Welcome to Health-e Law, Sheppard Mullin's podcast exploring the fascinating health tech topics and trends of the day. In this episode, Sheppard Mullin’s Phil Kim, Sara Shanti and Michael D. Sutton are joined by Ilona Cohen, Chief Legal Officer and Chief Policy Officer of HackerOne, to discuss creative and inspiring solutions for addressing the surge of data breaches in healthcare.

What We Discussed in this Episode:

• What does “data breach” mean in the healthcare context?

• What is driving the recent surge of threat actors targeting healthcare?

• How are healthcare stakeholders mitigating these risks?

• How is breached data being monetized or laundered back into legitimate businesses?

• What exposures should businesses be alert for after a breach?

• Can you tell us a bit about HackerOne and the work you do?

• What is ethical hacking? Has the healthcare sector embraced it?

About Ilona Cohen

Ilona Cohen was formerly a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). Highly experienced with cybersecurity and ethical hacking solutions, she was part of a core group in the White House responsible for the development of President Obama’s long-term strategy to enhance cybersecurity awareness and protection in the public and private sectors. These efforts resulted in the launch of the first U.S. government bug bounty program, Hack The Pentagon, run by HackerOne. 

Prior to joining HackerOne in July 2022, Ilona served as Chief Legal and Compliance Officer at Aledade, another venture-backed tech company, where she successfully built and scaled the company’s legal and compliance teams. At HackerOne, she’s leveraging her extensive experience to build out the public policy team, mature the legal function to support expanded growth and provide strategic leadership to the rest of the company. 

About Sara Shanti

A partner in the Corporate Practice Group in the Sheppard Mullin's Chicago office and co-lead of its Digital Health Team, Sara Shanti’s practice sits at the forefront of healthcare technology by providing practical counsel on novel innovation and complex data privacy matters. Using her medical research background and HHS experience, Sara advises providers, payors, start-ups, technology companies, and their investors and stakeholders on digital healthcare and regulatory compliance matters, including artificial intelligence (AI), augmented and virtual reality (AR/VR), gamification, implantable and wearable devices, and telehealth.

At the cutting edge of advising on "data as an asset" programming, Sara's practice supports investment in innovation and access to care initiatives, including mergers and acquisitions involving crucial, high-stakes and sensitive data, medical and wellness devices, and web-based applications and care.

About Phil Kim

A partner in the Corporate and Securities Practice Group in Sheppard Mullin's Dallas office and co-lead of its Digital Health Team, Phil Kim has a number of clients in digital health. He has assisted multinational technology companies entering the digital health space with various service and collaboration agreements for their wearable technology, along with global digital health companies bolstering their platform in the behavioral health space. He also assists public medical device, biotechnology, and pharmaceutical companies, as well as the investment banks that serve as underwriters in public securities offerings for those companies.

Phil also assists various healthcare companies on transactional and regulatory matters. He counsels healthcare systems, hospitals, ambulatory surgery centers, physician groups, home health providers, and other healthcare companies on the buy- and sell-side of mergers and acquisitions, joint ventures, and operational matters, which include regulatory, licensure, contractual, and administrative issues. Phil regularly advises clients on matters related to healthcare compliance, including liability exposure, the Stark law, anti-kickback statutes, and HIPAA/HITECH privacy issues. He also provides counsel on state and federal laws, business structuring formation, employment issues, and involving government agencies, including state and federal agencies.

About Michael D. Sutton

As an associate in the Corporate Practice Group at Sheppard Mullin’s Dallas office, Michael D. Sutton specializes in cutting-edge and disruptive areas of practice, blending healthcare, technology, and legal compliance. In particular, he focuses on HIPAA and privacy regulations, considering their relationship with technological advancements in both healthcare and consumer sectors. He is skilled in negotiations regarding data usage and ownership rights, guiding clients on marketing or integrating technological innovations while navigating emerging regulations in digital healthcare, including artificial intelligence, web tracking, information blocking, offshoring, and de-identification.

Michael has managed investigations, worked to resolve active breach incidents, and advised clients on healthcare privacy and technology matters. He supports clients navigating HIPAA and other privacy laws to ensure their objectives are achieved within all legal and regulatory requirements. Michael also provides comprehensive regulatory services to a range of healthcare participants, including investors, managed care organizations, health plans, and medical groups.  In particular, he has tackled operational and contractual negotiations, licensing, compliance, and fraud considerations and conducted regulatory due diligence for transactions, including mergers and acquisitions.

Michael also supports transactions involving tech companies and healthcare providers, guiding negotiations related to software and service relationships while identifying vulnerabilities in targets and devising creative solutions to address them.

Contact Info

Ilona Cohen

Sara Shanti

Phil Kim

Michael D. Sutton 

Resources

HackerOne

Thank you for listening! Don't forget to SUBSCRIBE to the show to receive new episodes delivered straight to your podcast player every month.

If you enjoyed this episode, please help us get the word out about this podcast. Rate and Review this show on Apple Podcasts, Amazon Music, or Spotify. It helps other listeners find this show.

This podcast is for informational and educational purposes only. It is not to be construed as legal advice specific to your circumstances. If you need help with any legal matter, be sure to consult with an attorney regarding your specific needs.