It’s Corporate Compliance Week! Help protect sensitive information — report security incidents

November 9, 2018  //  FOUND IN: Updates & Resources

Michigan Medicine patients and research participants share their sensitive information with the organization, trusting that it will be protected. You can help by promptly recognizing and reporting signs of an information security incident, especially when it involves patients’ or participants’ personal information.

What is an information security incident?

An information security incident is any attempt, successful or not, to access, disclose, modify or destroy information on a computer system without appropriate authorization.

Examples include:

  • Unauthorized use or access to data containing protected health information (PHI) or other sensitive information (e.g., computer hacking, access obtained from a stolen password)
  • Loss or theft of a mobile device, a laptop or a flash/thumb drive containing PHI or other sensitive information
  • Failure to appropriately destroy electronic data so that it is rendered completely unusable

Signs of possible information security incidents include:

  • User unexpectedly denied access to a system or application, account lockouts or password resets that the user did not initiate
  • Suspicious emails in a user’s inbox, sent or trash folder
  • Unexpected software or system behavior

Not sure if what you saw or experienced is an information security incident or whether it’s significant? It’s still always best to report it!

How to Report a Security Incident

  • Call the HITS Service Desk 24/7 at 734-936-8000

RELATED STORIES