Report a Security Incident

How to report an incident or potential data breach.

If you have an urgent cybersecurity incident, please call (206) 221-5000 to report it immediately.

On this page:

Overview
Report by type of data
Scope
Do’s and Don’ts
What to report
Additional information

Report any incident or potential data breach immediately

Administrative Policy Statement 2.5 states that UW employees “must report an unforeseen event, a potential or confirmed breach of personal data, or an information security incident promptly to the office responsible for responding to and/or managing the incident.”

Review the information below.
Refer to the First Response Checklist for guidance in handling the incident.
Also see the First Response Guide if you are a system administrator or system owner.

Report by type of data

Complete the UW Privacy Office’s Incident Report Form or contact UW Privacy Office at 206-616-1238 as soon as possible and provide as much information that is known at the time of the report.

See Human Subjects Division Guide to Reporting New Information.

Contact Compliance and Risk Services at crs-privacy@uw.edu or 206-221-4442.

This includes:

Autism Center at Center on Human Development and Disability (CHDD).
Psychology Clinics in the College of Arts & Sciences.
Rubenstein Pharmacy in the School of Pharmacy (also known as Hall Health Pharmacy).
School of Dentistry Clinics and Faculty Practice Plan (also known as UW Dentists).

Review the UW Health Insurance Portability and Accountability Act (HIPAA) Designation [pdf] for a description of the Non-UW Medicine and UW Medicine Healthcare Components.

Contact UW Medicine Compliance at comply@uw.edu or 206-543-3098 (local) or 855-211-6193 (toll free).

This includes:

UW Medicine Center and Clinics.
Hall Health Center.
Airlift Northwest.
Department of Pediatrics Molecular Development Lab.
Harborview Medical Center and Clinics.
King County Public Hospital District No. 1 d/b/a Valley Medical Center and Clinics.
UW Physicians Network d/b/a UW Neighborhood Clinics.
The Association of University Physicians d/b/a UW Physicians.
Summit Cardiology.

Review the UW Health Insurance Portability and Accountability Act (HIPAA) Designation [pdf] for a description of the Non-UW Medicine and UW Medicine Healthcare Components.

Contact Information Security (IS) at help@uw.edu with “Data Breach” in the subject line or at 206-221-5000.

Contact the University Facility Security Officer at uwfso@uw.edu or 206-543-1315.

Each individual with delegated authority for incidents is responsible for developing, maintaining, and following an incident management process as defined in APS 2.5: Information Security and Privacy: Incident Reporting and Management. Information Security will coordinate with other delegated authorities, if needed, to manage the incident response process.

Scope

This policy applies to:

All areas of the University
All workforce members
All information except United States government classified information
All mediums for storing or processing information regardless of who owns, operates, or manages the medium

Incident Do’s and Don’ts

Do

Report all information security incidents as soon as possible.
Isolate the affected system to prevent further intrusion, release of data, etc.
Limit sharing of information to individuals who have responsibility for managing and addressing the incident.
Be clear about the facts versus assumptions or speculations.
Document only information that has been substantiated.
Mark documents as “draft” until finalized.
Preserve all pertinent systems logs.
Identify all systems and departments that connect to the affected system.

Don’t

Delete, move, or alter files on the affected system.
Send any notifications before consulting with the appropriate delegated authorities listed above.
Communicate that there is a potential or confirmed breach to individuals who are not:
- Contributing facts or are decision makers.
- Involved in the incident management process.
- Impacted by the breach.
Contact or retaliate against the individual(s) who may have caused the event/incident.
Conduct your own forensic analysis.

What to report

When did the event occur?
What type(s) of data are involved?
How many records are involved?
Was the data encrypted?
What system(s), if any, are involved?
What organization(s) or unit(s) are involved?
Are there system logs that need to be preserved?
Is the system deemed critical to operations?
What was the root cause of the incident (if known)?
Please provide contact information for your IT support person (if applicable).
Name(s) of individual(s) at the UW who know or have been informed about the event/incident.

Additional Information

Refer to APS 2.5: Information Security and Privacy: Incident Reporting and Management