Aleksandra Vold

She | Her | Hers

Partner

Chicago
T +1.312.416.6249
F +1.312.416.6201

Overview

Recognized as one of the 40 best Incident Response attorneys in 2021, Aleksandra Vold's ability to weave together each of her clients’ unique concerns and personalities with her tactical, common sense approach has earned the trust of some of the nation's top healthcare organizations.

Aleksandra's practice is devoted to healthcare, and she has assisted hundreds of healthcare organizations and business associates through privacy and data security incidents, regulatory inquiries and complex Health Insurance Portability and Accountability Act (HIPAA) compliance issues. When a breach occurs, Aleksandra takes an arms-linked approach with her clients, coordinating a skilled team, including forensic and public relations professionals, and notification vendors, to quickly help reduce public and regulatory scrutiny and protect her clients’ reputations. Aleksandra is the firm’s Chicago Digital Assets and Data Management Leader.

Aleksandra brings a strategic advantage to the defense of class action litigation, having started her legal career as a plaintiffs’ attorney focusing on consumer data privacy class actions. Her strengths in cybersecurity are bolstered by her representation of startups and closely held technology companies in a variety of commercial disputes, including intellectual property, trade secrets, federal labor law and contract matters.

Select Experience

  • Handled data breaches ranging from a single record loss to 500 million records lost with multi-national notification requirements, and attacks ranging from drive-by ransomware injections to pervasive network compromises by international hacking groups, which led to personal and company extortion attempts.
  • Counsels some of the nation's largest and most prestigious healthcare organizations on HIPAA Privacy Rule and Security Rule compliance.
  • Coordinates all aspects of data security incident response, conducting initial breach intake, vetting and selecting vendors (forensics, PR and notification), drafting notification materials (individual notification, talking points, frequently asked questions, media statements and regulatory notification), supervising and directing forensic investigations, and assisting clients with mitigation activities.
More »

Experience

  • Handled data breaches ranging from a single record loss to 500 million records lost with multi-national notification requirements, and attacks ranging from drive-by ransomware injections to pervasive network compromises by international hacking groups, which led to personal and company extortion attempts.
  • Counsels some of the nation's largest and most prestigious healthcare organizations on HIPAA Privacy Rule and Security Rule compliance.
  • Coordinates all aspects of data security incident response, conducting initial breach intake, vetting and selecting vendors (forensics, PR and notification), drafting notification materials (individual notification, talking points, frequently asked questions, media statements and regulatory notification), supervising and directing forensic investigations, and assisting clients with mitigation activities.
  • Assisted federal law enforcement investigations for two separate hospitals that resulted in the conviction and imprisonment of internal bad actors.
  • Assists in management, investigation and response related to regulatory inquiries from state attorneys general and HHS OCR. Coordinates and participates in clients’ internal investigations, document and policy reviews, and drafts formal responses to regulatory inquiries.
  • Works with clients to understand system posture and regulatory environment to counsel on best practices, regulatory requirements and industry standards. Drafts and revises policies and procedures related to privacy, Incident Response Plans, Information Governance policies and Data Mapping initiatives to mitigate cyber risks. Counsels companies in various industries on website best practices, as well as international and domestic requirements for terms of use, and privacy policies.
  • Counsels both acquiring/investing and target companies on the scope of due diligence requests and responses related to data privacy and data security reps and warranties.
  • Defended companies sued for alleged violations of privacy statutes, including the Illinois Biometric Information Privacy Act and Fair and Accurate Credit Transactions Act in state and federal court.

Recognitions and Memberships

Recognitions

  • Cybersecurity Docket Incident Response 40 (2021 to 2022)
  • Illinois Super Lawyers "Rising Star" (2013 to 2022)

Memberships

  • American Health Lawyers Association
  • American Bar Association

Prior Positions

  • Columbia College: Adjunct Professor of Law (2010 to 2012)

Admissions

  • U.S. District Court, Northern District of Illinois
  • U.S. Court of Appeals, Seventh Circuit
  • Illinois

Education

  • J.D., John Marshall Law School, 2010; John Marshall Review of Intellectual Property, Staff Editor; CALI Award: Protecting Intellectual Property in a Global/Digital Environment
  • B.A., Columbia College, 2006, cum laude

Blog

In The Blogs

Previous Next
Data Counsel
OCR Announces Four Enforcement Actions
By Courtney L. Litchfield, Aleksandra Vold
April 20, 2022
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this group of covered...
Read More ->
Data Counsel
Privacy-Forward California AG Xavier Becerra Confirmed as Next HHS Secretary
By Aleksandra Vold
March 31, 2021
On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the primary federal...
Read More ->
Data Counsel
CISA Updates Advisory on Large-Scale Impending and Credible Ransomware Threat to Healthcare to Include Additional IOCs
By Sara M. Goldstein, Aleksandra Vold
October 30, 2020
On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime threat to U.S...
Read More ->
Data Counsel
The Destruction of Privilege and Work Product Protection for Data Breach Investigations?
By Joseph L. Bruemmer, David A. Carney, Casie D. Collignon, Craig A. Hoffman, Thomas E. Hogan, Theodore J. Kobus III, Aleksandra Vold
June 17, 2020
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key relationships...
Read More ->
Data Counsel
Fraudulent Wire Transfer Instruction Changes on the Rise (Again)
By Aleksandra Vold
June 2, 2020
Phishing and social engineering attacks to divert wire transfers or invoice payments are not new fraud techniques, but they have recently taken a back seat to ransomware as posing the greatest cyberthreat to businesses. However, over the...
Read More ->