Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Marriott Confirms Over 5 Million Passport Numbers Stolen in Data Breach

Marriott International Inc. has released new numbers relating to its Starwood Hotel’s reservation database by stating that 5 million passport numbers were stolen in the database. After further investigation, Marriott states that the information for fewer than 383 million guests (as opposed to 500 million) were exposed. The data that was compromised of these guests … Continue Reading

Neiman Marcus Settles Data Breach Litigation for $1.5 Million

Neiman Marcus Group LLC has settled an investigation of its 2013 data breach with 43 states and the District of Columbia for $1.5 million. The data breach involved 370,000 credit cards, where 9,200 of the cards were used in a fraudulent manner [view related posts]. Illinois Attorney General Lisa Madigan, and Connecticut Attorney General George … Continue Reading

Privacy Tip #172 – The Weather Company App Collects and Monetizes Users’ Geolocation Information

A lawsuit filed late last week by Los Angeles City Attorney Michael Feuer alleges that TWC Product and Technology LLC (TWC), the company behind The Weather Company App, is collecting, disclosing, selling and monetizing users’ information without their consent. According to the lawsuit, the weather app tracks real time geolocation data on 45 million users … Continue Reading

HHS Issues Cybersecurity Practices for Health Care Industry

Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts. The publication, Health Industry Cybersecurity Practices: Managing Threats and … Continue Reading

Top Cybersecurity Risks for the Health Care Industry

Clearwater Compliance’s newest CyberIntelligence Insight Bulletin concludes that the top three cybersecurity risks for the health care industry, which accounts for 36.8% of reported critical risk incidents include: 1) user authentication deficiencies, including storing passwords in obvious places where others can find them such as on the computer monitor or under the keyboard, using generic … Continue Reading

Hack of Electrum Wallets Reaps over 200 Bitcoin (around $750,000)

A scary scheme by hackers recently successfully lifted Bitcoin from Electrum wallet owners to the tune of approximately $750,000. The scheme worked like this: the attackers added anywhere between 33 and 50 malicious servers to the Eletrum wallet network. When legitimate owners of Electrum Bitcoin wallets initiated a Bitcoin transaction after December 21, 2018, if … Continue Reading

San Diego School System Hack Exposes Data of More than 500,000 Students

The San Diego School System has notified current and former students, as well as some employees, that hackers compromised its system and obtained access to a file that included detailed personal information of more than 500,000 students from the 2008-2009 school year. The information accessible included the students’ names, addresses, Social Security numbers, health information, … Continue Reading

The Tricky World of Cyberliability Insurance

2018 was the year of hearing from clients that they are convinced that they “have cyberliability insurance” to finding out that they really don’t have the coverage that they need for the most common cyber risks. We can’t count the number of times that we have assisted clients in the past year with cyber intrusions, … Continue Reading

Experian® Predicts Cyber Threats in 2019

Experian’s Data Breach Resolution group has released its Data Breach Industry Forecast 2019 Report, which provides predictions for data breaches in 2019, and outlines staggering statistics of data breaches that occurred in 2018. One statistic is that the “number of records compromised in the first half of the year had already surpassed the total number … Continue Reading

Patch, Patch, Patch Those Vulnerabilities

The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers can exploit it. Patching is a very important part of a security plan, but the … Continue Reading

Privacy Tip #170 – Patch: Business + Personal

In this week’s New + Now piece, we discuss the importance of patching software vulnerabilities and being patient at work to allow your data security colleagues to patch those vulnerabilities, which are coming more frequently and are taking longer. When I conduct employee data privacy and security education sessions for clients, I am surprised at … Continue Reading

Addressing Insider Threats

In data privacy and security jargon, an insider threat usually includes: an employee who creates a security risk due to a lack of awareness or carelessness, but doesn’t mean to do anything wrong (clicks on a phishing email and introduces malware or ransomware into the system) an employee who creates a security risk for his … Continue Reading

Privacy Tip #169 – What to Do When You Get the Breach Notification Email from Starwood Hotels/Marriott

I knew I would get it. It was just a matter of time. The dreaded breach notification email from Starwood Hotels/Marriott hit my inbox this Monday. As you know, I am one that is serious about data privacy. I have received notification of data breaches of my information before, and what irks me is that … Continue Reading

Advanced Care Hospitalists Settles with OCR for $500,000 for Alleged HIPAA Violations

The Office for Civil Rights has announced that it has settled with Lakeland, Florida based Advanced Care Hospitalists (ACH) for $500,000 for allegations of an impermissible disclosure of protected health information by one of its business associates. ACH provides contract internal medicine physicians to nursing homes and hospitals. According to the press release, between November … Continue Reading

Cyber Criminals Recruiting Employees on the Dark Web to Assist with Fraud Schemes

Darkreading.com has issued a survey entitled: Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web which states that malicious insiders are responsible for 27 percent of all cybercrime. This statistic confirms that cyber criminals are increasingly recruiting insiders by using the dark web as a recruiting tool. So not only do businesses … Continue Reading

Use of Multifactor Authentication

This has been quite the year of O365 intrusions. The story seems to be almost identical in each security incident we investigate this year, and it goes like this: Employee receives a pop-up message from Microsoft advising employee that s/he must change his or her password for security purposes. Employee types his or her user … Continue Reading

Privacy Tip #168 – USPS Security Vulnerability Affects More Than 60 Million

We previously commented on the risks around the United State Postal Service’s (USPS) “Informed Visibility” service, which allows customers to preview their mail to inform them when it will be delivered. Some security experts recommend that customers opt out of the program so an account cannot be opened in your name. Last week, it was … Continue Reading

2.6 Million Atrium Health Patient Records Compromised by Vendor AccuDoc

Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading
LexBlog