Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

CoPilot Provider Support Services Settles with NYAG for $130,000 for Late Breach Notification

CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of a data breach in a reasonable time for $130,000. CoPilot began investigating an unauthorized access to, and downloading of its reimbursement records through … Continue Reading

1 Million Individuals’ Personal Data on Backup Drive is Stolen from Washington State University

File this story in the category of even locking data up in a safe is not secure. Washington State University (WSU) has begun to notify approximately 1 million individuals that their personal data was compromised when a back-up drive that contained the information was stolen from a safe located in the IT Department. The individuals … Continue Reading

North Dakota Medicaid Recipients’ Data Found in Dumpster

The North Dakota Department of Human Services (NDDHS) is notifying 2,452 Medicaid recipients that their protected health information has been compromised when their records were discovered in a dumpster. On May 19, 2017, a member of the public discovered sensitive information in a dumpster and contacted NDDHS. The documents that were discovered included Medicaid worksheets, … Continue Reading

Medicaid Documents Thrown in Dumpster

The North Dakota Department of Human Services has admitted that one of its employees threw Medicaid claim resolution worksheets into a dumpster instead of disposing them in a secure onsite shredding receptacle. The result? The documents were found in the dumpster by a citizen who notified the Department, which then notified almost 2,500 patients of … Continue Reading

Reader’s Digest Publisher Settles Case Alleging It Sold Subscribers’ Personal Information for $8.2M

In what is being considered the largest-ever settlement of alleged violations of Michigan’s privacy law (the Michigan Preservation of Personal Privacy Act), the publisher of Reader’s Digest has agreed to pay out $8.2 million to settle a proposed class-action lawsuit brought by consumers who allege that the publisher sold subscribers’ personal information to data brokers … Continue Reading

Privacy Tip #92 – Finally, HHS Is Removing SSNs from Medicare Cards

For those of you who know me, you know that I have been very frustrated with the federal and state governments for continuing to use Social Security numbers for eligibility, enrollment and participating in Medicare and Medicaid. This includes listing individuals’ Social Security numbers on the Medicare and Medicaid cards. The good news is that … Continue Reading

AICPA Releases Cybersecurity Risk Management Reporting Fact Sheet for CPAs Without a Key Recommendation

The American Institute of CPAs (AICPA), has released a risk management reporting framework that is intended to “establish a common, underlying language for Cybersecurity risk management reporting—almost akin to US GAAP or IFRS for financial reporting.” According to AICPA, the framework may be used by both management and CPAs to “enhance cybersecurity risk management reporting … Continue Reading

OneLogin Suffers and Notifies Customers of very Sophisticated and Scary Intrusion

San Francisco based OneLogin, which provides single sign on and identity management services for companies and app vendors, recently notified its users that it has discovered an unauthorized access to its data. The idea behind OneLogin is for a user to have one username and password that it can use through OneLogin’s platform for all … Continue Reading

“Fireball” Malware a Threat to Health Care Industry

A new report released by Check Point has security personnel working in the health care industry particularly concerned and they are warning their colleagues about the existence of “Fireball.” Fireball, released by a Chinese operation, has infected approximately 250 million computers worldwide. According to the report, the malware hijacks web browsers and turns computers into … Continue Reading

HHS Releases Health Care Industry Cybersecurity Task Force Report

This week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task Force, made up of industry professionals from the public and private sectors to identify and develop recommendations “on the growing … Continue Reading

OCR Issues Reminder on Security Incidents

Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware attack could be a reportable breach under the HIPAA Breach Notification Rule. Despite the fact that many health care … Continue Reading

2,500 Mothers’ and Newborns’ Personal and Health Information Lost in the Mail

The Arizona Department of Health Services (ADHS) has notified 2,500 patients that their personal and health information has been lost in the mail. The affected patients were mothers and newborns enrolled in the newborn screening program operated by ADHS. The compromised information was contained on paper records, including names, addresses, Social Security numbers, health insurance … Continue Reading

Privacy Tip #91 – Teen App Wishbone Compromised—Female Teenagers at Risk

Social networking app Wishbone, which is used primarily by teenage girls to vote on various teenage type quizzes, like favorite entertainers or fashion, has been hacked. The intruders have reportedly gained access to users’ (again, primarily female minors) names, unique email addresses and mobile telephone numbers. Not just a few, either. The data compromised included … Continue Reading

Pacemakers at Risk for Remote Tampering

A new study by WhiteScope concludes that pacemakers from four manufacturers contain security weaknesses that expose them to remote tampering. Pacemakers run on radio frequency and health care providers can adjust them to assist patients with heart abnormalities without having to undergo surgery. However, according to the study, the programmers who are adjusting the pacemakers … Continue Reading

New Study Shows Inaccuracies of Wearable Fitness Trackers for Calories Burned

Researchers at Stanford University have released a study concluding that wearable fitness trackers provide inaccurate measurements when it comes to providing information to users on how many calories have been burned. The researchers evaluated seven wearable fitness trackers and how they measured heart rate and calories burned. Most of them measured heart rate pretty accurately, … Continue Reading

Ransomware Attack Hits Dallas Senior Living Community

No industry is immune from ransomware attacks—including senior living communities. Senior living communities have exploded now that baby boomers are selling homes, down-sizing and getting ready for that stage of life. Many of us in the sandwich generation are choosing communities for our parents. When residents move into a senior resident community, the community collects … Continue Reading

Rite Aid’s Online Store Breached

Rite Aid has admitted that its online eCommerce platform was accessed by unauthorized individual(s) from January 30, 2017, through April 11, 2017, and their customers’ names, addresses and payment card information, including credit and debit card numbers, expiration dates and security codes were compromised. The breach affected any customers using Rite Aid’s online store and … Continue Reading
LexBlog