Cyber Incident Victim: Greyhealth Group

On January 26, 2018, an employee of GreyHealth Group (ghg) fell victim to a phishing scam that resulted in the unauthorized transmission of employee records to an external email recipient. The compromised documents consisted of 2017 W2 tax forms containing the names, home addresses, Social Security numbers, and salary information of individuals employed by GreyHealth Group in the United States during 2017. The company discovered the breach on February 6, 2018, through internal investigation processes not detailed in available records. A total of 683 individuals were affected by the incident, including one resident of New Hampshire. The breach notification dated March 1, 2018, confirmed that unauthorized parties obtained the sensitive information through this email compromise, with CEO Erin Byrne acknowledging that her personal information was also exposed in the same incident. The company characterized the event as a targeted phishing attack but did not disclose technical specifics regarding the attack vector or whether multiple employees were involved. No evidence suggested prolonged system infiltration beyond the single unauthorized email transmission. The compromised records contained sufficient personally identifiable information to create significant identity theft risks, particularly through fraudulent credit applications or tax filings using exposed Social Security numbers and financial data.

GreyHealth Group initiated response measures beginning February 6, 2018, consulting with security experts, tax advisors, legal counsel, and law enforcement agencies. On February 15, 2018, the company began notifying affected individuals via mail, providing details about the breached information and offering two years of complimentary identity protection services through Experian. These services included Identity Restoration assistance for fraud resolution and IdentityWorks credit monitoring featuring daily credit reports, three-bureau monitoring, dark web surveillance, and $1 million identity theft insurance. The enrollment window for these services expired on May 31, 2018. Notification letters outlined additional protective measures available to victims, including instructions for placing 90-day fraud alerts, initiating security freezes with credit bureaus, and obtaining free annual credit reports. The company implemented new quality control measures to prevent similar incidents but did not specify whether these involved technical safeguards, employee training, or policy changes. New Hampshire's Attorney General received breach notification on March 1, 2018, with the single affected resident receiving identical remediation offers as other victims. The company's communications emphasized IRS awareness of tax-related identity theft risks but did not report any confirmed cases of fraud resulting from the breach at the time of notification.