Featured Experience:

• Led a team representing a global technology company responding to a sophisticated attack, including advising on complex investigation matters, crisis management and communications, interaction with various U.S. defense and intelligence agencies and the DOJ National Security Division.
• Led a team responding to and investigating a ransomware attack on a global life sciences company, including on multiple threat actor engagements, board matters, litigation mitigation, and crisis management.
• Led a team representing an academic medical center throughout its response to, and investigation of, a widely reported cybersecurity matter, including advising on and managing forensic investigation, crisis communications, litigation defense, regulatory interactions, law enforcement engagement, and all related matters.
• Served as lead counsel for a leading children's hospital, successfully defending allegations in a purported class action that alleged patient data was inappropriately accessed in violation of privacy and security disclosures. The case centered on a novel legal theory that a HIPAA Privacy Notice formed a contractual basis to bring actual and implied breaches of contract, a theory the court summarily rejected after significant oral argument.
• Lead counsel for a global adtech platform company defending claims related to use of its technology to collect and aggregate data, including wiretapping and related claims.  
• Represented leading data intelligence company in the investigation of alleged data misappropriation, and then in the subsequent litigation pursuing claims related to theft of proprietary data and intellectual property allegedly used to build a competing AI technology.  (West Publishing Corporation v. LegalEase Solutions, LLC (18-cv-01445; D. Minn.)
• Represented a global data and technology company throughout an investigation of, and its response to, simultaneous intrusions by multiple nation-state attackers and various financially motivated threat actors.
  

Cybersecurity, Data Privacy, Technology-Focused Matters, & Crisis Management

• Represented a health care analytics company and its business associate in its investigation of and response to a reported security compromise and reported breach by a vendor.
• Represented a global life sciences and biotech company in responding to multiple compromises and encryption events, including interaction with threat actors, crisis communications, and litigation mitigation.
• Counseled a health care claims and analytics company responding to and investigating a publicly reported cybersecurity matter from a key professional services vendor providing cybersecurity and privacy-related services, including advising on investigation and reporting obligations to hundreds of downstream vendors.
• Led a team representing a global biotechnology company in investigating and defending against a cyberattack by a sophisticated threat actor. This matter involved extensive interaction with various US agencies and law enforcement.
• Advised various clients on federal and state wiretapping statutes related to website pixels, cookies, tracking technologies, and chatbots. This work has included defending a healthtech provider in federal court litigation concerning alleged wiretapping violations through the deployment of social media pixels on its website, defending a national retailer in litigation regarding alleged wiretapping violations involving the deployment of a leading chatbot on its website, and advising health care companies on complying with recent US Department of Health and Human Services guidance as to the application of the Health Insurance Portability and Accountability Act's (HIPAA) Privacy Rule to website tracking technology.
• Represented a cloud e-commerce platform company in its response to multiple cybersecurity incidents involving alleged credit card data theft and misuse as well as in a privacy class action filed in Delaware.
• Advised a biotechnology and therapeutics company responding to reports of hacking of its patient technology, which entailed an investigation and reporting to the FDA.
• Advised a Big 4 accounting firm on numerous security and privacy matters.
• Represented a health information cloud provider throughout its investigation and remediation of a ransomware attack that encrypted thousands of patient records.
• Advised a global diagnostics and laboratory company on a material joint venture with a pharmaceutical company to develop a global privacy and security framework in compliance with laws from 50+ jurisdictions.
• Counseled a global financial services company on redesigning and rebuilding of its digital forensics and cybersecurity functions to increase the company's efficiency and efficacy in response to disputes, investigations, and compliance risks.
  

Privacy, Business, and Technology Litigation, Class Actions

• Obtained a defense verdict as first-chair trial counsel for a media company, prevailing on all counts after a multi-week federal court trial involving allegations of violations of intellectual property rights and a Massachusetts consumer protection statute.
• Represented West Publishing Group, a leading legal, business, and regulatory information company, as a plaintiff in federal court litigation alleging the unauthorized taking of protected data through an online portal using a bot, or "data scraper,” for use in developing AI and machine learning technology to compete unfairly.
• Defended Conduent (f/k/a Xerox Services, Inc.), a global data and technology company. in a Delaware Chancery Court action related to data quality and integrity that was brought by a competitor.
• Represented a multimedia company (Christopher Kimball’s Milk Street Kitchen) with an international audience against allegations involving data theft and raiding in a state court litigation, proactively advancing cyber espionage claims against former executives and employees.
• Represented individuals accused in a federal court action of violating the Computer Fraud and Abuse Act and the Stored Communications Act as part of an alleged scheme to clone a state-owned petrochemical company's electronic infrastructure.
• Secured dismissal of a purported class action for a surgical and medical facility in an issue of first impression in the US Court of Appeals for the Eleventh Circuit. The case concerned Article III standing requirements to plead harm in a case brought against a health care facility, which alleged that patient data had been accessed, stolen, and posted on the internet by a well-known threat actor.
• Obtained dismissal on matters of first impression for a global risk intelligence company in a purported class action alleging violation of state law concerning the alleged display of consumers' Social Security numbers. Also secured appellate victories upholding dismissal up to the state's highest court and established jurisdiction of a purported class action in the state's complex business session.
• Secured a complete defense verdict for a multichannel media company after a two-week federal court trial involving allegations of IP rights violations and Massachusetts consumer protection laws.
• Defended numerous clients in lawsuits brought by Atlas Data Privacy Corporation and others asserting violations of New Jersey's Daniel's Law, NJ Statutes section 56:8-166.1, which relates to the privacy of judicial officers and the online publication of data about law enforcement personnel.
• Represented a global pharmacy chain in litigation defending allegations related to alleged Telephone Consumer Protection Act violations.
  

Internal Investigations, Government Enforcement, and White Collar Defense

• Advising a global medical technology company in its response to multiple subpoenas stemming from a DOJ investigation of third parties' alleged Medicare fraud schemes relating to genetic testing.
• Resolved an SEC enforcement matter and other regulatory inquiries — stemming from allegations of a purported Dodd-Frank Act whistleblower — related to the disclosure of certain variable annuity features on behalf of a life insurance company.