Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law. Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Veterinary Network Hit with Ransomware

By Linn Foster Freedman on December 5, 2019 Posted in Cybersecurity

National Veterinary Associates (NVA), a large network of veterinary hospitals and clinics, has reportedly been the victim of a ransomware attack. According to the reports, NVA employs more than 2,600 veterinarians, with over 700 veterinary hospitals and clinics in the U.S., Canada, Australia, and New Zealand. NVA was reportedly hit with the Ryuk ransomware virus, … Continue Reading

Medicare Beneficiary Cards of 220,000 Individuals Compromised

By Linn Foster Freedman on December 5, 2019 Posted in Cybersecurity

The Centers for Medicare and Medicaid (CMS) has announced that approximately 220,000 Medicare beneficiaries’ card numbers have been compromised “by an unknown person or organization.” That means CMS doesn’t know who or how the cards were compromised. Although CMS says it is working to “remedy the situation,” in the meantime, it is checking billing systems … Continue Reading

Biometric Information Litigation Update

By Linn Foster Freedman on December 5, 2019 Posted in New + Now

Despite repeated warnings, companies continue to be hammered with class action lawsuits for violation of the Illinois Biometric Information Privacy Act (BIPA) [view related posts]. BIPA requires that any company that is collecting, using and disclosing biometric information (such as facial recognition, iris scans, fingerprints, DNA testing, to name a few) must basically obtain consent … Continue Reading

Privacy Tip #218 – FBI Considers FaceApp a Counterintelligence Threat

By Linn Foster Freedman on December 5, 2019 Posted in Privacy Tips

For those of you who have downloaded the face editing app FaceApp, please note that the Federal Bureau of Investigation (FBI) has classified FaceApp as a counterintelligence threat because of its Russian origins. According to the FBI, “[T]he FBI considers any mobile application or similar product developed in Russia, such as FaceApp, to be a … Continue Reading

2.2 Million GateHub and RuneScape Passwords Compromised

By Linn Foster Freedman on November 21, 2019 Posted in Cybersecurity, Virtual Currency

It has been reported by Troy Hunt, the security researcher who provides the “Have I Been Pwned” free breach notification service, that 1.4 million passwords and personal information of customers of GateHub, a cryptocurrency wallet service provider, and 800,000 customers of EpicBot gaming bot provider RuneScape are for sale on the web. According to Hunt, … Continue Reading

Texas Health and Human Services Fined $1.6 Million for HIPAA Violations

By Linn Foster Freedman on November 21, 2019 Posted in Health Information Privacy, HIPAA and Health Information

The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency. The fine centers around a data breach that TXHHS self-reported to the OCR in June 2015 … Continue Reading

Privacy Tip #217 – Law Enforcement Warns of Juice-Jacking Scam

By Linn Foster Freedman on November 21, 2019 Posted in Privacy Tips

If, like me, you travel a lot, listen up—the Los Angeles District Attorney’s Office has issued an advisory as part of its fraud education campaign warning travelers not to use free USB charging stations offered in airports, hotels and other public places. According to the warning, “juice jacking” occurs when hackers have loaded malware into … Continue Reading

Beware of PureLocker Ransomware

By Linn Foster Freedman on November 14, 2019 Posted in Cybersecurity

Security researchers Intezer and IBM X-Force have identified a new ransomware that is seriously vicious. It’s PureLocker—named because it is programmed in PureBasic language, which is apparently unusual. The scary thing about this ransomware being written in PureBasic programming language is that it can target different platforms and is transferable between different operating systems, including … Continue Reading

To Extend or Not to Extend Consumer Rights to All

By Linn Foster Freedman on November 14, 2019 Posted in New + Now

Microsoft announced this week that it would extend the consumer rights currently given to California consumers through the California Consumer Privacy Act to all consumers—no matter where they reside. I applaud this move (especially because I don’t reside in CA). But why should my personal information be protected differently than those who live in California? … Continue Reading

Privacy Tip #216 – Another Caution about Biometric Data

By Linn Foster Freedman on November 14, 2019 Posted in Privacy Tips

Biometric information is unique to each of us, including our fingerprints, voice, face, iris, and DNA. We can’t replace our biometric data like we can a credit card. If it is compromised, it is compromised forever. It is uber sensitive. Yet, many people give it away without a second thought. Luckily, there are privacy advocates … Continue Reading

Managed Service Providers Hit with Ransomware Attacks

By Linn Foster Freedman on November 7, 2019 Posted in Cybersecurity, Data Breach

Cyberliability insurance provider Beazley Insurance Company has analyzed its internal breach response data and determined that in its experience, there has been a thirty-seven percent (37%) increase in ransomware attacks this most recent quarter from the last quarter of 2019. Twenty-five percent (25%) of those incidents were against managed service providers (MSPs). An MSP assists … Continue Reading

