Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

“KRACK” WiFi Security Vulnerability Discovered

Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, dubbed “KRACK,” which stands for “Key Reinstallation AttaCK”, allows intruders to breach into WPA2 and steal the data that is being transmitted between a … Continue Reading

Stored Communications Act Does Not Prohibit Disclosure of Deceased’s Yahoo Account

In what appears to be a case of first impression in the Commonwealth of Massachusetts, the Supreme Judicial Court (SJC) has ruled that Yahoo may disclose the contents of a deceased’s Yahoo email account to his personal representatives and is not precluded from doing so by the Stored Communications Act (SCA). The subscriber passed away … Continue Reading

Airline Cargo Company Sued under Illinois Biometric Law

Alliance Ground International is the latest company to be sued for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) for collecting and storing its employees’ fingerprints without their consent. The proposed class of employees alleges that the company, which takes employees’ fingerprints as part of their time keeping records for their work as bag … Continue Reading

Privacy Tip #110 – Resources for Small Businesses to Stay Informed about Cyber Threats

The Federal Trade Commission (FTC) has concentrated on small businesses this year with the launch of www.FTC.gov/SmallBusiness , which provides data security awareness information to small businesses. The  site includes articles about data security, how to develop a data security plan, what happens when ransomware affects your business, what to do in response to a … Continue Reading

Arkansas Surgery Center Hit with Ransomware

Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible. On July 26, 2017, AOFSC became aware that a hacker was able to infiltrate its system and demand a ransom for … Continue Reading

Vermont AG Settles with SAManage for $264,000 for Delayed Breach Notification

The Vermont Attorney General (AG) recently announced that it has settled with SAManage USA, a business support services company, for failing to timely notify 660 Vermont residents that their names and Social Security numbers were accessible through the online search engine Bing. In July of 2016, an employee of SAManage attached an excel spreadsheet containing … Continue Reading

Privacy Tip #109 – Cybersecurity Tips for Small (and all) Businesses

I travel around helping businesses, both large and small, work on assessing their cybersecurity risks and implement measures to protect data, reduce risk and comply with applicable state and federal laws. In doing so, it is obvious that all businesses are struggling with managing data risks, and the time, resources and tools necessary to combat … Continue Reading

McAfee Report Lists Health Care Sector as Most Targeted Industry for Cyber-Attacks

In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public sector for the first time in six quarters. It confirmed that cyber-attacks against the health care sector continue to increase. Although that … Continue Reading

Home Depot Settles Data Breach Class Action Case with Financial Institutions and Counsel for $42.55 million

Following its data breach in 2014, Home Depot was sued by thousands of financial institutions requesting recovery of costs associated with the issuance of new credit and debit cards to 50 million individuals affected by the breach. Last week, an Alabama federal judge approved a proposed settlement with the financial institutions for $27.25 million. The … Continue Reading

Study Finds 73 percent of Medical Professional Use Others’ Passwords

We all know by now that we are not supposed to give our passwords to anyone else or use someone else’s passwords to access an electronic system. Despite this basic data security tenant, a new study by Healthcare Informatics Research reports that 73% of medical professionals admit that they have used another’s password to access … Continue Reading

Drone Use Prohibited at DOI Landmarks

The Federal Aviation Administration (FAA) has prohibited drone flights at 10 Department of the Interior (DOI) landmarks across the country. Title 14 of the Code of Federal Regulations (14 CFR) § 99.7 – “Special Security Instructions” is being used by the FAA to address concerns about drone use at the 10 sites. Staring on October … Continue Reading

Aviation and Petrochemical Industries Subject to Hacking by Iran

Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week. According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation … Continue Reading

SEC Hacked!

The Securities and Exchange Commission (SEC) has admitted that it was the victim of a cyberattack in 2016 that exposed information that may have been used for insider trading. The hack involved the SEC’s filing database, known as EDGAR. The admission was on the heels of a Government and Accountability Office report in July that … Continue Reading

Security Vulnerabilities Identified in Wireless Syringe Infusion Pumps

The U.S. Department of Homeland Security (DHS) recently issued a warning that Smiths Medical Medfusion 4000 wireless syringe infusion pumps contain a security vulnerability that can be exploited by hackers to alter the performance of the medical devices. The devices are used to infuse small doses of medication to patients and are used in acute … Continue Reading

Second Largest Business Associate Breach in 2017

Cornerstone Business & Management Solutions, a medical supply company located in Nebraska, has notified 21,856 individuals and the Office for Civil Rights that while performing a routine review of system logs, it discovered a suspicious account on its server downloading personal information of patients using its medical devices, including names, addresses, dates of birth, and … Continue Reading

Privacy Tip #107 – Medical Marijuana Privacy

As more and more state laws allow the use of marijuana for medical conditions, and dispensaries are opening to provide users with access to marijuana for medical purposes (and recreational use), patients are questioning and becoming concerned about the protection of their privacy when purchasing marijuana in dispensaries. The concern is that federal law still … Continue Reading

City of Newton’s Drone Ordinance Overturned by Federal Judge

Last week, a federal judge in Massachusetts ruled that the City of Newton’s drone ordinance, which attempted to regulate drone flights in the airspace over Newton, Massachusetts could not be enforced by the municipality because it is pre-empted by federal law. In December of 2016, the city passed an ordinance that required drone operators to … Continue Reading

Vevo Hacked through LinkedIn Message

Vevo announced this week that it experienced an intrusion into its servers by the hacking collective OurMine, self-described as a white hat organization that informs individuals and organizations of potential security vulnerabilities. When OurMine reached out to Vevo to inform it of a vulnerability, a Vevo employee dismissed the claim and told OurMine that they … Continue Reading

Offshore Cybersecurity Guidelines Issued

DNV GL recently issued a new globally applicable recommended practice (DNLVGL-RP-G108) to assist oil and gas operators, system integrators and managers, and vendors in the offshore industry to manage increasing cybersecurity threats. The guidance is designed to help the oil and gas industry improved the security of their operational technology. A Ponemon Institute study found … Continue Reading
LexBlog