Aaron Maguregui is a special counsel and business lawyer with Foley & Lardner LLP. Aaron focuses his practice on counseling clients on cybersecurity, data privacy, healthcare compliance, and risk management matters. He is a member of the firm’s Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Aaron is a Certified Information Systems Security Professional (CISSP), a global standard and essential industry credential accredited by the International Information Systems Security Certification Consortium (ISC)2.
Prior to joining Foley, Aaron served as in-house counsel at a highly regulated publicly-traded health care company where he served as lead counsel to the company’s Privacy & Information Security and Compliance Investigations departments and helped to build and lead the company’s incident response and privacy teams. Aaron managed dozens of incidents, led the company through multiple publicly-reported data breaches, and led the company’s responses to inquiries, complaints, and investigations from various federal and state government agencies including, the Office of Civil Rights (OCR), Department of Justice (DOJ), the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of the Inspector General (HHS-OIG), state Medicaid agencies and states’ attorney generals offices. Aaron also counseled the company in obtaining HITRUST certification, a highly coveted certification that provides assurances to all stakeholders of the company’s security practices.
Aaron provides advice and counsel in all phases of cybersecurity attacks and data breach events. He works closely with CISO’s, compliance officers, general counsels, and incident response teams to prepare them for cyber-attacks and data loss events. By getting in early and working closely with his clients, Aaron is able to advise and prepare his clients to appropriately, efficiently, and successfully communicate, respond, and recover from all types of security incidents.
Understanding the importance of communication and efficiency in cybersecurity preparedness to both external and internal stakeholders, Aaron has developed and implemented best-in-class cyber practices to ensure clients can properly respond to a cyber-attack, including:
Experienced in handling matters across many industries, Aaron focuses and has specific experience in the healthcare, healthcare information technology, and insurance industries. Aaron has extensive experience advising health insurers and providers participating in federal and state healthcare programs with their compliance, litigation, regulatory and contractual issues related to cybersecurity, data privacy, and data governance. He routinely counsels his clients regarding their complex compliance and regulatory matters involving HIPAA, TCPA, GDPR, California Consumer Protection Act, and other federal, international, and state privacy and security laws, regulations, and directives. This includes assisting in the formation of business strategy, assessment of risk, and providing solutions to the challenges confronting his clients daily.
Memberships & Affiliations