Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him with more than 6,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. Notably, he has developed key relationships with the U.S. Department of Justice (DOJ), where he and his team have helped to establish protocols to protect corporate victims following a data breach. He knows the most proactive regulators involved in this space and interacts with them regularly.
Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 200 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.
Ted is consistently ranked in Chambers USA: America’s Leading Lawyers for Business, and he is one of only a handful of attorneys nationwide named an MVP by Law360 for Privacy and Consumer Protection. He is a regular contributor to BakerHostetler’s Data Counsel blog, and he frequently speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session, as well as the National Security Cyber Specialist’s Training Conference organized by the DOJ.
Ted is the firmwide chair of BakerHostetler’s Digital Assets and Data Management Group and a member of the firm’s Policy Committee.
With a practice focused on privacy class-action defense, Casie Collignon’s career takes her to courts across the country, through daily challenges of chess-like proportions and debate in advocacy for her clients. She has had a growing practice throughout the pandemic with multiple wins in 2020 alone, but she still finds time to be a mother, … Continue Reading
Partner Ted Kobus, Chair of the Digital Assets and Data Management Group, and Director of Practice Services Katherine Lowry, are featured in a Q&A article published on Dec. 10, 2020 by The American Lawyer. In the article, “With Technology a Constant, BakerHostetler Unit Aims to Make Sense Of Options,” the pair discuss the goals, structure … Continue Reading
We are extremely proud to announce that BakerHostetler has been named the only law firm included in the ALM Cybersecurity “Pacesetter” inaugural ranking. Our DADM Group – and the Digital Risk Advisory and Cybersecurity team in particular – was identified in this national pacesetter report as leading the law firm peer group in “how it … Continue Reading
Partner Ted Kobus is featured in the Nov. 19, 2020, episode of “Digital Detectives,” a Legal Talk Network podcast. Kobus spoke about the rapid increase in ransomware incidents in 2020 and what law firms should do in the event of an attack. Listen to the podcast or read the transcript.… Continue Reading
Ransomware has hit pandemic proportions and there does not seem to be a clear end in sight. On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory regarding ransom payments and the risk of sanctions violations associated with such payments. Background Ransomware has been around for … Continue Reading
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key relationships, and prevents or mitigates financial consequences. Unfortunately, some have sold the value of involving an attorney in the incident response process … Continue Reading
Dear Friends, In January, we announced the creation of the firm’s 6th practice group—Digital Assets and Data Management. Since September 2010, members of our group have been covering privacy and security topics through our Data Privacy Monitor blog. Today, we are excited to launch our rebranded blog – Data Counsel – to more fully capture … Continue Reading
We are excited to present our sixth Data Security Incident Response Report (DSIR). We hope this issue finds you safe and healthy while working from home (WFH). Each year, we talk about last year’s trends and where we think the current year is taking us. Ransomware was, and continues to be, a big issue. We … Continue Reading
I am excited to announce the seventh practice team under our Digital Assets and Data Management (DADM) Practice Group. By focusing on capitalizing on innovations that maximize IP, data, and technology, this team advises on optimal strategies to accelerate business growth, pivot into new service lines, or fundamentally revamp business models. Co-leading the Digital Transformation … Continue Reading
Thank you to our clients and relationships, as well as to the BakerHostetler team who made the creation of the new Digital Assets and Data Management (DADM) Practice Group possible. In a world dependent on data, this group takes a 360-degree approach to the delivery of services and counsel to clients on how they manage … Continue Reading
We are excited to release the fifth edition of our annual Data Security Incident Response Report. This year’s report provides metrics from the 750+ potential incidents our team led clients through in 2018, as well as “Take Action” segments that feature insights from our team on key response items. Because it is our Report’s fifth … Continue Reading
On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses, the report offers intelligence to … Continue Reading
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to experience incidents at a record pace, and we expect this will continue through 2017. We have received more calls to our breach … Continue Reading
On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading
The day before Thanksgiving, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the largest resolution agreement of 2015, against Lahey Hospital and Medical Center (Lahey). The incident giving rise to the $850,000 settlement was apparently an isolated theft involving 599 patients with electronic protected health information (ePHI) on … Continue Reading
State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident. Washington’s new law, which went into effect on July 24, includes a 45-day deadline for notification but goes further to allow for … Continue Reading
In our inaugural Data Security Incident Response Report (the Report), we found that regulators inquired about a company’s breach 31% of the time and multi-state state Attorneys General investigations were launched less than 5% of the time. A post-breach investigation is not guaranteed. Certainly, in large, highly public incidents, companies can expect at least an … Continue Reading
We are pleased to announce the release of the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. It looks at the nature of the threats faced by companies, as well as detection and response trends, and … Continue Reading
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is self-insured and your company contracts with Anthem to administer the plan, process claims, etc., then your company’s group health plan … Continue Reading
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. One of the last recommendations clients like to hear from their lawyer is, “Let’s call the regulators.” Building relationships with regulators when it comes to privacy and security issues … Continue Reading
BakerHostetler and Woodcock Washburn, one of the country’s leading intellectual property boutiques, announced today that they have a signed letter of intent to combine, subject to an affirmative vote by the partners of both firms in early December. The announcement, made by BakerHostetler Executive Partner Steven Kestner and the Woodcock Washburn Policy Committee, notes they … Continue Reading
Co-authored by: Charles K. Shih Natural Provisions, Inc., a Vermont health foods grocery chain, agreed to pay $30,000 to settle claims brought by the Vermont attorney general that it failed to notify consumers and the attorney general within the statutory period required by Vermont’s Security Breach Notice Act and Consumer Protection Act. Natural Provisions, Inc. … Continue Reading
The U.S. Department of Health and Human Services (HHS) has reported a $400,000 settlement with Idaho State University (ISU) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The incident giving rise to the investigation by the HHS Office for Civil Rights (OCR) involved a potential exposure of … Continue Reading
For those deciding to buy, sell or develop and offer cyber liability coverage, the Singapore Cyber Liability Insights Conference, a one full day event, will be a valuable learning and networking experience. New York Partner Ted Kobus, Co-Leader of BakerHostetler’s Privacy and Data Protection Team is on the Advisory Committee and will be presenting on best … Continue Reading