Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law. Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Microsoft Issues Cybersecurity Risk Warning and Offers Help to Hospitals During COVID-19 Crisis

By Linn Foster Freedman on April 2, 2020 Posted in Coronavirus, Cybersecurity

On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis. According to Microsoft “[D]uring this time of crisis, as … Continue Reading

Privacy Tip #233 – Be Wary of Coronavirus Telemarketing Calls

By Linn Foster Freedman on April 2, 2020 Posted in Coronavirus, Privacy Tips

The scammers know that most of us are working from home and are trying to use this to their advantage. The robocalls have increased, and telemarketers are calling more frequently, but with a new twist—preying on fears of consumers about coronavirus. I am on the Do-Not-Call list, yet I am still getting many unwanted robocalls. … Continue Reading

Privacy Tip #232 – Spam Phone Calls Rampant for Remote Workers

By Linn Foster Freedman on March 26, 2020 Posted in Privacy Tips, Telephone Consumer Protection Act

For those of us who work outside of the home during normal times, we know when we are home on the weekends not to answer our home telephone unless we recognize the number or caller. The same is, of course, true for our mobile phones. If the caller is someone we know, they will leave … Continue Reading

COVID-19 Vaccine Test Lab Hit by Maze Ransomware

By Linn Foster Freedman on March 25, 2020 Posted in Cybersecurity

Despite the fact that the hackers behind Maze ransomware previously promised not to hit medical organizations during the coronavirus pandemic, it recently attacked a British medical lab that is slated to test COVID-19 vaccines during the pandemic. The Maze hackers previously said publicly that it would “stop all activity versus all kinds of medical organizations … Continue Reading

HHS Targeted by Nation-State Hackers

By Linn Foster Freedman on March 19, 2020 Posted in Coronavirus, Cybersecurity

Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS) attempts to respond to and get ahead of the COVID-19 pandemic in the U.S., hackers, likely from a foreign enemy nation state, ramped … Continue Reading

FTC Issues Tips for Working from Home During Coronavirus Outbreak

By Linn Foster Freedman on March 19, 2020 Posted in Coronavirus, New + Now

In response to the coronavirus crisis, many companies have mandated that employees work from home in order to assist in slowing the spread of the virus. With more employees working from home, and a wider network to protect, security experts are warning companies to be vigilant with security measures. In addition, it is widely reported … Continue Reading

Privacy Tip #231 – Out of Work Because of Coronavirus? Beware of Scammers Pretending to Be Employers

By Linn Foster Freedman on March 19, 2020 Posted in Coronavirus, Privacy Tips

It is an old trick, and one that scammers are once again using following massive lay-offs after the coronavirus outbreak and mandates to shelter from home. The trick is to impersonate an employer recruiting for jobs, or touting the ability to make lots of money while working from home. As the old adage says, “If … Continue Reading

HHS Issues Confusing Limited Waiver on Sharing of Patient Information Following COVID-19

By Linn Foster Freedman on March 18, 2020 Posted in Coronavirus, HIPAA and Health Information

Acknowledging the “additional challenges” on health care providers following the outbreak of COVID-19, the Department of Health and Human Services (HHS) recently issued several waivers for covered entities to address the need to share patient information after the President declared a national emergency concerning COVID-19. One of the waivers issued by HHS is to “waive … Continue Reading

City of Durham, NC Hit With Ryuk Ransomware

By Linn Foster Freedman on March 12, 2020 Posted in Cybersecurity

Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling victim to the ransomware attack last weekend, the city shut down its network, including disabling access to the network by the Durham Police Department, the Sheriff’s Office and the communications center. … Continue Reading

Vermont Governor Signs Bill Requiring Data Privacy Inventory of Citizens’ PII

By Linn Foster Freedman on March 12, 2020 Posted in Data Privacy

On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, “An act relating to data privacy and consumer protection,” which provides authority to develop a statewide data privacy inventory of the personally identifiable information (PII) that the state collects from and maintains of its citizens. According to the bill, the data … Continue Reading

Litigation Case Claims Violation of CCPA Under Statutory Private Right of Action

By Linn Foster Freedman on March 12, 2020 Posted in Enforcement + Litigation, Websites

One of the most significant consumer rights offered by the new California Consumer Privacy Act (CCPA) is what we call the “private right of action” afforded by the law. A private right of action under a law basically means that if someone violates the law and a person is damaged, the person can assert a … Continue Reading

Coronavirus and Remote Workers: Consider Increased Risk of Insider Threat Issues

By Linn Foster Freedman on March 12, 2020 Posted in Coronavirus, New + Now

The conference I was supposed to speak at next week was just cancelled, as many are and will be, due to coronavirus concerns. The topic was “Insider Threats and How to Mitigate Them.” One of the points I was going to make was that insider threats, both malicious and unintentional, are an ongoing and serious … Continue Reading

