU or the U.S., need to have an understanding of the implications of General Data Privacy Regulation (GDPR) compliance, particularly since the fines and penalties that could be imposed for non-compliance are intimidating. GDPR goes into effect on May 25, 2018, and many companies are struggling to become compliant … Continue Reading

Think Tank Says Nuclear Missiles Can be Inadvertently Launched Through Cyber-Attacks

Just before the false alarm last weekend in Hawaii when residents were erroneously warned of an impending missile attack, think tank Chatham House issued a report stating that it had identified vulnerabilities in nuclear weapons systems located throughout the world that made them susceptible to malware and ransomware attacks that could lead to inadvertent missile … Continue Reading

Hancock Health Hit with Ransomware That Shuts Down Network

It has been predicted that the healthcare industry will continue to be lambasted with ransomware in 2018. It has also been predicted that attackers will move from taking sensitive information hostage to sabotage, service disruption, physical damage and malicious deletion or changes to the integrity of data. Unfortunately, the year has started off true to … Continue Reading

Privacy Tip #122 – What’s Up with WhatsApp’s Security Flaws?

WhatsApp has been applauded for adding end-to-end encryption on its platform to secure conversations of its users two years ago. But encryption has its challenges, despite its security posture. Recently, a team of German cryptographers found flaws in WhatsApp that they say makes it easier for unauthorized individuals to access group chats. They also found … Continue Reading

Health Care Organizations Saw an 89% Increase in Ransomware in 2017

Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the number of hacking events targeted at health care entities involving ransomware increased a whopping 89% from 2016. The report analyzed the self-reporting database of the Office for Civil Rights (OCR) … Continue Reading
LexBlog