Anatomy of a Ransomware Attack: Breach Response, Cyber Insurance, and Post-Incident Remediation Strategy

Spencer S. Pollock, Esq., CIPP/US, CIPM, Member | McDonald Hopkins LLC

Spencer Pollock is an award-winning data privacy and cybersecurity attorney who serves as a Member of McDonald Hopkins’ national Data Privacy and Cybersecurity team. Based in Baltimore, he specializes in incident response and privacy consulting, having handled hundreds of cyber incidents and data breaches for clients across financial services, healthcare, insurance, education, and managed service provider industries.

• Education & Credentials

Pollock earned his Juris Doctor from the University of Baltimore School of Law in 2012 and holds a Bachelor of Arts in Political Science from Sewanee: The University of the South. He is admitted to practice in Maryland, the District of Columbia, and the U.S. District Court for the District of Maryland. He holds two leading privacy credentials from the International Association of Privacy Professionals — Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Manager (CIPM) — and is a Certified Mediator.

• Recognition & Leadership

Pollock has been recognized as a Maryland Super Lawyers Rising Star for six consecutive years (2020–2025) and has been consistently ranked in Business Litigation. He hosts the Cyber Law Revolution podcast, which was named to FeedSpot’s Top 10 Breach Podcasts list in 2025 and recently released its milestone 100th episode. In 2022, he anchored McDonald Hopkins’ expansion into Maryland by launching the firm’s Baltimore office. He is frequently called upon for national legal and business commentary on cybersecurity incidents, and has been featured or quoted in The American Lawyer, CBS News Baltimore (WJZ-TV), WBAL, Fox 45, and the Cyber Insurance Leaders podcast.

• Professional Involvement

Pollock is an active member of the Maryland State Bar Association, where he serves on the Cybersecurity Task Force, and the International Association of Privacy Professionals (IAPP). He is a prolific author and speaker, regularly presenting at industry programs including NetDiligence Cyber Risk Summits, IT Nation Connect and IT Nation Secure, the ABA TIPS Section Conference, the GTIA Cybersecurity Conference, and regional CPCU, AFP, and URMIA chapters nationwide. He has authored numerous articles on HIPAA compliance, ransomware defense, state privacy legislation, AI governance, and forensic report privilege, and delivers CLE programs through Quimbee, Celesq, HalfMoon Education, and CeriFi.

• Experience

With more than a decade of legal practice, Pollock has guided clients through ransomware attacks, business email compromises, cyber extortion events, vendor-caused breaches, and multi-state notification obligations, while defending them in regulatory investigations before state attorneys general, HHS OCR, and NYDFS. His practice spans the full lifecycle of cyber risk management — pre-breach readiness, incident response, forensic coordination, ransom negotiation strategy, notification compliance under state, federal, and international laws, and post-breach remediation and litigation defense. He also advises C-Suites and boards on enterprise-wide risk management, cyber insurance procurement and claims, vendor due diligence, and AI governance. Before joining McDonald Hopkins in 2022, Pollock practiced at Whiteford, Taylor & Preston and Niles, Barton & Wilmer, where he built a substantial civil trial practice with an 85% win rate as lead counsel in more than 50 jury trials.

Kelly Campbell, CIPP/US, Counsel | McDonald Hopkins LLC

Kelly Campbell is Counsel on McDonald Hopkins’ national Data Privacy and Cybersecurity team, based in the firm’s Baltimore office. She advises clients across a wide variety of industries on addressing data privacy and cybersecurity incidents in compliance with state, federal, and international laws, guiding them through investigation, messaging and public communications, breach notification obligations, post-breach response, and proactive pre-breach services designed to protect personal, sensitive, and confidential information.

• Education & Credentials

Campbell earned her Juris Doctor from the University of Baltimore School of Law, where she served as Editor-in-Chief of the University of Baltimore Law Review. She holds a Bachelor of Arts in Public Relations from the University of South Carolina. She is admitted to practice in Maryland and the District of Columbia, as well as before the U.S. District Court for the District of Maryland and the U.S. Court of Appeals for the Fourth Circuit. The International Association of Privacy Professionals (IAPP) recognizes Campbell as a Certified Information Privacy Professional (CIPP/US).

• Recognition & Leadership

Campbell was selected to the 2026 Maryland Super Lawyers Rising Stars list, and in 2024 she was named among the Living Classrooms Foundation’s Rising Stars by the Baltimore Business Journal, which recognizes accomplished young professionals making meaningful contributions to the Baltimore community. In 2022, she helped launch McDonald Hopkins’ new Baltimore office as a founding attorney of the firm’s Maryland presence, extending the national Data Privacy and Cybersecurity practice into the Baltimore–D.C. corridor.

