Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Manufacturing Sector Getting Hit with Cyber-Attacks: Portable Oxygen Device Manufacturer Notifies 30,000 Patients of Breach

By Linn Foster Freedman on April 19, 2018 Posted in Cybersecurity

Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading

HHS Warns Health Care Organizations About SamSam Ransomware

By Linn Foster Freedman on April 19, 2018 Posted in Cybersecurity

The health care industry continues to get hammered by SamSam ransomware attacks, to the point that the Department of Health and Human Services Healthcare Cybersecurity and Communications Integration Center (HCCIC) has issued a report outlining the danger of ongoing SamSam ransomware campaigns, with tips to help organizations detect and block SamSam. According to the report, … Continue Reading

Privacy Tip #135 – Cybersecurity Spring Cleaning Tips

By Linn Foster Freedman on April 19, 2018 Posted in Privacy Tips

Here’s a great idea offered by the National Cyber Security Alliance and the Better Business Bureau: while you are doing your spring cleaning, don’t forget to do a digital spring cleaning too—that is, your computer, cellphone and Internet-connected devices. The tips acknowledge that we all have information contained on our computers, cellphones and mobile devices … Continue Reading

Pipeline Companies Targeted by Cyber-Attacks

By Linn Foster Freedman on April 12, 2018 Posted in Cybersecurity

Reports show that U.S. energy companies reported more than 350 cybersecurity incidents to the U.S. Department of Homeland Security between 2011 and 2015. Pipeline companies are included in that statistic. Last week, Energy Transfer Partners (ETP) notified its oil and gas shippers that its pipeline network system was hacked. According to ETP, the hacking targeted … Continue Reading

New Jersey AG Fines Virtua Medical Group $418,000 for Data Breach Caused by Vendor

By Linn Foster Freedman on April 12, 2018 Posted in Health Information Privacy, HIPAA and Health Information

The New Jersey Attorney General’s office announced this week that it has fined Virtua Medical Group, which is comprised of more than 50 medical practices in New Jersey, for failing to protect the privacy of 1,650 patients when their medical information was accessible online. The information was uploaded to a password-protected FTP website, but during … Continue Reading

Outcome Health Settles TCPA Class Action Suit

By Linn Foster Freedman on April 12, 2018 Posted in Telephone Consumer Protection Act

Ever notice the flatscreen TVs and tablets in your doctor’s office that run different health-related and wellness stories? Many of them are provided by Outcome Health, which installs free TVs and tablets in doctor’s offices to provide educational material to patients while they are sitting in the waiting room. The company makes its money by … Continue Reading

Busy Data Breach Week

By Linn Foster Freedman on April 12, 2018 Posted in Data Breach

Unfortunately, it was another busy data breach week. Here’s a summary of the major ones. Delta Airlines admitted in a statement that the payment card data of several hundred thousand customers might have been compromised by malware between September 26 and October 12, 2017, through a third-party vendor ([24]7.ai that provides online chat services to … Continue Reading

Privacy Tip #134 – Question: How are Online Quizzes Beneficial to Me?

By Linn Foster Freedman on April 12, 2018 Posted in Privacy Tips

Many readers know that it would be a cold day in H-E-Double Hockey Sticks (Go Bruins!) that I have in the past or ever in the future will take an online quiz. Why on earth would anyone do that? What is the benefit to you of participating in a seemingly innocuous quiz about yourself and … Continue Reading

“NYC Secure” Gives New Yorkers Tool to Protect Their Smartphones

By Linn Foster Freedman on April 5, 2018 Posted in Cybersecurity

On the heels of the ransomware that had the City of Atlanta scrambling last week, Mayor Bill de Blasio announced the launch of “NYC Secure,” a free mobile app that will alert New York City residents of suspicious activity detected on their smartphones. According to the Mayor, “New Yorkers aren’t safe online. We can’t wait … Continue Reading

South Dakota Beats Alabama in Passage of Data Breach Notification Law

By Linn Foster Freedman on April 5, 2018 Posted in Data Breach

We previously noted last month that only two states had not enacted a data breach notification law to date—South Dakota and Alabama [see related post]. South Dakota passed the finish line right before Alabama, but both states have now joined the rest of the nation in enacting data breach notification laws for their citizens. Last … Continue Reading

Privacy Tip #133 My Students Teach Me

By Linn Foster Freedman on April 5, 2018 Posted in Privacy Tips

I have the privilege of teaching Privacy Law at Roger Williams University School of Law, one of the few law schools in the country to offer the course. This is the fourth year the course has been offered, and the students who take the course are bright and engaged. The fun thing about teaching the … Continue Reading

