It’s Corporate Compliance Week! Help protect sensitive information — report security incidents
Michigan Medicine patients and research participants share their sensitive information with the organization, trusting that it will be protected. You can help by promptly recognizing and reporting signs of an information security incident, especially when it involves patients’ or participants’ personal information.
What is an information security incident?
An information security incident is any attempt, successful or not, to access, disclose, modify or destroy information on a computer system without appropriate authorization.
- Unauthorized use or access to data containing protected health information (PHI) or other sensitive information (e.g., computer hacking, access obtained from a stolen password)
- Loss or theft of a mobile device, a laptop or a flash/thumb drive containing PHI or other sensitive information
- Failure to appropriately destroy electronic data so that it is rendered completely unusable
Signs of possible information security incidents include:
- User unexpectedly denied access to a system or application, account lockouts or password resets that the user did not initiate
- Suspicious emails in a user’s inbox, sent or trash folder
- Unexpected software or system behavior
Not sure if what you saw or experienced is an information security incident or whether it’s significant? It’s still always best to report it!
How to Report a Security Incident
- Use the HITS online customer service portal
- Call the HITS Service Desk 24/7 at 734-936-8000
- Visit one of the walk-in “Help Me Now” sites