Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law. Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

Energy Sector’s Reliance on IoT Increases Cyber Vulnerabilities

By Linn Foster Freedman on October 31, 2019 Posted in Cybersecurity

CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. Although the Report admitted that oil and gas companies and electric utilities tend to be ahead of the curve on cybersecurity compared to other sectors, they are … Continue Reading

Ransomware Hits Legal Case Management Provider TrialWorks

By Linn Foster Freedman on October 31, 2019 Posted in Cybersecurity

On October 13, 2019, TrialWorks, a legal case management software platform, announced to its customers, that it was experiencing a hosting outage at its data center and would provide updates as more was learned about the situation. The update issued the next day admitted that TrialWorks was in the midst of a ransomware attack. It … Continue Reading

FBI Warns of E-Skimming Threats

By Linn Foster Freedman on October 31, 2019 Posted in New + Now

For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming threats to those websites. E-skimming occurs when an attacker introduces malicious code on the website to obtain in real time debit and credit … Continue Reading

Privacy Tip #214 – Veterans Warned About Risk of Misuse of Sensitive Personal Information

By Linn Foster Freedman on October 31, 2019 Posted in Privacy Tips

The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information on shared drives by employees who did not have authorization to view the information. According to the audit, sensitive information … Continue Reading

Hackers Eavesdrop and Obtain Sensitive Data of Users Through Home Smart Assistants

By Linn Foster Freedman on October 24, 2019 Posted in Cybersecurity

Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities in order to listen to users’ every word to obtain sensitive information that can be used in future attacks. Last week, it was reported by ZDNet that two security … Continue Reading

Philadelphia DPH Breach Exposes Hepatitis Patients’ Data

By Linn Foster Freedman on October 24, 2019 Posted in Cybersecurity, HIPAA and Health Information

A reporter from the Philadelphia Inquirer discovered that sensitive data of hepatitis patients were accessible online through a Philadelphia Department of Public Health (DPH) website tool without the need for a password. The Inquirer was able to access the data of some 23,000 patients who had contracted Hepatitis C. The vulnerable data included the patient’s … Continue Reading

Compliance: Keeping Up with Rapidly Changing Privacy and Security Laws

By Linn Foster Freedman on October 24, 2019 Posted in New + Now, Websites

The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I stopped that practice because many were never enacted. Now, however, state laws are being … Continue Reading

Privacy Tip #213 – The Jumbo Privacy App

By Linn Foster Freedman on October 24, 2019 Posted in Privacy Tips

As most of you know, I rarely download an app. However, here’s one I just downloaded and here’s why. The Jumbo Privacy app, available in the App Store, is all about providing consumers with a way to audit their privacy and learn whether and how their information might have been compromised. A cool thing about … Continue Reading

Jackson Health System Fined by OCR

By Linn Foster Freedman on October 23, 2019 Posted in HIPAA and Health Information

The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (Jackson), a not-for-profit hospital system comprised of six hospitals, urgent care centers, nursing facilities, and primary care and specialty services based in Miami, Florida, has waived its right to a hearing and did not contest the findings set forth in … Continue Reading

Small and Mid-Sized Businesses Continue to Be Targeted by Cybercriminals

By Linn Foster Freedman on October 17, 2019 Posted in Cybersecurity

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks. The Ponemon study finds that 76 percent of the 592 companies surveyed had experienced a cyber-attack in the previous year, up from 70 percent … Continue Reading

NSA Warns of Hackers Attacking VPN Service Applications

By Linn Foster Freedman on October 17, 2019 Posted in New + Now

The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain access to users’ devices. The hackers are leveraging vulnerabilities in older versions of VPN applications, and if successful, the attackers can then remotely execute … Continue Reading

Privacy Tip #212 – National Cybersecurity Awareness Month: “Own IT”

By Linn Foster Freedman on October 17, 2019 Posted in Privacy Tips

Everyone should be aware that October is National Cybersecurity Awareness Month. TechNewsWorld is urging all users to “Own IT,” which “means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber … Continue Reading

CCPA News: Amendments Signed into Law by the California Governor and Draft Regulations Released by the State’s Attorney General

By Linn Foster Freedman and Deborah George on October 14, 2019 Posted in Data Privacy, Websites

Last week was a busy week for the California Consumer Privacy Act (CCPA), as Attorney General Xavier Becerra released draft regulations on October 10 and Governor Newsom signed several pending CCPA amendments into law on October 11. The CCPA amendments clarified several important issues, including: employee information and business-to-business (B2B) communications are exempt from the … Continue Reading

