DHS Responding to Security Breach
DHS Director's Message
Message from DHS Director Fariborz Pakseresht
March 21, 2019
Safety is the foundation for all that we do at the Oregon Department of Human Services (DHS). It starts with the physical and emotional safety of our staff and the vulnerable people we serve, and extends to our comprehensive efforts to protect data and personal information. Still, cybersecurity threats constantly challenge our own proactive efforts just as they do in other organizations.
We wanted you to be aware of a security incident that affected email mailboxes at DHS. Our technology staff were able to detect and contain the incident. A forensic review is underway to clarify the number and identities of Oregonians whose information was exposed, and the specific kinds of information involved.
We take the confidentiality of staff and client information seriously. Our efforts to protect sensitive information are multi-pronged, proactive and comprehensive. Every DHS employee is required to take mandatory information security and privacy training annually. We consistently update our information technology systems and computers to strengthen security. We follow state policy and established program-based practices to ensure we’re doing everything we can to protect information.
Please read through the security incident description below for more information and review the tips for protecting information at work and at home.
Thank you for all you do to protect the safety of our clients, staff and information. Please talk with your supervisor if you have questions.
Data Breach Overview
On Jan. 28, 2019, DHS and the Enterprise Security Office cybersecurity team confirmed that a breach of regulated information had occurred. Nine employees opened an email that compromised their email mailboxes and allowed access to the employees’ email information.
Passwords were immediately reset to stop access, and security officials began investigating to determine the scope of the incident and the specifics of the information involved.
DHS is in the process of thoroughly reviewing the incident and the information involved.
What DHS is doing about it?
The security and confidentiality of personal information is critical to DHS. While there is no indication that any personal information was copied from its email system or used inappropriately, the department will be offering identity theft recovery services for impacted individuals.
The agency has hired an outside entity, IDExperts, to perform a forensic review to clarify the number and identities of Oregonians whose information was exposed, and the specific kinds of information involved. IDExperts will send notices to the potentially impacted individuals with instructions on how to register for services, which includes free credit monitoring.
IDExperts has also established a toll-free information line at (800) 792-1750 beginning Friday (March 22, 2019). There is also an established website with information.