Photo of Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations” have been on the rise.

The social engineering scheme starts with a telephone call to the IT help desk

The recent increase in smishing and vishing schemes is prompting me to remind readers of schemes designed to trick users into providing credentials to perpetrate fraud. We have previously written on phishing, smishing, vishing, and QRishing schemes to increase awareness about these methods of intrusion.

HC3 recently warned the health care sector about vishing schemes

Adding to the list of many other municipalities, the city of Pensacola, Florida, was hit with a cyber-attack last weekend that affected services to residents, including emergency telephone assistance. Although Pensacola is recovering, some services are still down, including online bill paying. The city of Pensacola is requesting residents to pay using other methods, including

On March 18, the Office for Civil Rights of the U.S. Department of Health and Human Services issued a Bulletin updating its guidance to HIPAA-covered entities and business associates on the use of tracking technology on websites and mobile apps.

The Bulletin supplements the original guidance published by OCR in December 2022.

According to the

Darktrace researchers have outlined a particularly scary scenario of how threat actors are bypassing MFA and using artificial intelligence to launch sophisticated phishing attacks against users.

The case study “leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols…which highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and

Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky. Nonetheless, it is a necessary evil and crucial to cybersecurity hygiene and incident prevention.

On March 12, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued three Cybersecurity Alerts for Adobe, Microsoft, and Fortinet security patches.

The

Yesterday, with broad bipartisan support, the U.S. House of Representatives voted overwhelmingly (352-65) to support the Protecting Americans from Foreign Adversary Controlled Applications Act, designed to begin the process of banning TikTok’s use in the United States. This is music to my ears. See a previous blog post on this subject.

The Act would penalize

To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a cybersecurity advisory  warning organizations about the Phobos ransomware, and provided indicators of compromise and tactics, techniques, and procedures used by Phobos as recently as February.

According to the advisory, Phobos has been attacking “municipal and