FBI Warns of Sharp Increase in Ransomware Attacks in Certain Sectors

By Linn Foster Freedman on October 10, 2019 Posted in Cybersecurity

The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry. According to the warning, “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial … Continue Reading

Dental Practice Pays $10,000 Fine to OCR for Disclosing PHI on Social Media

By Linn Foster Freedman on October 10, 2019 Posted in HIPAA and Health Information

Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000. The OCR alleged that it received a complaint from a patient in June of 2016 that Elite had disclosed the patient’s last name and details of the patient’s health condition on … Continue Reading

Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

By Linn Foster Freedman on October 10, 2019 Posted in New + Now

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense (DOD). It is in the process of developing a Cybersecurity Maturity Model Certification (CMMC) requirement for those vendors. … Continue Reading

Privacy Tip #211 – WhatsApp Users: Update Your App to Patch Vulnerability

By Linn Foster Freedman on October 10, 2019 Posted in Privacy Tips

WhatsApp has announced that it has patched a vulnerability that would have allowed hackers to access with malware the chat history of users. Android 8.1 and 9 could have been susceptible to the attack. However, WhatsApp is urging all users to update their app. Although WhatsApp says it has patched the vulnerability and does not … Continue Reading

Ransomware Attacks Double in 2019: Medical Providers Can’t Recover and Shut Down

By Linn Foster Freedman on October 3, 2019 Posted in Cybersecurity, Health Information Privacy, HIPAA and Health Information

Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in California, is permanently closing following a ransomware attack. Wood Ranch was hit with a ransomware attack over the summer, and … Continue Reading

Google Sued Under Illinois Biometric Information Privacy Act

By Linn Foster Freedman on October 3, 2019 Posted in Enforcement + Litigation

Another day, another suit against a brand name for allegations of violation of the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs’ attorneys are having a field day filing class action lawsuits based on BIPA. Late last week, Google was sued in Cook County, Illinois in a proposed class action, alleging that it violated BIPA by … Continue Reading

Important Tool in Your Box: Spam Filter

By Linn Foster Freedman on October 3, 2019 Posted in New + Now

I have been hanging out a lot with Chief Information Officers (CIO) and Chief Information Security Officers (CISO) these days at speaking engagements and conferences, as October – National Cybersecurity month – is always busy. The topic that keeps coming up in these conversations is phishing and how most ransomware attacks are started because an … Continue Reading

Privacy Tip #210 – HHS Office of Inspector General Issues Fraud Alert for Genetic Testing Scam Targeting Seniors

By Linn Foster Freedman on October 3, 2019 Posted in Health Information Privacy, HIPAA and Health Information, Privacy Tips

Everyone knows how I feel about those home genetic testing kits—most people don’t understand that when they send their DNA to a private company that it is not protected by HIPAA or any other law, and the company can legally use and disclose it, including selling it to other companies. Understand what companies are doing … Continue Reading

Click2Gov Portal Compromised in Eight Cities

By Linn Foster Freedman on September 26, 2019 Posted in Cybersecurity

Many cities in the United States utilize a self-pay portal for residents to pay bills online, known as Click2Gov. Click2Gov was compromised in 2017 and 2018, when hackers were able to access over 300,000 payment cards and reportedly made more than $2 million in the heist. It is being reported this week by security researchers … Continue Reading

Vimeo Hit with Class Action for Alleged Violations of Biometric Law

By Linn Foster Freedman on September 26, 2019 Posted in Enforcement + Litigation

Vimeo, Inc. was sued last week in a class action case alleging that it violated the Illinois Biometric Information Privacy Act by “collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information…without informed written consent.” According to the Complaint, Vimeo “has created, collected and stored, in conjunction with its cloud-based … Continue Reading

FTC Sues Match.com Owner for Alleged Fake Love-Interest Ads

By Linn Foster Freedman on September 26, 2019 Posted in Enforcement + Litigation

The Federal Trade Commission (FTC) announced in a press release on September 25, 2019, that it has filed a Complaint against Match Group, Inc. (Match), the owner of Match.com, Tinder, OKCupid, PlentyOfFish and other alternative dating sites, alleging that it “used fake love interest advertisements to trick hundreds of thousands of consumers into purchasing paid … Continue Reading

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law (i.e., jurisdictions other than Connecticut, Massachusetts, and various federal courts).