Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law. Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Size Doesn’t Matter for OCR Enforcement Actions

Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion. On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community … Continue Reading

Privacy Tip #246 – Spam, Spam, Spam: Be Extra Cautious

By Linn Foster Freedman on July 30, 2020 Posted in Coronavirus, Privacy Tips

Security researchers are warning companies to be aware of a new resurgence of the Emotet botnet that has been reactivated after a hiatus of five months. According to the researchers, the Emotet malware steals information, and has been used to distribute the banking Trojan Trickbot. Attackers using the Emotet botnet use simple emails that are … Continue Reading

Connecticut Insurance Department Reminds Licensees to Comply with Data Security Law

By Linn Foster Freedman on July 29, 2020 Posted in Cybersecurity

On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut Insurance Data Security Law (“Act”) becomes effective on October 1, 2020 and providing guidance on compliance. The Act requires “all persons who are licensed, authorized to operate or registered, or required to be licensed, authorized or registered … Continue Reading

Fall-Out from Blackbaud Ransomware Attack

By Linn Foster Freedman on July 23, 2020 Posted in New + Now

As a follow-up to last week’s post on the importance of due diligence regarding high-risk vendors’ security practices, Blackbaud, a global company providing financial and fundraising technology to not-for-profit entities, notified its customers late last week that it was the victim of a ransomware attack in mid-May. Blackbaud offers a number of products to its … Continue Reading

Privacy Tip #245 – Another Breach Notification Letter

By Linn Foster Freedman on July 23, 2020 Posted in Cybersecurity, Data Breach, Privacy Tips

This week, I received a breach notification letter from a large financial institution stating that my personal information, including my name, Social Security number, account name and number, contact information, date of birth, and asset information may have been compromised. UGH—that is highly sensitive information. Unfortunately, this is not the first time my personal information … Continue Reading

Chinese and Russian Hackers Targeting COVID-19 Vaccine Makers in U.S. Crosshairs

By Linn Foster Freedman on July 23, 2020 Posted in Coronavirus, Enforcement + Litigation

Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a … Continue Reading

Benefit Vendors’ Security Practices

By Linn Foster Freedman on July 16, 2020 Posted in New + Now

Most employers use vendors to assist with managing various employee benefits, including payroll, health and dental benefits, pharmacy, cost-reduction strategies, retirement, analysis and wellness programs. When using these vendors, the personal information of employees is provided to the vendor in data dumps. Usually that means that the vendors receive employees’ names, addresses, dates of birth, … Continue Reading

Privacy Tip #244 – Beware of Scammers Posing as Utility Company Employees

By Linn Foster Freedman on July 16, 2020 Posted in Coronavirus, Privacy Tips

The coronavirus pandemic has caused millions of people to lose their jobs and many are struggling to make ends meet, including paying their utility bills. With economic turmoil comes scammers ready to take advantage of heightened anxiety and to prey on individuals when they are the most vulnerable. Recently, scammers have been posing as employees … Continue Reading

SEC Issues Warning for Advisors and Broker-Dealers on Increased Ransomware Attacks

By Linn Foster Freedman on July 15, 2020 Posted in Cybersecurity

On July 10, 2020, the Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their cybersecurity controls to prevent and respond to an increase in phishing campaigns and ransomware attacks. The Risk Alert advises that the OCIE has “observed an apparent … Continue Reading

Health Care Providers Continue to Be Hit with Ransomware and Phishing

By Linn Foster Freedman on July 9, 2020 Posted in Cybersecurity

It doesn’t matter in which state you are located, how many patients you treat, what kind of medicine you practice or how many employees you have, if you are a health care provider, you are being targeted and hackers are successful in victimizing you. That’s my take on the recent Becker’s Health IT article that … Continue Reading

Amazon Offers a “Quickstart Package” for Compliance with DOD’s CMMC

By Linn Foster Freedman on July 9, 2020 Posted in New + Now

Amazon has announced that it has developed and is offering a “CMMC Quickstart Package” to help contractors comply with the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) required for contractors to enter into contracts with DOD. According to an Amazon spokesman, Amazon Web Services (AWS) will be releasing a responsibility guide that “lists … Continue Reading

Privacy Tip #243 – Misconfigured Cloud Exposes Millions of Records of Eleven Dating Sites

By Linn Foster Freedman on July 9, 2020 Posted in Privacy Tips

Dating sites continue to be the source of compromise of sensitive personal information. Another example of this was discovered recently by security researchers at WizCase, who found that information on millions of users of up to 11 different dating service sites was accessible due to misconfigured cloud storage. The databases that were discovered included users’ … Continue Reading

Cyber-Attacks Against Maritime Industry Quadrupled in Last Few Months

By Linn Foster Freedman on June 25, 2020 Posted in Cybersecurity

A recent report released by the British Ports Association and Astaara, a risk management firm based in the U.K., concludes that since February 2020, the maritime industry has seen a dramatic increase in cyber-attacks. The number of attacks has quadrupled, as companies struggle with COVID-19 and remote work forces. According to the report, in what … Continue Reading

