Systems are operating normally.

You are here: Home / procedures and standards / Incident Management

Incident Management

Incident Management

HSTS Procedure

OVERVIEW: The Computer Incident Report should be completed when a known violation of Medical Center or University IT policy, standards or procedures has occurred.

PURPOSE: To provide information on how to report an electronic security incident.

SCOPE: This procedure applies to all Medical Center employees and customers who need to report a computer security incident.


  1. When someone becomes aware of any electronic information security incident, they must contact Health System Technology Services (HSTS) and complete a Computer Security Incident Report as per Medical Center Policy No. 227: Protection of Electronic Information and Information Systems. IT Security Incidents should be a considered high priority.

    Any incident involving Protected Health Information (PHI) must be reported to the Corporate Compliance and Privacy Office for investigation and follow-up. (see Medical Center Policy No. 0021: Confidentiality of Patient Information)

    A Computer Security Incident Report may be made by contacting the HSTS Help Desk at (434)924-5334 and  requesting a  report be submitted.  A report may also be submitted online through the Computer Security Incident Report.

    All reports will be kept confidential and if necessary investigated with all relevant information obtained and follow-up conducted. It is critical that suspected wrongful conduct be reported in 'good faith' as soon as it becomes apparent. Employees and customers who, in good faith, report suspected wrongful conduct will be protected from retaliation.  Individuals engaging in wrongful conduct, including the failure to comply with policies and procedures and all Federal Health Care Program requirements, or failure to report such non-compliance will be subject to sanctions which may lead to suspension, termination or other disciplinary action.

    Computer information security incidents are any event that exposes Medical Center owned or controlled IT resources to intentional or unintentional disclosure, alteration, loss, or disrupted service levels.  Incidents reports should also be completed when there are known violations of Medical Center or University IT Security or acceptable use policies, standards, and guidelines.  Potential examples include, but are not limited to:

    • Potential unauthorized disclosure, corruption, or exposure of data
    • Loss, theft, or unauthorized modification of hardware, electronic media, or important (not necessarily confidential) data difficult or impossible to recover
    • Defacement of websites
    • Potential significant financial loss
    • Widespread negative impact on computing environment, such as interference with systems operation
    • Potential for public embarrassment
    • Contacts from FBI, Secret Service, or other law enforcement organizations regarding computer crimes
    • Denial of Service (Information Systems are not usable)
    • Malicious Code (Virus, Worm, Spyware, etc. infections)
    • Unauthorized Access or use of an individual's computing account
    • Inappropriate Usage or Disclosure
    • Use of IT resources for unethical or unlawful purposes

revised: May 09, 2014

Procedure properties

date revised: May 09, 2014

owner: Greg Washburn

reviewer: IT Security

web page properties ( viewable only to editors )

created by: MCC9X ( Mar 25, 2013 )

modified by: ( May 09, 2014 04:12 PM )


  • Stacey Hall
  • 1105 West Main Street, Charlottesville, VA 22908
  • 434.924.5334
Personal tools