Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

4,229 Psychiatric Patients’ Records Hacked

Bangor Health Center, a psychiatric practice located in Bangor, Maine, has notified 4,229 patients that a hacker from Moldova has accessed their psychiatric records, including names, addresses, Social Security numbers, telephone numbers, diagnoses and doctors’ notes. The health center provides outpatient therapy to both children and adults for behavioral health conditions including substance use disorders, … Continue Reading

OCR Settles First Case With Wireless Provider for $2.5 Million

Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million. CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from … Continue Reading

St. Jude Medical on Hot Seat for Cybersecurity Flaws in Home Monitoring System

The Food and Drug Administration (FDA) recently issued a warning letter to St. Jude Medical, alleging that it failed to properly investigate issues with the batteries in its defibrillator implants and for failing to fix the cybersecurity of its in-home monitoring system, known as Merlin@home. The monitoring system is wireless and is connected to St. … Continue Reading

ACC Issues Data Security Guidelines for In-House Counsel to Evaluate Law Firms

The Association of Corporate Counsel (ACC) has issued its first-ever data security guidelines, which outline basic data security measures that in-house counsel can use to evaluate their outside counsel. Most companies these days are auditing their law firms’ data security measures, but since data breaches occurred at some of the largest U.S. based law firms … Continue Reading

InterContinental Hotels Group Reports Credit Card Breach

InterContinental Hotels Group (IHG) has reported a data breach of its payment card processing system. The breach involves malware that infected certain locations between September 29, 2016, and December 29, 2016. The malware lifted customers’ names, credit card numbers, expiration date and the security codes of credit cards used at certain locations during that time … Continue Reading

Privacy Tip #83 – “Alexa, Disconnect Yourself from the Internet Now!” BrickerBot Malware Attacking IoT

We often talk about how anything that is connected to the Internet is hackable and unsafe, and to be careful about how you buy and connect devices, products, appliances, home security systems and other wireless “things.” These are called the Internet of Things, or “IoT.” Alexa is an IoT “thing.” Cybersecurity literature constantly warns us … Continue Reading

March Sees an Uptick in Health Data Breaches

The monthly breach report issued by Protenus last week outlining data breaches that occurred in the month of March concludes that there was an “uptick in the number of health data breach incidents.” According to the report, there were 39 incidents last month that involved health information, compromising 1.5 million patient records. A whopping 44 … Continue Reading

OCR Levies Hefty Fine Against FQHC

Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health center, for alleged HIPAA violations. The fine, a whopping $400,000 for the center, which provides health care services to low income patients, … Continue Reading

GameStop Investigating Data Breach of Credit Card Information

Brian Krebs broke the story that GameStop was investigating a possible data breach affecting customers’ credit card information. This week, GameStop confirmed that it is investigating the possible compromise of credit card information from September 2016 through February 2017. The information that may have been compromised includes customers’ names, card numbers, expiration dates, and the … Continue Reading

ABCD Pediatrics Victim of Ransomware

ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its patients. The ransomware used by the attackers was Dharma. The practice found through forensic analysis that access had been gained to … Continue Reading

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the vulnerability can be introduced by the use of products that inspect HTTPS traffic. These products are used to detect malware or unsafe connections, which … Continue Reading

Erie County Medical Center IT Systems Shut Down By Virus

Buffalo, New York Erie County Medical Center has announced that its IT system has been shut down since Sunday, April 11, 2017, due to an unnamed virus. The shut-down has affected the medical facility’s email system, electronic health record and website. Because the electronic health system is not accessible, staff is using paper records for … Continue Reading

Washington University School of Medicine Victim of Phishing Attack

Another employee falls for a phishing attack. This time, it was an employee of the Washington University School of Medicine The employee received a phishing email on December 2, 2016, and fell for what looked like a real request, responded to it, which allowed access to employee email accounts, which included the health information of 80,000 … Continue Reading

TrustE Pays $100,000 with NYS for Failing to Protect Children’s Websites

On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its … Continue Reading

Privacy Tip #82 – Downloading Free Entertainment is an Easy Way to Infect Your Computer with Malware

Remember when TV was free? Okay, most of you don’t, and I was just a tot, but back in the day, it was free. We didn’t have dozens of channels or choices, but everyone could watch the major networks and PBS without a cost. These days, there are charges for everything—including downloading music, videos and … Continue Reading

State of Colorado Proposes Financial Services Cybersecurity Requirements

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning … Continue Reading

DOD U.S.-CERT Cybersecurity Incident Reporting for Defense Contractors Effective April 1, 2017

New U.S. Computer Emergency Readiness Team (U.S.-Cert) guidelines around incident reporting went into effect this week (April 1, 2017). The guidelines require all federal departments and agencies, state, local, tribal and territorial government entities, information sharing and analysis organizations and private-sector organizations to report any security incident impacting the confidentiality, integrity or availability of a federal … Continue Reading

Job Seekers Beware! Data Hacked for up to 1.4 Million Illinois Residents Receiving Unemployment Benefits

The Illinois Department of Employment Security has revealed that somewhere between 1.2 million and 1.4 million Illinois residents who have received unemployment benefits from the State of Illinois have had their names, dates of birth and Social Security numbers compromised through a hacking of its vendor’s database. The residents are those seeking jobs and using … Continue Reading

McDonald’s Canada’s Job Site Hacked

McDonald’s Canada has shut down its careers webpage following a breach that occurred in mid-March. A hacker gained access to the jobs section of its website and compromised the personal information, including names, addresses, telephone numbers, employment histories and other job application information of approximately 95,000 individuals. McDonald’s Canada has notified the privacy commissioners in … Continue Reading

Rite Aid Beats TCPA Lawsuit Over Flu Shot Reminder Prerecorded Calls

A group of Rite Aid customers sued Rite Aid in December of 2014 for alleged violations of the Telephone Consumer Protection Act when it sent flu shot reminders to consumer’s cellphones without written consent. On March 30, 2017, a federal district court judge in New York dismissed the proposed class action lawsuit by granting Rite … Continue Reading
LexBlog