CCPA Enforcement Looms

By Linn Foster Freedman on June 25, 2020 Posted in Data Privacy, New + Now, Websites

We have previously alerted our readers about the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. CCPA is one of the strictest consumer privacy laws in the U.S. and is broadly applicable [view related posts]. Although CCPA went into effect on January 1, 2020, enforcement by the California Attorney General … Continue Reading

Privacy Tip #242 – Protecting Children’s Privacy

By Linn Foster Freedman on June 25, 2020 Posted in Children's Privacy, Privacy Tips

The Children’s Online Privacy Protection Act (COPPA) has been on the books for years and is enforced by the Federal Trade Commission (FTC). COPPA basically prohibits companies from collecting personal information from children under the age of 13 without parental consent. The FTC has an impressive record of enforcement actions under COPPA and compliance with … Continue Reading

Crozer-Keystone Health System Data for Sale Online by Attackers

By Linn Foster Freedman on June 24, 2020 Posted in Data Breach

It is being reported by Cointelegraph that ransomware group Netwalker is offering for sale data it exfiltrated from Pennsylvania based Crozer-Keystone Health System after the system declined to pay the requested ransom. According to the report, Netwalker offered to sell the data through its darknet website for six days and if no one buys it, … Continue Reading

Alabama City Hit with Ransomware

By Linn Foster Freedman on June 11, 2020 Posted in Cybersecurity

On June 5, 2020, Florence, Alabama’s information technology systems were hit with ransomware by the DoppelPaymer group demanding a ransom payment of $378,000 in bitcoin. Mayor Steve Holt confirmed that the attack shut down the city’s email system, and that the city used an outside firm to negotiate the payment of a lower ransom of … Continue Reading

Think Twice Before Marketing with Robocalls

By Linn Foster Freedman on June 11, 2020 Posted in New + Now

Sales and marketing professionals in companies are usually energetic, vivacious and creative. That’s what makes them so good at their jobs. But it’s also these excitable folks who can get companies in trouble when it comes to the Do Not Call List and the Truth in Caller ID Act. In addition to the Telephone Consumer … Continue Reading

Privacy Tip #241 – Who is db851dd?

By Linn Foster Freedman on June 11, 2020 Posted in Privacy Tips

As you know, I very rarely download mobile apps. Except for a multi-factor authentication app, and of course, the Jumbo privacy app. This week, the Jumbo privacy app advised me that my name, address and email address had been involved in a data breach by db851dd. What the heck is that and how did they … Continue Reading

DHS Warns Windows 10 Users of Exploit Code

By Linn Foster Freedman on June 9, 2020 Posted in Cybersecurity, New + Now

The Department of Homeland Security (DHS) cybersecurity advisory arm issued a warning on its website that “[M]alicious cyber actors are targeting unpatched systems” with a new exploit code that on unpatched systems could spread to millions of computers. The exploit code, called SMBGhost, attacks a security vulnerability in the server message block (SMB) that Microsoft … Continue Reading

Capital One Required to Produce Forensic Report in Class Action

By Linn Foster Freedman on May 28, 2020 Posted in Cybersecurity

As a litigator, when responding to any security incident, thoughtful consideration is given to the possibility that the security incident may wind up in litigation, and therefore, certain decisions are made in anticipation of that litigation. Without getting into the details of the legal doctrines of attorney-client privileges, work product doctrine, and in anticipation of … Continue Reading

Have Questions About CMMC? Don’t We All

By Linn Foster Freedman on May 28, 2020 Posted in New + Now

I had the pleasure of participating as a panelist this week for companies primarily involved in the maritime industry, and one of the topics discussed was the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification Program (CMMC). The discussion generated questions that I thought merited sharing. Simply put, the DOD’s CMMC Program was designed to … Continue Reading

Privacy Tip #240 – Update iPhone OS as Soon as Possible for Jailbreak Zero-Day Vulnerability

By Linn Foster Freedman on May 28, 2020 Posted in Drone Privacy, Privacy Tips

We have urged readers in the past to pay attention to the pushes received from mobile phone manufacturers to update operating systems. Although the pushes claim that new features are included, there are also patches included to plug known vulnerabilities. If you keep pushing “later,” and you don’t update as soon as possible, those vulnerabilities … Continue Reading

Texas Court System Hit with Ransomware

By Linn Foster Freedman on May 14, 2020 Posted in Cybersecurity

The Office of Court Administration in Texas (OCA) confirmed late last week that it is the victim of a ransomware attack. The OCA stated that it would not pay the ransom. “OCA was able to catch the ransomware and limit its impact, and will not pay any ransom…Work continues to bring all judicial resources and … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).