Careers

Diversity

With 18 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

AD Nauseam

AD Nauseam: Phyllis!

Camille Bent Takes Part in Panel on Subsequent-Transfer Claims at Central States Bankruptcy Workshop

Brakes Pumped on New York Labor Law’s Manual Worker Claims

Artie McConnell Participates in Session on Sanctions at Oslo Freedom Forum 2025

Lynn also regularly advises universities, medical schools and other higher educational institutions on breach preparedness, incident response and regulatory defense, and proactive compliance.

Lynn is a frequent speaker and writer on a range of topics affecting healthcare industry and university clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, Department of Education investigations, cyberliability and enterprise risk management.

core/freeform

J.D., Baylor University School of Law, 1993, 

B.A., Texas A&M University, 1989

<ul>
<li>Lexology Index (formerly Who&#8217;s Who Legal): Data (2025)</li>
<li>BTI Client Service All-Star (2022)</li>
<li>Chambers Global
<ul>
<li>Privacy and Data Security: Healthcare (USA) (2020 to 2025) – Band 2; (2018, 2019) – Band 3</li>
</ul>
</li>
<li>Chambers USA
<ul>
<li>Privacy and Data Security: Healthcare, Nationwide
<ul>
<li>Band 2 (2019 to 2024), Band 3 (2017 to 2018)</li>
</ul>
</li>
<li>Healthcare in Texas
<ul>
<li>Band 2 (2020 to 2024), Band 3 (2014 to 2019)</li>
</ul>
</li>
</ul>
</li>
<li>The Legal 500 United States (2019 to 2024)
<ul>
<li>Recommended in Media, Technology and Telecoms: Cyber Law (including data privacy and data protection) (2023 to 2024)</li>
<li>Recommended in Cyber Law (including data privacy and data protection) (2021 to 2022)</li>
<li>Recommended in Healthcare: Service Providers (2019 to 2021, 2023 to 2024)</li>
</ul>
</li>
<li>The Best Lawyers in America®
<ul>
<li>Texas: Health Care Law (2024 to 2025)</li>
</ul>
</li>
<li>Cybersecurity Docket &#8220;Incident Response 40&#8221; (2021 to 2022)</li>
<li>Cybersecurity Docket &#8220;Incident Response 50&#8221; (2023)</li>
<li>National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)</li>
<li>National Law Journal ”Cybersecurity Trailblazer” (2016)</li>
<li>Burton Award for Legal Writing Achievement: “Got Pixels? The Regulatory and Legal Implications of the Use of Third-Party Technologies on Health Care Websites,” Journal of Health and Life Sciences (2024)</li>
<li>Burton Award: Distinguished Writing Award for “Anatomy of Healthcare Data Breach” (2013)</li>
<li>American Leadership Forum: Senior Fellow</li>
<li>Texas Super Lawyers
<ul>
<li>Super Lawyer (2021 to 2023)</li>
<li>“Rising Star” (2005)</li>
</ul>
</li>
<li>Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification</li>
<li>Texas Children’s Hospital: Advanced Quality Improvement and Patient Safety Certification</li>
<li>Development Dimensions International: Strategic Leadership</li>
</ul>

Houston

Lynn Sessions, Kimberly Gordy Speak on Panels at HCCA 29th Annual Compliance Institute

Lynn Sessions Explores Legal Considerations of Cybersecurity in Healthcare at UT Law CLE’s Health Law Conference

BakerHostetler launches 2025 Data Security Incident Response Report

Lynn Sessions Offers Opinion on 23andMe Data Privacy and Bankruptcy in CNBC Article

Lynn Sessions, Stefanie Ferrari Receive “Law360 Distinguished Legal Writing Awards” (Burton Awards)

BakerHostetler Expands International Recognition with 2025 Rankings from Chambers Global

Health Law Update

Healthcare Industry Team 2024 Year in Review

Data Counsel

DSIR Deeper Dive: Tracking the Crackdown on Tracking/Pixel Technologies: Web Litigation and Regulatory Landscape – Part 2

Lynn Sessions Participates in Crum & Forster/Lockton Companies Joint Event

Lynn Sessions Takes Part in University of Maryland Medical System Compliance Summit

DSIR Deeper Dive: Tracking the Crackdown on Tracking/Pixel Technologies: Web Litigation and Regulatory Landscape – Part 1

Lynn Sessions Participates in Panel at WCAS Technology Executives Summit

Lynn Sessions Presents at TBA’s 36th Annual Health Law Forum

BakerHostetler Attorneys from Dallas, Houston Offices Selected for The Best Lawyers in America®

Lynn Sessions, Stefanie Ferrari Publish Article in Journal of Health and Life Sciences Law

The Future for Healthcare Is So Loper Bright, I Gotta Wear Shades

Webinar: The Privacy Strategist: Loper Bright, Chevron Deference and Data Regulation

Texas Attorneys Earn Accolades from The Best Lawyers in America®

Northern District of Texas Flashes the ‘Blue Lights’ on OCR’s Pixel Guidance

Lynn Sessions Serves as Panelist for CrowdTour24 in Dallas

BakerHostetler attorneys, practice areas stand out in The Legal 500 annual guide

Chambers USA Guide 2024 Recognizes 155 BakerHostetler Attorneys and ­66 Practice Areas

Lynn Sessions, Paul Karlsgodt Present at American Hospital Association CCO 2024 Spring Roundtable

Lynn Sessions Takes Part in State of Cyber Defense Webinar

Lynn Sessions Discusses DSIR Report on Healthcare Info Security Podcast

BakerHostetler launches 2024 Data Security Incident Response Report, ‘Persistent Threats, New Challenges’

