P McGurkin

Paul T. McGurkin, Jr.

426 W. Lancaster Avenue, Suite 200
Devon, PA 19333

Office: (267) 930-4788


Temple University Beasley School of Law
Juris Doctor, cum laude

University of Tampa
Bachelor of Arts, Government & World Affairs, magna cum laude


  • Pennsylvania
  • U.S. District Court for the Eastern District of Pennsylvania
  • New Jersey

Practice Areas

Paul McGurkin is a Partner at Mullen Coughlin and focuses exclusively on assisting organizations prepare for, and respond to, data privacy and security incidents, including subsequent regulatory investigations and inquiries. After a data security and privacy incident occurs, Paul assists victim organizations in determining the applicable laws that govern their notice obligations and ensures compliance with such obligations.

Paul also regularly assists organizations in preparing for potential incidents by planning and hosting tabletop exercises.. He also counsels organizations in regulatory compliance related to the Health Insurance Portability and Accountability Act (HIPAA), payment card industry standards (PCI-DSS) and the New York State Department of Financial Services (DFS).


  • Assisted a background check company investigate the theft of an employee laptop, notify its customers and individuals who applied for a job with the company whose information was on the laptop and respond to state attorney general inquiries in multiple states due to the event
  • Counseled multiple online retailers in the investigation and response to payment portal compromises; notified affected customers and successfully responded to investigations launched PCI-DSS regulators
  • Assisted a large business services company in investigating data theft from its environment while notifying impacted business partners and individuals whose information was hosted by the entity
  • Counseled school districts impacted by ransomware by directing forensic investigations, drafting communications to the community and media and confirming what, if any, notification obligations the event implicates
  • Assisted multiple hospitals in responding to ransomware events that caused all computers and servers to be inoperable
  • Assisted multiple medical providers and its Business Associates respond to investigations launched by the Department of Health and Human Services, Office of Civil Rights (HHS-OCR)


  • “We Are Under a Cyber Attack: How to Prevent From Becoming a Victim,” Brown & Brown Insurance of Pennsylvania, Virtual, July 13, 2021
  • “Tales from the C-Suite: Protecting Corporate Assets & Cyber and Management Liability (D&O) Insurance,” Biocom California, Virtual, June 22, 2021
  • “Legal Panel,” Mid-Atlantic Gigabit Innovation Collaboratory, Inc. (MAGIC) Business Risks 2020 Conference, Virtual, November 16, 2020
  • “Cyber Security | What Happened and What Do We Do Now?,” Temple University Lifelong Webinar Series, Virtual, September 23, 2020
  • “New Business Models in Insurance,” InsurTech Conference, Philadelphia, PA, November 29, 2018
  • “How to Handle a Ransomware Matter,” Wayne, PA, June 6, 2018
  • “Data Breach! What to Do Now,” Fraud Prevention Institute for Employee Benefit Plans, Boston, MA, July 12, 2018
  • “How to Handle a Ransomware Matter,” Wayne, PA, May 30, 2018
  • “Cyber Extortion Event – Ransom Payment & Bitcoin,” International Insurer Cyber Security Roundtable, October 12, 2017