Photo of Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by Critical Insight.

The report states that “Data on cyber-attacks from the first half of 2021 shows criminals are changing targets within the healthcare ecosystem,

Google Chrome, touted as the world’s most popular browser (you’ve made it when your brand becomes a commonly-used noun), has issued patches for zero-day vulnerabilities that it or external researchers have identified as being exploited in the wild. Kudos to the research team at Google, as well as outside researchers who help identify vulnerabilities before

Trucking company Forward Air revealed in a filing with the Securities and Exchange Commission that it suffered a ransomware attack in December 2020 (reportedly by Hades), which caused business disruption as it was forced to “suspend its electronic data interfaces with its customers.” The attack also inhibited its ability to release freight for transport.

Forward

Facebook had a rough week on many fronts, including the publishing of “The Facebook Files” by the Wall Street Journal, segments on CBS Sunday Morning, the revelation of on 60 Minutes of Frances Haugen as the whistleblower,  and culminating with the testimony of the whistleblower before Congress.

Haugen alleges that Facebook knew that its

On September 22, 2021, the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a cybersecurity advisory alerting companies to the threat of Conti ransomware.

According to the advisory, CISA and the FBI are aware of more than 400 attacks of Conti ransomware against both

Illinois’s Biometric Information Privacy Act (BIPA) continues to be a problem for employers who are using biometric information such as palm readers or fingerprint timekeeping software.
This week, waste management company GFL Environmental Services USA Inc. (GFL) agreed to settle a proposed class action case filed by some of its employees alleging violation of BIPA.

Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data breach following a ransomware attack that corrupted its medical records system, leading to a loss of a significant number of records.

According to a letter sent to patients, QCMC discovered that

The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an $80,000 payment by the hospital for failing to provide a mother with timely access to her daughter’s medical records.

According