Close X
Attorney Spotlight

How did Mike DeAgro's experience co-founding a nonprofit advocacy organization lead to a career in the legal field? Find out more>


Close X


Search our Experience

Experience Spotlight

Envision to Sell to KKR for $9.9 Billion

We represented Envision Healthcare Corporation (NYSE: EVHC) in its definitive agreement to sell to KKR in an all-cash transaction for $9.9 billion, including debt. KKR will pay $46 per Envision share in cash to buy the company, marking a 32 percent premium to the company's volume-weighted average share price from November 1, when Envision announced it was considering its options. The transaction is expected to close the fourth quarter of 2018. Read more

Envision Healthcare

Close X

Thought Leadership

Enter your search terms in the relevant box(es) below to search for specific Thought Leadership.
To see a recent listing of Thought Leadership, click the blue Search button below.

Thought Leadership Spotlight

Six Things to Know Before Buying a Physician Practice spotlight

Dermatology, ophthalmology, radiology, urology…the list goes on. Yet, in any physician practice management transaction, there are six key considerations that apply and, if not carefully managed, can derail a transaction. Download the 6 Things to Know Before Buying a Physician Practice to keep your physician practice management transactions on track.

Click here to download the guide.

Active Hacker Scheme Tricks Companies to Release Employees' W-2 Information: What You Should Be Doing

Firm Publication


March 24, 2016

During the past few weeks, many companies have been targeted by an email phishing scheme that has resulted in the disclosure of confidential personal information of numerous employees and other persons. The email is usually the same: a spoofing email from the CEO (or some other high-level executive) asking human resources, accounting or payroll departments for W-2 information. A cybercriminal armed with this information can then file fraudulent tax returns and receive an individual's tax refund. In many cases, fraudulent returns are filed within days of the theft of the information.

While the IRS has circulated an alert highlighting this scam, we continue to see companies fall victim to this scheme, including recent news reports that Snapchat and Seagate Technology have released sensitive payroll data to cybercriminals posing as company executives.

To prevent falling victim to this scheme, we urge you to quickly alert your employees and staff members, especially your human resources, accounting and payroll departments, to closely scrutinize any request for personal information, particularly W-2 or payroll information. At a minimum, inform your employees and staff members to do the following:

  1. call the sender of the email requesting the information and verify that he or she indeed made the request (e.g., if the email appears to come from "Jane Doe, CEO," call Jane Doe to verify before sending any requested information); and
  2. rather than replying to the original email, only send the requested information by composing a new email message to a known email address for the sender (e.g., compose an email to Jane Doe, using her known email address from the company directory).

In addition, you should inform employees that the phishing email is often similar to the format below:



Kindly send me the 2015 W-2 (PDF) of our company staff for a quick review.


CEO Name

Many hackers can obtain the necessary information to perpetrate this scam from a corporate website or individual's LinkedIn profiles. As discussed in a previous update, hackers use spear phishing scams to target individuals or businesses by posing as a friend, colleague or other business that routinely interacts with the individual or business and then requests certain personal or proprietary information. For many businesses, disclosing sensitive and valuable information can cause significant costs and expenses triggered by federal and state data privacy and security laws, including costs associated with complying with data breach notification requirements.

We will continue to monitor and provide updates regarding this latest scheme. If you have questions or any other cybersecurity concerns related to your organization, please contact an attorney on our Data Security & Privacy Team.

Related Professionals

Related Services


Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.