|
Incident reporting examples
An incident is a threat or event that compromises, damages, or causes a loss of confidentiality, integrity, or availability of DHS information or systems.
- Privacy incidents: Accidental or unauthorized acquisition, use, or disclosure of confidential or protected health information or personally identifiable information.
- Security incidents: The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information technology system.
Below are examples of reportable and non-reportable privacy and information security incidents.
Reportable examples
Description
|
Report incident to
|
Phone
|
| Confidential information is accidentally or intentionally disclosed |
ISO Privacy Program |
503-945-5780 |
| Unauthorized reproduction of confidential information |
ISO Privacy Program |
503-945-5780 |
| Stolen or lost confidential client or employee information |
ISO Privacy Program |
503-945-5780 |
| Lost or stolen equipment containing confidential information |
ISO Security Program
--and--
OIS Service Desk
|
503-945-6812
503-945-5623 |
| Lost or stolen computer equipment or BlackBerry not containing confidential or protected information |
OIS Service Desk |
503-945-5623 |
| Sent confidential client information to a wrong provider, partner, or contractor outside of DHS |
ISO Privacy Program |
503-945-5780 |
| Misdirected e-mail containing confidential client or staff information |
ISO Privacy Program |
503-945-5780 |
| An unauthorized person asks for or is given access to DHS systems |
ISO Privacy Program |
503-945-5780 |
| Employees sharing logins and/or passwords |
ISO Privacy Program |
503-945-5780 |
| An employee asks for another employees password |
ISO Privacy Program |
503-945-5780 |
| Data is modified for unexplained reasons |
ISO Privacy Program |
503-945-5780 |
| Data is defaced or destroyed without authorization, intentionally or accidentally |
ISO Privacy Program |
503-945-5780 |
| Misuse or tampering with DHS equipment |
ISO Security Program |
503-945-6812 |
| A workstation or notebook computer is found to have a virus |
ISO Security Program
--and--
OIS Service Desk
|
503-945-6812
503-945-5623 |
| Found electronic equipment such as a camera or storage device (USB drive, CD/DVD, etc.) and the contents are unknown |
ISO Security Program |
503-945-6812 |
| Any violation of DHS privacy polices or information security policies |
ISO Privacy Program |
503-945-5780 |
Non-reportable examples
Description
|
Suggested action
|
| Found confidential client information that was misfiled |
Place information in correct file
|
| Received confidential client information from outside of DHS, intended for DHS, but received in the wrong DHS area |
Forward information to correct DHS area |
| Cannot locate confidential client or employee information |
Make best effort to locate |
|
