Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Addressing Insider Threats

In data privacy and security jargon, an insider threat usually includes: an employee who creates a security risk due to a lack of awareness or carelessness, but doesn’t mean to do anything wrong (clicks on a phishing email and introduces malware or ransomware into the system) an employee who creates a security risk for his … Continue Reading

Privacy Tip #169 – What to Do When You Get the Breach Notification Email from Starwood Hotels/Marriott

I knew I would get it. It was just a matter of time. The dreaded breach notification email from Starwood Hotels/Marriott hit my inbox this Monday. As you know, I am one that is serious about data privacy. I have received notification of data breaches of my information before, and what irks me is that … Continue Reading

Advanced Care Hospitalists Settles with OCR for $500,000 for Alleged HIPAA Violations

The Office for Civil Rights has announced that it has settled with Lakeland, Florida based Advanced Care Hospitalists (ACH) for $500,000 for allegations of an impermissible disclosure of protected health information by one of its business associates. ACH provides contract internal medicine physicians to nursing homes and hospitals. According to the press release, between November … Continue Reading

Cybercriminals Recruiting Employees on the Dark Web to Assist with Fraud Schemes

Darkreading.com has issued a survey entitled: Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web which states that malicious insiders are responsible for 27 percent of all cybercrime. This statistic confirms that cybercriminals are increasingly recruiting insiders by using the dark web as a recruiting tool. So not only do businesses have … Continue Reading

Use of Multifactor Authentication

This has been quite the year of O365 intrusions. The story seems to be almost identical in each security incident we investigate this year, and it goes like this: Employee receives a pop-up message from Microsoft advising employee that s/he must change his or her password for security purposes. Employee types his or her user … Continue Reading

Privacy Tip #168 – USPS Security Vulnerability Affects More Than 60 Million

We previously commented on the risks around the United State Postal Service’s (USPS) “Informed Visibility” service, which allows customers to preview their mail to inform them when it will be delivered. Some security experts recommend that customers opt out of the program so an account cannot be opened in your name. Last week, it was … Continue Reading

2.6 Million Atrium Health Patient Records Compromised by Vendor AccuDoc

Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading

Vendor Management

A challenging risk management project that many clients are undertaking is vendor management. Ever since the Target breach, when an HVAC vendor’s employee clicked on a phishing email that allowed an intruder to compromise Target’s system, vendor management has been an issue to be addressed by company data privacy and security teams. Vendor management is … Continue Reading

Record Retention

An ongoing and frequent request is to assist clients with record retention guidelines and migration from storing massive amounts of paper records to an electronic system. How to do this correctly cannot be fully encapsulated in a blog post, but here are a few thoughts to consider when tackling this cumbersome process. There are very … Continue Reading

Privacy Tip #166 – Black Friday Shopping Risks

It’s that time. The holidays and shopping deals on Black Friday and Cyber Monday. Here is some helpful information to consider while shopping this weekend. A new study from RiskIQ—its 2018 Black Friday E-commerce Blacklist states that “This Thanksgiving weekend, threat actors are poised to claim a pretty big slice of the e-commerce pie.” How, you … Continue Reading

Ransomware Continues to Be Top Threat to Small Companies

According to a new report by Datto, Inc. (its third annual Global State of the Channel Ransomware Report), ransomware continues to be the top cyber-attack experienced by small- and medium-sized companies. Some managed service providers were surveyed in Singapore, the Asia-Pacific region and across the globe. Fifty-five percent of them said their clients had experienced … Continue Reading

Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center

Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. As previously reported, the largest breach of health care information was recently settled by Anthem, which involved almost 80 million individuals’ information, all caused by a phishing email sent to one individual at Anthem [view … Continue Reading

IoT Sensors Collect Real Time Oceanographic Data

The Australian Institute of Marine Science is using an IoT drifter manufactured by Myriota to collect oceanographic data in almost real time. The drifters connect to low Earth orbit (LEO) satellites, so they are not using traditional mobile telephone networks, and avoid connectivity issues. The drifters monitor ocean conditions, including water temperatures, currents and barometric … Continue Reading

Radisson Loyalty Program Compromised

Radisson Hotel Group has notified some of its global loyalty program customers that hackers have stolen their personal information, including their names, addresses, email addresses, and in some cases, their employment and employers’ name and telephone number, rewards member number and frequent flyer numbers. When it discovered the compromise, it hired investigators and revoked access … Continue Reading

Test Your Employees with Internal Phishing Campaigns

Phishing campaigns continue to be one of the most successful ways for malicious intruders to access company information, including personal information of employees and customers. Phishing emails continue to get more and more sophisticated and employees continue to fall victim to them, often putting the entire company at risk. Typical successful phishing campaigns end with … Continue Reading

Privacy Tip #164 – Identity Thieves Using USPS Informed Delivery to Open Fraudulent Credit Card Accounts

The United State Postal Service (USPS) launched a program called “Informed Delivery” with the goal to assist consumers in protecting themselves from identity theft. The program allows consumers to register an account on usps.gov which allows one to view scanned images of all of their incoming mail for free. However, it is being reported that … Continue Reading

Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could … Continue Reading

FTC Announces Cybersecurity Resources for Non-Profits

Non-profit organizations collect, use and disclose personal information just like any other for-profit industry. However, non-profit organizations often don’t have the same resources to devote to data security as their for-profit counterparts. The risk is the same, but the ability to defend and respond is more challenging due to more limited resources that can be … Continue Reading
LexBlog