John David "J.D." Koesters, CIPP/US

J.D. has defended health care systems, defense contractors, and critical infrastructure organizations facing traditional and novel theories of liability under the False Claims Act (FCA) brought by DOJ's Civil-Cyber Fraud Initiative and Health Care Fraud Units, as well as qui tam relators.

In addition to his FCA work, J.D. leads clients through all stages of managing cybersecurity risk, from the development and implementation of policies and procedures to incident response operations and regulatory reporting. His practice integrates a litigation-ready approach – combining technical fluency with investigative insight – to protect clients in high-stakes disputes and enforcement actions.

Before entering private practice, J.D. served as an Assistant United States Attorney, where he led multi-agency investigations into transnational criminal operations involving money laundering, fraud, and national security offenses. As a U.S. Army Judge Advocate, he advised Cyber Protection Teams on global defensive cyber missions and completed a combat tour in Afghanistan, where he assisted in the development of human rights compliance programs for detention operations. Recognized as a top trial attorney, J.D. tried more than 25 cases to verdict without losing a contested charge.

• Successfully represented a client in the defense industry facing False Claims Act allegations from the cybersecurity requirements of The Defense Federal Acquisition Regulation Supplement (DFARS) 252.2014-7012 for controlled unclassified information (CUI), against the DOJ's Civil-Cyber Fraud Task Force.

• Led cybersecurity incident response operations for numerous clients, assisting in navigating contingency operations concerns, contractual requirements, and regulatory reporting at the state and federal levels.

• Assisted several clients in commercial disputes arising from third-party cybersecurity compromises, recovering fraudulently diverted funds through coordination with law enforcement or pre-litigation negotiations.

• Defended a defense contractor facing False Claims Act allegations tied to DFARS's cybersecurity requirements under the DOJ's Civil-Cyber Fraud Initiative.

• Represented several national health care clients in FCA investigations involving alleged improper claims and data protection compliance under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

• Led internal investigations in response to various whistleblower claims, including procurement integrity issues and corporate governance disputes, leveraging his experience in litigation and data analysis to successfully mitigate risks identified through his work.

• Led cyber incident response operations for several regulated clients, advising on contractual obligations, state and federal reporting, and coordination with regulators and business partners.

• Successfully recovered misappropriated funds and resolved disputes stemming from third-party cyber intrusions through pre-litigation negotiation and law enforcement engagement.

• Certified International Privacy Professional/United States credentialed
• Member – International Association of Privacy Professionals
• Bronze Star Recipient – Operation Enduring Freedom
• Honor Graduate – United States Army Commissioning Course

• "Navigating the Impacts of Cybersecurity Regulation," Under the Wire CLE (January 2025)
• "SEC's New Mandatory Cybersecurity Disclosure Rules: Maintaining Compliance and Avoiding Enforcement Risks," Strafford Webinar (October 2023)
• "Demanding Actions Through Consequences: The Evolving Cybersecurity Landscape," Under the Wire CLE (January 2023)
• "How the U.S. Attorney's Office is Working to Combat the Opioid Epidemic That is Here in North Carolina and Across the Country," The People's Opioid Summit (October 2021)