Privacy Tip #229 – Two RSA Conference Attendees Test Positive for Coronavirus

By Linn Foster Freedman on March 12, 2020 Posted in Coronavirus, Privacy Tips

Our firm is a proud member of the International Association of Privacy Professionals (IAPP), as are those of many of my colleagues in the industry. I attend the IAPP Global Privacy Summit every year, and have done so since (I think) 2004. Yikes. Back in the early days, hundreds of individuals attended the conference in … Continue Reading

Vegas Casinos Are “Cash Only” After Suspected Ransomware Attack

By Linn Foster Freedman on March 5, 2020 Posted in Cybersecurity

Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the security incident. The Nevada State Gaming Control Board was aware of the situation and disclosed that it is monitoring … Continue Reading

Be on High Alert for New Wave of Wire Fraud Scams

By Linn Foster Freedman on March 5, 2020 Posted in New + Now

Scammers always go back to the good old scams, even when they are making bundles on new scams. Although our lives have been consumed of late with an onslaught of ransomware attacks, this past week, we have seen an uptick in good old wire fraud schemes. The uptick is so significant that it warrants a … Continue Reading

Privacy Tip #228 – Coronavirus Scare Is the Perfect Cover for Fraudsters

By Linn Foster Freedman on March 5, 2020 Posted in Coronavirus, HIPAA and Health Information, Privacy Tips

The coronavirus—or COVID-19—has health care experts scrambling, and has caused global concern for health and well-being due to its rapid spread throughout many countries, including the United States. A scare like this is the perfect opportunity for scammers and fraudsters to prey on well-intentioned people. Unfortunately, during this global health care concern, criminals are using … Continue Reading

Natural Gas Compressor Facility Shut Down After Ransomware Attack

By Linn Foster Freedman on February 20, 2020 Posted in Cybersecurity

The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in the network, the attacker deployed software trying to “identify critical assets” before setting off the ransomware and in the process, may have also disabled detection processes in place to identify … Continue Reading

Yearly Data Breach Reporting Due to OCR by February 29

By Linn Foster Freedman on February 20, 2020 Posted in Health Information Privacy, HIPAA and Health Information

Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500 individuals and have not already been self-reported within 60 days following the calendar year. That means that covered entities are required … Continue Reading

Privacy Tip #227 – Sextortion Ransomware

By Linn Foster Freedman on February 20, 2020 Posted in Cybersecurity, Privacy Tips

Criminal minds are creative, and new ransomware strains show just how creative cyber-attackers can be. A new strain of ransomware, dubbed Ransomwared, requests a different kind of payment from the victim than the typical bitcoin request. Instead of paying for the decryption of data, or to prevent cyber-attackers from releasing private photos they have obtained … Continue Reading

Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion

By Linn Foster Freedman on February 13, 2020 Posted in Cybersecurity

Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will … Continue Reading

Frequency and Cost of Insider Threats Continue to Increase

By Linn Foster Freedman on February 13, 2020 Posted in Cybersecurity

The Ponemon Institute recently issued its 2020 Cost of Insider Threats Global Report (Report), which finds that the frequency and cost of insider threats continues to increase. Sponsored by ObserveIT and IBM, the 2020 Report is the third consecutive one to study insider threats and their impact on businesses in terms of frequency, cost, and … Continue Reading

Ransomware—to Pay or Not to Pay and Should We Get a Bitcoin Wallet Just in Case?

By Linn Foster Freedman on February 13, 2020 Posted in New + Now, Virtual Currency

There’s nothing worse than paying criminals. And paying a ransom for data is just that—paying criminals for a criminal act. All you get out of the payment is access to your data. It doesn’t fix the vulnerability or the root problem. Let the record reflect that the FBI does not recommend paying ransoms to cyber … Continue Reading

Privacy Tip #226 – Beware – Well-Known Brands Used for Phishing Schemes

By Linn Foster Freedman on February 13, 2020 Posted in Privacy Tips

A new study by Check Point Research shows that cyber criminals are using well-known brands to lure victims into clicking on nefarious links, providing personal information or credentials, or getting users to transfer money. This is an old malware trick that we used to see and now recognize. Scammers send a phishing email after copying … Continue Reading

Frequency and Cost of Insider Threats Continue to Increase

By Linn Foster Freedman on February 10, 2020 Posted in Cybersecurity, Data Breach

The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the third consecutive report that studies insider threats and their impact on businesses in terms of frequency, cost and … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).