ROBERT J. HUDOCK is a Member of the Firm in the Health Care and Life Sciences practice, in the Washington, DC, office of Epstein Becker Green. He is also a member of the firm's E-Health Group. Mr. Hudock’s practice covers data breach and response, national security law, cybersecurity, and global privacy and data security. Mr. Hudock has represented clients before federal and state government agencies in connection with a range of issues including Department of Health and Human Services’ Office for Civil Rights (OCR) investigations, national security-related investigations, cybersecurity matters, and Attorney General investigations into security breaches.
Mr. Hudock counsels clients on preparing for and responding to cyber-based attacks on their networks and information, assessing clients’ security controls and practices for the protection of data, developing and implementing information security programs, and complying with federal and state regulatory requirements. He also advises on the transfer of personal data during various corporate transactions. Mr. Hudock routinely counsels clients on data privacy and security matters that arise from federal and state laws, including HIPAA, the HITECH Act, the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transaction Act (FACTA), state data breach laws, and Payment Card Industry (PCI-DSS) requirements. Mr. Hudock has also been counsel to companies in a range of cybersecurity and data-security incidents, including dozens of data security breach matters involving tens of millions of affected consumers.
Mr. Hudock regularly:
- Conducts risk assessments and IT audits for health care and financial services companies following HIPAA, FDIC, Federal Reserve Bank (FRB), OTS, OCC Information Security Guidelines, GLBA, and other best practices
- Designs and implements cost-effective strategies for managing electronic documents (including collecting, preserving, reviewing, analyzing, and producing electronic data) utilizing his broad knowledge of e-discovery hardware and software technologies, such as (traditional) Boolean, conceptual, clustering, and taxonomic search methodologies
- Advises clients regarding privacy and security legislation: HIPAA Privacy and Security Regulations, the GLBA, the EU Commission's Directive on Data Protection (95/46) and the Department of Commerce's EU Safe-Harbor, the Personal Information Protection and Electronic Documents Act (Canada), the U.S. Patriot Act, the Sarbanes-Oxley Act, state-based security breach notification legislation (both acquisition- and risk-based variations), OIG Corporate Integrity Agreements and the Medicare and Medicaid Patient Protection Act of 1987 (the "Antikickback Statute"), and NIST/ISO privacy and security standards
- Manages computer security incidents for various clients in both the health care and financial sectors, and performs and creates procedures for system security audits, penetration tests, and vulnerability assessments to define real metrics by which an organization can evaluate and demonstrate its privacy and security due diligence
Mr. Hudock formerly served as the Chief Privacy and Data Security Officer and Senior Vice President of a major intelligence, military, aerospace, engineering, and systems contractor, where he managed all aspects of privacy and cyber-security compliance across the company.
In addition to graduating at the top of his class at Cornell Law School, Mr. Hudock is a Certified Information Systems Security Professional (CISSP). He was awarded this information technology security audit certification by the International Information Systems Security Certification Consortium (see www.isc2.org). He has held this certification since 2003. Mr. Hudock is also certified by the National Security Agency to perform INFOSEC Assessment Methodology (IAM) audits under FISMA and by the Health Information Trust Alliance (HITRUST) as a Certified CSF Practitioner. HITRUST is an organization that provides training to develop and maintain effective security programs for health care and life sciences companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements. Finally, Mr. Hudock is also a Certified Ethical Hacker (CEH). The CEH credential is a professional certification provided by the International Council of Electronic Commerce Consultants (EC-Council).
In the fall of 2018, Mr. Hudock returned to Cornell as a guest lecturer, co-teaching digital health law at Cornell Tech.
Selected to the 2013 Washington DC Rising Stars list in the areas of Information Technology/Outsourcing and Health Care, Mr. Hudock is a skilled security and legal professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker to secure a client's information systems. Most noteworthy, Mr. Hudock has twice won the internationally recognized Capture the Flag event, held each summer in Las Vegas at the Defcon Hacking Conference.
- Cornell University Law School (J.D., cum laude, 2000)
- St. Lawrence University (B.S., cum laude, 1996)
- District of Columbia
- New York
- American Health Lawyers Association