Power Company Fined for Contractor Copying Data to its Own Insecure Network

By Linn Foster Freedman on March 29, 2018 Posted in Cybersecurity

Vendor management continues to be a problem for all industries, but some are scarier than others. The North American Electric Reliability Corp. (NERC) recently provided notice to the Federal Energy Regulatory Commission that an unidentified power company has reached a settlement with the Western Electricity Coordinating Council for $2.7 million to resolve two violations of … Continue Reading

Energy Sector: Hit Hard and Worried

By Linn Foster Freedman on March 29, 2018 Posted in Cybersecurity

One only needs to read the headlines to understand that critical infrastructure in the U.S., including the energy sector, is an obvious target for malicious actors. According to a new report by Marsh, entitled “Could Energy Industry Dynamics be Creating an Impending Cyber Storm?”, more than one in four respondents of a survey aimed at … Continue Reading

NIST Issues Energy Sector Asset Management Project

By Linn Foster Freedman on March 29, 2018 Posted in Cybersecurity

According to the National Institute of Standards and Technology (NIST), the energy sector relies on industrial control systems assets to “generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas.” These industrial control systems include supervisory control and data acquisition (SCADA) systems, distributed control systems, programmable logic controllers and … Continue Reading

Oregon Strengthens Data Breach Reporting Law

By Linn Foster Freedman on March 28, 2018 Posted in Data Breach

Oregon Governor Kate Brown recently signed a new data breach reporting law (S. 1551) that toughens the state’s existing requirements. The new law requires companies to notify individuals within 45 days after a data breach has been discovered, unless a delay in notification is requested by law enforcement. It expands the definition of personal information … Continue Reading

Russians Continue to Attack U.S. Energy and Power Sectors

By Linn Foster Freedman on March 22, 2018 Posted in Cybersecurity

Late last week, a joint statement by the Department of Homeland Security and the Federal Bureau of Investigation confirmed that the Russian government has been behind an ongoing targeted campaign to penetrate U.S. power plants and the electric grid. Of course, this fact has been well known and has been reported on repeatedly in the … Continue Reading

Privacy Tip #131 – Bryant University Women’s Summit Follow-Up

By Linn Foster Freedman on March 22, 2018 Posted in Privacy Tips

I was so honored to be a presenter at the Bryant Women’s Summit last week. It is always an incredible event and I enjoy attending every year. But the bonus for me this year is that I also got to interact with a lively group of executive and professional women that were eager to learn … Continue Reading

Orbitz Confirms Breach of Travel Records and Credit Card Information of 880,000 Individuals

By Linn Foster Freedman on March 21, 2018 Posted in Data Breach

Orbitz, the travel booking entity that is owned by Expedia, has confirmed that it has “identified and remediated a data security incident affecting a legacy travel booking platform.” This means that one of its older websites that are used by customers to book their travel plans was hacked. The statement says that Orbitz uncovered evidence earlier … Continue Reading

Verizon Protected Health Information Data Breach Report Concludes that Insiders Are Greatest Threat to Health Care Entities

By Linn Foster Freedman on March 15, 2018 Posted in Cybersecurity, Data Breach, Health Information Privacy

Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats. Insider threats can … Continue Reading

473,807 Patient Records Compromised in January, 2018—83 Percent Caused by Hacking Incidents

By Linn Foster Freedman on March 15, 2018 Posted in Cybersecurity, Data Breach, Health Information Privacy

The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading

Last Two States Considering Passage of Data Breach Notification Laws

By Linn Foster Freedman on March 15, 2018 Posted in Data Breach

The last two states which have not passed data breach notification laws are Alabama and South Dakota. Sometimes we make jokes about these states as they are so late to the data breach notification table (California was the first state to pass a data breach notification law in 2002) and they seem not to care … Continue Reading

Facebook Can’t Shake Illinois Biometric Proposed Class Action Case

By Linn Foster Freedman on March 15, 2018 Posted in Enforcement & Litigation

We have previously reported on Facebook’s fight against a proposed class action case alleging violation of the Illinois Biometric Information Privacy Act (BIPA). Facebook continues to fight the allegation that its collection and storage of users’ and non-users’ facial scans through the use of facial recognition technology violates BIPA, and has filed a Motion to … Continue Reading

Privacy Tip #130 – Smartphones Targeted by Dark Caracal Attack

By Linn Foster Freedman on March 15, 2018 Posted in Privacy Tips

There is a global malware campaign that is targeting mobile devices across the world. It is called Dark Caracal, which is believed to be sourced in Beirut by the Lebanese General Security Directorate. According to security researchers, attacks on mobile devices are on the rise because people are using their smartphones more than they are … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).