Change Healthcare Incident: Update on ‘Impacted Data’ Analysis and Notification Plan

Lipstick on a Pig: OCR’s Cosmetic Revisions to Guidance on Tracking Technology in Healthcare Fail to Address Fundamental Issues

Theodore Kobus, Sara Goldstein, Lynn Sessions Weigh in On Change Healthcare’s Data Security Incident

Imminent Cybersecurity Threats to Healthcare Revenue Cycle Management

BakerHostetler Continues to Collect Accolades with 2024 Rankings from Chambers Global

Healthcare Industry Team 2023 Year in Review

Lynn Sessions discusses trends in class action, regulatory claims related to data breaches

Lynn Sessions shares insights on ransomware at compliance, audit summit

Existential threat: Hospitals must understand, prepare for cyber attacks

Companies must lower legal risks amid growing litigation over AI

What healthcare organizations need to know about ad tech

Lee Rosebush, Lynn Sessions and Laura Macherelli Address FDA Guidance About Cybersecurity and Medical Devices

BakerHostetler Attorneys and Practice Areas Recognized in The Legal 500 2023 Guide

Chambers USA Guide 2023 Honors 147 BakerHostetler Attorneys and Recognizes 64 Practice Areas

Artificial Intelligence and Machine Learning in the Development of Drug and Biological Products

BakerHostetler Launches 2023 Data Security Incident Response Report

Lynn Sessions Takes Part in University of Texas Info Security and Info Tech Conference

Ted Kobus, Lynn Sessions and Aleksandra Vold Again Named Top Cybersecurity Incident Responders

​​​​​​​Cybersecurity in Medical Devices

Lynn Sessions Discusses Vendor Incidents at Health Information Management Meeting

Lynn Sessions Takes Part in National HIPAA Summit

Paul Karlsgodt and Lynn Sessions Take Part in Program on Pixels as Cyberthreat

Thirteen BakerHostetler Attorneys, Eight Practice Areas Ranked in 2023 Edition of Chambers Global

Lynn Sessions and Paul Karlsgodt Talk All Things Pixel

OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech

DSIR Report Deeper Dive - 2022

2022 DSIR Deeper Dive: OCR’s Right of Access Initiative

Lynn Sessions Discusses Innovation Affecting Healthcare Providers

Lynn Sessions Discusses Trends in Healthcare Privacy

Lynn Sessions Speaks at AEHIS Healthcare Security Leaders Forum

Lynn Sessions Speaks at Summit on Healthcare Cybersecurity

Lynn Sessions Speaks at Healthcare Cybersecurity Webinar

2022 DSIR Report Deeper Dive: Vendor Incidents

Lynn Sessions Speaks About the Lifecycle of a Ransomware Attack

Lynn Sessions Quoted in Article on Data Breach-Related Litigation Trends

BakerHostetler Attorneys, Practice Areas Shine in The Legal 500 2022 Guide

Chambers USA Guide 2022 Honors 145 BakerHostetler Attorneys and Recognizes 62 Practice Areas

Lynn Sessions Presents on HIPAA

Ted Kobus, Lynn Sessions and Aleksandra Vold Named Top Cybersecurity Incident Response Lawyers

Lynn Sessions Presents at Risk Conference on Ransomware Attacks

Lynn Sessions Leads Conversation about Cybersecurity Readiness

Lynn Sessions Speaks to C-Suite Audience about Cybersecurity in Healthcare

Lynn Sessions Moderates Cybersecurity Panel at ViVE 2022

Eleven BakerHostetler Attorneys, Seven Practice Areas Ranked in 2022 Edition of Chambers Global

Partner Lynn Sessions Educates on Cybersecurity and Legal Obligations

Lynn Sessions Delves into Digital Health Market Challenges During American Telemedicine Association Webinar

Nine BakerHostetler Attorneys Named 2022 BTI Client Service All-Stars

CLE Connections

Lynn Sessions Speaks on Risks and Rewards of Virtual Services

BakerHostetler Attorneys, Practice Areas Recognized in The Legal 500 Guide for 2021

Chambers and Partners USA Honors 134 BakerHostetler Attorneys and 55 Practice Areas in 2021 USA Guide

BakerHostetler Attorneys Make Significant Gains in The Legal 500 Annual Guide

Chambers and Partners USA Honors 127 Attorneys and 43 Practice Areas in 2019 Guide

Chambers and Partners USA Honors 118 Attorneys and 45 Practice Areas in 2018 Guide

Health Law Update—January 5, 2012

Industries

Healthcare

Digital Assets and Data Management

Business

Healthcare Privacy and Compliance

Digital Risk Advisory and Cybersecurity

Healthcare Technology

Strategic Healthcare Initiatives

Post-Roe Resource Center

Telehealth

Life Sciences

<h5>Privacy and Data Security</h5>
<ul>
<li>Has handled more than 800 healthcare data breaches and ransomware attacks, including several of the largest breaches reported to date. In her representation, Lynn provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.</li>
<li>Has responded to more than 500 post-breach and HIPAA investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities, patient complaints and health information access issues, and has successfully defended healthcare organizations in these investigations.</li>
<li>Has advised more than 100 educational institutions in breach response, breach preparedness and regulatory defense, and proactive compliance.</li>
<li>Advises clients on HIPAA and other privacy compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.</li>
<li>Works with large non-healthcare employers on HIPAA and other privacy issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, privacy issues arising from COVID-19 testing and vaccines, and sharing of employee information.</li>
</ul>

Lynn Sessions

Lynn Sessions

Experience

Recognitions and Memberships

Insights and News

Prior Positions

Credentials

Community and Pro Bono

Areas of Focus

Industries

Services

Featured Insights