Close X
Attorney Spotlight

What television show influenced Chad Jarboe's decision to pursue a career in the legal field? Find out more>


Close X


Search our Experience

Experience Spotlight

Primary Care Providers Win Challenge of CMS Interpretation of Enhanced Payment Law

With the help and support of the Tennessee Medical Association, 21 Tennessee physicians of underserved communities joined together and retained Bass, Berry & Sims to file suit against the Centers for Medicare & Medicaid Services to stop improper collection efforts. Our team, led by David King, was successful in halting efforts to recoup TennCare payments that were used legitimately to expand services in communities that needed them. Read more

Tennessee Medical Association & Bass, Berry & Sims

Close X

Thought Leadership

Enter your search terms in the relevant box(es) below to search for specific Thought Leadership.
To see a recent listing of Thought Leadership, click the blue Search button below.

Thought Leadership Spotlight

Healthcare Transactions: Year in Review 2018Last year, CVS Health Corp. (NYSE: CVS) announced it would purchase health insurer Aetna Inc. (NYSE: AET) for $67.5 billion, a transaction that would be one of the biggest healthcare mergers in the past decade. The transaction raises an intriguing question: is this the beginning of a transformational shift in healthcare?

Recently, members of our healthcare group authored the Healthcare Transactions: Year in Review outlining 2017 M&A activity and drivers in the following hot healthcare sectors:

• Managed Care
• Hospitals
• Post-Acute Care—Home Health & Hospice
• Ambulatory Surgery Centers (ASCs)
• Healthcare Information Technology (HIT)
• Behavioral Health
• Physician Practice Management

Read now

Active Hacker Scheme Tricks Companies to Release Employees' W-2 Information: What You Should Be Doing

Firm Publication


March 24, 2016

During the past few weeks, many companies have been targeted by an email phishing scheme that has resulted in the disclosure of confidential personal information of numerous employees and other persons. The email is usually the same: a spoofing email from the CEO (or some other high-level executive) asking human resources, accounting or payroll departments for W-2 information. A cybercriminal armed with this information can then file fraudulent tax returns and receive an individual's tax refund. In many cases, fraudulent returns are filed within days of the theft of the information.

While the IRS has circulated an alert highlighting this scam, we continue to see companies fall victim to this scheme, including recent news reports that Snapchat and Seagate Technology have released sensitive payroll data to cybercriminals posing as company executives.

To prevent falling victim to this scheme, we urge you to quickly alert your employees and staff members, especially your human resources, accounting and payroll departments, to closely scrutinize any request for personal information, particularly W-2 or payroll information. At a minimum, inform your employees and staff members to do the following:

  1. call the sender of the email requesting the information and verify that he or she indeed made the request (e.g., if the email appears to come from "Jane Doe, CEO," call Jane Doe to verify before sending any requested information); and
  2. rather than replying to the original email, only send the requested information by composing a new email message to a known email address for the sender (e.g., compose an email to Jane Doe, using her known email address from the company directory).

In addition, you should inform employees that the phishing email is often similar to the format below:



Kindly send me the 2015 W-2 (PDF) of our company staff for a quick review.


CEO Name

Many hackers can obtain the necessary information to perpetrate this scam from a corporate website or individual's LinkedIn profiles. As discussed in a previous update, hackers use spear phishing scams to target individuals or businesses by posing as a friend, colleague or other business that routinely interacts with the individual or business and then requests certain personal or proprietary information. For many businesses, disclosing sensitive and valuable information can cause significant costs and expenses triggered by federal and state data privacy and security laws, including costs associated with complying with data breach notification requirements.

We will continue to monitor and provide updates regarding this latest scheme. If you have questions or any other cybersecurity concerns related to your organization, please contact an attorney on our Data Security & Privacy Team.

Related Professionals

Related Services


Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.