• Professional Involvement

Campbell is an active member of the Maryland State Bar Association’s Young Lawyers Section, the Federal Bar Association, the Baltimore City Bar Association, and the IAPP. She is a frequent author and speaker on data privacy and cybersecurity topics, with recent presentations including “Cybersecurity for Solos – Defending Your Firm” (2025), “Legislative and Regulatory Update” at the Stronger Conference 2024, “Cyber & Privacy Headaches” at the Mid-Atlantic AFP Treasury and Financial Forum, “The Cyber Arms Race” at the URMIA Annual Conference, and “Insurance Data Security Model Laws” at the Big I Maryland Annual Conference. She has authored articles on California’s data breach notification law, MSP liability, Washington’s My Health My Data Act, and state-level ransomware legislation, and has been quoted in Privacy Daily on multi-state notification deadlines. She is passionate about providing equitable education and opportunities to students throughout her community.

• Experience

With experience spanning the full lifecycle of cyber incident response, Campbell has guided clients through ransomware attacks, business email compromises, vendor-caused breaches, and complex multi-state notification obligations under evolving state, federal, and international privacy regimes. Her pre-breach work includes policy development, vendor due diligence, employee training, and building incident response plans designed to minimize risk and strengthen compliance posture. In addition to her data privacy and cybersecurity practice, Campbell maintains an active complex commercial litigation practice, representing clients in state and federal courts. Before joining McDonald Hopkins in 2022, she practiced at Whiteford, Taylor & Preston LLP in Baltimore, where she began focusing on data security and cybersecurity matters and co-authored published guidance on ransomware and insider threats.

Chris Loehr, EVP & Co-Founder | Cyrenity

Chris Loehr is a cybersecurity executive with more than 25 years of leadership experience in cybersecurity, information technology, and security operations. He currently serves as Co-Founder and Executive Vice President of Cyrenity Security, a managed cybersecurity and incident response firm protecting small and medium-sized businesses. His work centers on ransomware incident response, digital forensics, cyber-extortion and ransom negotiation, and proactive security operations. Earlier in his career he concentrated on designing and delivering cybersecurity and IT operational strategies within the financial services sector before moving into frontline incident response, where he has guided organizations through active cyberattacks and approached response efforts as more than a purely technical exercise.

• Education & Credentials

Chris Loehr earned a Bachelor of Science in Management Information Systems and a Master of Business Administration in Finance, both from Oklahoma City University. He also holds the Chainalysis Reactor Certification (CRC), relevant to cryptocurrency tracing in ransom-payment investigations.

• Recognition & Leadership

Chris Loehr is a Co-Founder and Executive Vice President of Cyrenity Security, one of five co-founders who together bring over 100 years of combined experience across cybersecurity, digital forensics, and security operations. He previously held executive leadership roles as Executive Vice President and Chief Technology Officer of CFC Response and as Executive Vice President and President of Solis Security. He has also served as a keynote speaker at the SecureIT Summit.

• Professional Involvement

Chris Loehr is an active public speaker and frequent podcast and webinar guest on ransomware, incident response, and crisis communications. He has appeared on programs including The Weekly CyberCall, Cyber Crime Junkies, Joey Pinz Discipline Conversations, and the Wise Up Podcast, and is a contributor to SC Media. He has been quoted extensively as a ransomware and incident-response expert in investigative journalism, including ProPublica’s reporting on the economics of ransomware and ransom negotiation.

• Experience

Chris Loehr currently serves as Co-Founder and Executive Vice President of Cyrenity Security. Previously, he was Executive Vice President and Chief Technology Officer of CFC Response following CFC’s acquisition of Solis Security, where he oversaw the day-to-day operations of the firm’s incident response and proactive cybersecurity teams. Before that, he served as Executive Vice President and President of Solis Security, building and leading its incident response practice. His earlier career was concentrated in IT and IT-operations leadership within the financial services sector, including roles at USAA, IBC Bank, and other financial institutions.

SESSION 1 – Current Threat Landscape and Cyber Insurance Navigation | 1:00pm – 1:30pm

Examine today’s evolving ransomware, business email compromise, and data breach threats alongside emerging legal issues, while learning how to evaluate cyber insurance policies, identify coverage gaps, and secure adequate protection for organizational clients.

SESSION 2 – Proactive Measures Before a Breach Occurs | 1:30pm – 2:00pm

Discover essential preventive strategies organizations must implement before a cyber-attack strikes, including enterprise-wide risk management frameworks, incident response planning, employee training protocols, and vendor management practices that minimize exposure and strengthen defenses.

BREAK | 2:00pm – 2:10pm

SESSION 3 – Avoiding Common Mistakes During Breach Response | 2:10pm – 2:40pm

Identify critical errors organizations frequently make when responding to active cyber incidents, and learn proven protocols for preserving privilege, coordinating with law enforcement, managing ransom negotiations, and meeting notification obligations under applicable state and federal regulations.

SESSION 4 – Remediation And Prevention of Future Breaches | 2:40pm – 3:10pm

Master post-incident remediation steps that transform breach experiences into stronger security postures, including forensic investigation protocols, system hardening, policy revisions, and long-term strategies designed to prevent recurring attacks and protect against future cyber threats.