Alexandria Murphy is Partner at Mullen Coughlin. Ms. Murphy assists clients in both preparation for, and response to, data privacy and security events and regulatory investigations and inquiries. When a data privacy and security event occurs, Ms. Murphy assists in addressing crucial points of fact and law, including determining the nature and scope of the incident; identifying the affected individuals and types of information involved; and ensuring compliance with applicable state, federal and international laws and regulations. Ms. Murphy has particular experience counseling organizations in the healthcare space to navigate relevant laws, including the Health Insurance Portability and Accountability Act (HIPAA). Ms. Murphy has also served as counsel for numerous clients who suffered cybersecurity incidents involving fraud, such as wire fraud, tax fraud and unemployment benefits fraud.
Ms. Murphy also has extensive experience assisting clients with data privacy and security compliance outside of the breach context, including negotiating vendor contracts; preparing written incident response plans (IRPs); drafting comprehensive privacy and security policies and procedures; and conducting employee and governing board trainings.
Ms. Murphy is a Certified Information Privacy Professional/United States (CIPP/US).
Outside of the firm, Ms. Murphy is on the Board of Directors for Matthew Walker Comprehensive Health Center, Inc., a community health center that provides healthcare for underinsured and uninsured Middle Tennesseans.
- Represented multiple Managed Services Providers (MSPs) in responding to ransomware events that impacted the MSPs client’s networks and data
- Assisted a financial software vendor in responding to a ransomware event with significant data exfiltration and coordinated notifications on behalf of impacted customers
SPEAKING ENGAGEMENTS & PRESENTATIONS
- “Data Security Event Tabletop Exercise,” The KeyState Companies’ Bank Captive Peer Summit, Nashville, TN, June 7, 2022
- “Document Preservation,” Continuing Legal Education, Virtual, June 28, 2021
- “Cyber Update,” International Insurer, New York, NY, January 17, 2019
- “Contract Review,” Continuing Legal Education, Wayne, PA, October 31, 2018
- “The European Union General Data Protection Regulation (GDPR),” Continuing Legal Education, Wayne, PA, April 25, 2018
- “Global Cybersecurity Issues and Treads,” Tech360 Conference, Malvern, PA, November 16, 2017
- “Cyber Risk,” Philadelphia Area Independent School Business Insurance Group (PAISBIG), Radnor, PA, November 15, 2017
- “Approved Notice Methods Under State, Federal, and International Law,” Continuing Legal Education, Wayne, PA, October 11, 2017
- “Interoperability and Information Blocking,” Chapter Co-Author, Health Law Watch, 2020
- “Don’t Forget About Cyber Hygiene During Coronavirus (COVID-19) Outbreak,” Corporate Counsel, March 6, 2020 (subscription required)
- “Health Care Providers, Think Before You Yelp…and Other HIPAA Concerns,” Bloomberg Law: Privacy and Data Security Law News, January 3, 2020