Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Connecticut Insurance Department Issues Bulletin on Data Security Requirements

We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP). The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance … Continue Reading

Siemens Medical Equipment Vulnerable to Cyber-Attacks

The Department of Homeland Security and Siemens Healthineers has identified cybervulnerabilities in the Windows 7-based versions of Siemens PET/CT systems, SPECT systems, SPECT/CT Systems and SPECT Workplaces/Symbia.net and have issued a warning concerning the vulnerabilities. Although Siemens is working on updates for the affected diagnostic imaging systems, it is recommending that customers operate the systems … Continue Reading

Nevada Implements Law that Requires Notice for Collection of Personal Information

Nevada has become the third state in the Union to adopt a law that requires operators of websites and online services to provide notice to consumers who are Nevada residents of their practices around the collection and sharing of personal information, including consumers’ names, address, email address, telephone number, Social Security number or an identifier … Continue Reading

Hackers Could Target Airports, Planes, Satellites, Ships, Cars, and Trains

Cybersecurity for critical infrastructure continues to be of concern, including the transportation sector. A new study by ABI Research concludes that although the transportation sector continues to increase spending on cybersecurity year over year, the rapid digitization of airports, aircraft, trains, ships, and cars puts this sector at risk. The study mentions that poor cybersecurity … Continue Reading

Students 16 and Over: Check Out CyberStart!

Students 16 and over who live in Virginia, Michigan, Iowa, Hawaii, Nevada, Delaware and Rhode Island—you may be eligible to participate in a new cybersecurity skills program called CyberStart. You have to have access to the Internet and a computer to participate. CyberStart is “a forward-thinking skills program designed to supply specialist cyber security education … Continue Reading

Women’s Health Care Group Notifies 300,000 About Ransomware Attack

Women’s Health Care Group of Pennsylvania has notified approximately 300,000 patients that their protected health information has been compromised by a ransomware attack. Although the ransomware became active on May 16, 2017, an investigation into the attack showed that the intruders had access to the Group’s system since January of 2017. The intruders may have … Continue Reading

OCR Releases “Improved Web Tool” for Breach Reporting

The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals … Continue Reading

Privacy Tip #99 – If you are an IoT Fanatic, this App is for You

Last January, the Federal Trade Commission (FTC) launched the IoT Home Inspector Challenge, a contest that requested participants to come up with a tool that would identify security issues that are caused by out-of-date software in IoT devices to better educate and protect consumers about the security vulnerabilities of IoT devices. To remind you of … Continue Reading

Connecticut Releases Cybersecurity Strategy

On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut. The seven principles set forth in the Strategy document include: Leadership Literacy Preparation Response Recovery Communication and Verification … Continue Reading

FBI Issues Warning about Internet-Connected Toys

We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading

Ashley Madison Settles Data Breach Case for $11.2M

Ashley Madison, which suffered a data breach in 2015 [view related posts here] involving the loss of 37 million users’ personal and financial information, has settled the suit for $11.2 million. Ashley Madison’s parent company previously settled data security allegations with 13 states and the Federal Trade Commission for $17.5 million, but ended up paying … Continue Reading

Unencrypted Backup Drive of 531 EEG Patients Lost

Baptist Medical Center South, located in Jacksonville, Florida has admitted that one of its backup drives has been missing since May 18, 2017. The unencrypted backup drive contained the protected health information of 531 patients who underwent an EEG at the facility between 2015 and 2017. It has not been recovered to date. The backup … Continue Reading

VTech Escapes Class Action Case Over Breach of 11 Million Toy Users’ Information

In November 2015, VTech Electonics North America LLC (VTech) announced that an unauthorized party infiltrated its network and gained access to the personal information of 5 million adults and 6.5 million children through its Learning Lodge app store, including their names, email addresses, security questions, photographs and messages [view related post]. One month following the … Continue Reading

Three Million Wrestling Fans’ Data Compromised

World Wrestling Entertainment, Inc. (WWE) has announced that it is investigating a “vulnerability of [a] database” containing over three million users’ names, addresses, email addresses, dates of birth, educational background, ethnicity, earnings and children’s ages and genders. The data included social media tracking and posts from WWE stars and fans. According to the company, it … Continue Reading

Authorities Investigating Cyber Intrusion of Numerous U.S. Nuclear Power Plants

It’s scary to think about, but anything that is online is hackable. Including critical infrastructure like nuclear power plants. It has been reported that U.S. authorities are investigating a cyber intrusion that has hit numerous nuclear power generation sites in the past few months. The attack has been named “Nuclear 17.” Although details of the … Continue Reading

Office of the National Coordinator Issues Guidance After NotPetya Attack

Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance to assist health care entities in the aftermath. In two separate warnings/updates, ONC provides guidance to health care entities on what to … Continue Reading
LexBlog