Defense Digest, Vol. 27, No. 4, September 2021

On the Pulse…Data Breaches and Ransomware Attacks: Getting to Know Marshall Dennehey’s Privacy and Data Security Practice Group

Solar Winds, JBS, Kaseya…the list goes on and on each week, as more and more ransomware cyberattacks occur. The public is inundated with announcements of businesses being crippled by data breaches and ransomware attacks by foreign hackers and state-sponsored cyberterrorists. Here at Marshall Dennehey, our Privacy and Data Security Practice Group is focused on helping clients, large and small, in reducing their cyber risk exposures and guiding them through the inevitable incident response, containment and compliance measures that are needed after a data breach or ransomware attack occurs. Our firm is staffed to respond to time critical situations 24-7, and we work with clients to reduce their exposure to the risk and liability that happens when a cyberattack occurs.

Marshall Dennehey has been focused on data breach litigation since 2010, handling hundreds of data breaches and helping clients respond and recover. As we have seen, the rise of criminal ransomware and other data breach attacks can lead to crippling business interruption for businesses throughout the United States. Our ability to provide a customized approach is the key to our success in resolving all types of cyber incidents. We partner with each client, focusing on not only the future defense to litigation or regulatory action, but also the business’s ability to get back up and running as quickly as possible.

Our attorneys have assisted in corporate ransomware attacks where hundreds of thousands of dollars have been at stake. We have also helped smaller businesses, such as health care providers, with data breach mitigation to allow them to treat their patients in an uninterrupted environment.

In Philadelphia, Karen Grethlein and I handle a large portion of this litigation. Karen is a graduate of Johns Hopkins University and Drexel University Thomas R. Kline School of Law, and she has been with us since 2017. She is active in the Pennsylvania Bar Association and is the current president of the Philadelphia Chapter of the National Association of Women in Construction, where she has lectured on cybersecurity in the construction industry. Karen often advises clients of their statutory reporting obligations following a data breach and encourages them to adopt a proactive approach to data security.

R. David Lane, Jr., shareholder in our New York City office, devotes the entirety of his practice to privacy and data security, representing clients through all stages of data breach response, including investigations, compliance with data breach notification laws and regulatory investigations. Accredited by the International Association of Privacy Professionals as a Certified Information Privacy Professional CIPP/US, David routinely advises clients on legal compliance with state, federal, and international privacy and data security laws. He is a graduate of the University of Florida and the University of Florida Levin College of Law.

As chair of the practice group, I have been handling data breach litigation since the practice’s inception more than 10 years ago. When a breach involves the theft or disclosure of trade secrets, or the violation of a company’s social media policy, my experience as leader of the firm’s Technology, Media, and Intellectual Property Litigation Practice Group is put to good use. In this capacity, I am able to provide critical and immediate counsel, including assisting clients in appropriately and effectively communicating with employees who may be suspected of involvement with a breach incident. I am a graduate of Denison University and Widener University School of Law, and I frequently lecture on cybersecurity and data breach topics to insurance and legal audiences.

            As a full-service insurance defense firm, we have assisted health care, education, finance, banking, retail, energy and utility services throughout the United States in responding to data breaches. Our firm has handled these incidents in all 50 states, and also has handled international events. We work with the clients in notifying either a small number of individuals or hundreds of thousands of affected customers or patients. Working with our health care group, we are able to ensure that HIPAA/Hitech compliance occurs. We are able to ensure that educational FERPA regulations are complied with, as well as all financial and banking SEC and FINRA regulations.

Finally, we continue to assist retail entities in complying with the Payment Card Industry-Data Security Standards (PCI-DSS) compliance. With our extensive experience in defending business entities in consumer-related litigation, we have the attorney resources to manage every aspect of a data breach, from the initial scoping calls with forensic companies to class actions lawsuits that are filed by affected individuals.

If worries about cyberattacks keep you up at night, please don’t hesitate to get in touch. We are here to help and look forward to working with you.

*David, a shareholder, chairs the Privacy & Data Security Practice Group at Marshall Dennehey. He may be reached at or 215.5752615.

Defense Digest, Vol. 27, No. 4, September 2021 is prepared by Marshall Dennehey Warner Coleman & Goggin to provide information on recent legal developments of interest to our readers. This publication is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. ATTORNEY ADVERTISING pursuant to New York RPC 7.1. © 2021 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved. This article may not be reprinted without the express written permission of our firm. For reprints, contact