CCPA Amendment Details to Consider

By Linn Foster Freedman on November 7, 2019 Posted in New + Now, Websites

In delving deeply into the California Consumer Privacy Act (CCPA), the Amendments recently signed by the California Governor, and the proposed Regulations issued by the California Attorney General, we thought it would be helpful to point out some details that are important to consider for compliance which are not obvious in the CCPA discussions we … Continue Reading

Privacy Tip #215 – Your Secret Consumer Score

By Linn Foster Freedman on November 7, 2019 Posted in Privacy Tips

Reporter Kashmir Hill from The New York Times (NYT) published an informative piece this week about our secret consumer scores. We all know that retail companies monitor our clicks on their websites, sell our data not protected by law, and aggregate, slice and dice the data so they can target us with ads. But we … Continue Reading

California DMV Exposes 3,200 Drivers’ SSNs

By Linn Foster Freedman on November 6, 2019 Posted in Data Breach

The California Department of Motor Vehicles (DMV) announced on November 5, 2019, that it inadvertently had allowed the Social Security numbers of 3,200 California drivers to be accessed by unauthorized individuals in other state and federal agencies, including the Internal Revenue Service, the Small Business Administration, and the district attorneys’ offices in Santa Clara and … Continue Reading

Energy Sector’s Reliance on IoT Increases Cyber Vulnerabilities

By Linn Foster Freedman on October 31, 2019 Posted in Cybersecurity

CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. Although the Report admitted that oil and gas companies and electric utilities tend to be ahead of the curve on cybersecurity compared to other sectors, they are … Continue Reading

Ransomware Hits Legal Case Management Provider TrialWorks

By Linn Foster Freedman on October 31, 2019 Posted in Cybersecurity

On October 13, 2019, TrialWorks, a legal case management software platform, announced to its customers, that it was experiencing a hosting outage at its data center and would provide updates as more was learned about the situation. The update issued the next day admitted that TrialWorks was in the midst of a ransomware attack. It … Continue Reading

FBI Warns of E-Skimming Threats

By Linn Foster Freedman on October 31, 2019 Posted in New + Now

For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming threats to those websites. E-skimming occurs when an attacker introduces malicious code on the website to obtain in real time debit and credit … Continue Reading

Privacy Tip #214 – Veterans Warned About Risk of Misuse of Sensitive Personal Information

By Linn Foster Freedman on October 31, 2019 Posted in Privacy Tips

The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information on shared drives by employees who did not have authorization to view the information. According to the audit, sensitive information … Continue Reading

Hackers Eavesdrop and Obtain Sensitive Data of Users Through Home Smart Assistants

By Linn Foster Freedman on October 24, 2019 Posted in Cybersecurity

Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities in order to listen to users’ every word to obtain sensitive information that can be used in future attacks. Last week, it was reported by ZDNet that two security … Continue Reading

Philadelphia DPH Breach Exposes Hepatitis Patients’ Data

By Linn Foster Freedman on October 24, 2019 Posted in Cybersecurity, HIPAA and Health Information

A reporter from the Philadelphia Inquirer discovered that sensitive data of hepatitis patients were accessible online through a Philadelphia Department of Public Health (DPH) website tool without the need for a password. The Inquirer was able to access the data of some 23,000 patients who had contracted Hepatitis C. The vulnerable data included the patient’s … Continue Reading

Compliance: Keeping Up with Rapidly Changing Privacy and Security Laws

By Linn Foster Freedman on October 24, 2019 Posted in New + Now, Websites

The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I stopped that practice because many were never enacted. Now, however, state laws are being … Continue Reading

Privacy Tip #213 – The Jumbo Privacy App

By Linn Foster Freedman on October 24, 2019 Posted in Privacy Tips

As most of you know, I rarely download an app. However, here’s one I just downloaded and here’s why. The Jumbo Privacy app, available in the App Store, is all about providing consumers with a way to audit their privacy and learn whether and how their information might have been compromised. A cool thing about … Continue Reading

Jackson Health System Fined by OCR

By Linn Foster Freedman on October 23, 2019 Posted in HIPAA and Health Information

The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (Jackson), a not-for-profit hospital system comprised of six hospitals, urgent care centers, nursing facilities, and primary care and specialty services based in Miami, Florida, has waived its right to a hearing and did not contest the findings set forth in … Continue Reading

Small and Mid-Sized Businesses Continue to Be Targeted by Cybercriminals

By Linn Foster Freedman on October 17, 2019 Posted in Cybersecurity

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks. The Ponemon study finds that 76 percent of the 592 companies surveyed had experienced a cyber-attack in the previous year, up from 70 percent … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).