Report an Incident

Information security incidents have the potential to affect the confidentiality, availability and/or integrity of the computer equipment or data at WashU.

According to CERT, a security incident can have the following definitions:

  1. Violation of an explicit or implied security policy
  2. Attempts to gain unauthorized access
  3. Unwanted denial of resources
  4. Unauthorized use of electronic resources
  5. Modification without the owner’s knowledge, instruction, or consent.
  6. Theft or displaced University IT property or data
  7. Malicious code

Immediately contact Information Security Office at 314-747-2955 if you suspect a security incident has occurred.

If a smartphone, laptop, USB Drive, tape, CD or other system/device is lost?

Immediately contact Information Security Office at 314-747-2955 and share the following information:

  • Where the device was lost or stolen
  • System or device information (make, model, serial number)
  • What was on the system
  • Whether or not the system was encrypted or password protected

—If you need to report a suspected loss of Protected Health Information (PHI), misdirected fax/email containing PHI,  or impermissible access/disclosure of PHI (breach reporting)?

Immediately contact your supervisor, Department HIPAA Privacy Liaison or the, HIPAA Privacy Office and report what was sent and to whom.  Download and complete the HIPAA Breach Incident Form and forward to the HIPAA Privacy Office.

If you have identified a WashU website that has been compromised

Please include the URL in your report.