Cybersecurity Incident Updates


June 15, 2015
OPM Statement

“The cyber intrusion announced last week affecting personnel records for approximately 4 million current and former federal employees was discovered through enhanced monitoring and detection systems that OPM implemented as part of an aggressive effort in recent months to strengthen our cybersecurity capabilities. Upon detecting that intrusion, OPM launched an investigation – in partnership with the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) and the FBI – to determine its full scope and impact. On June 8, as the investigation proceeded, the incident response team shared with relevant agencies that there was a high degree of confidence that OPM systems containing information related to the background investigations of current, former, and prospective Federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.

OPM continues to work with US-CERT and the FBI to determine the type of records that may have been compromised and the population of individuals affected. OPM takes very seriously its responsibility to protect the sensitive data we manage. Once we have conclusive information about the breach, we will announce a notification plan for individuals whose information is determined to have been compromised.

OPM remains committed to improving its security capabilities and has invested significant resources in implementing tools that have not only strengthened our security barriers to outside threats, but have also enabled us to detect and thwart our constantly evolving cyber adversaries.”

 


June 12, 2015
Phishing Awareness: How to Detect and Prevent Phishing Attacks
Email update from the HHS CIO

Colleagues,

In the past few weeks, several e-mail accounts have been compromised at the Department due to recent phishing campaigns actively targeting HHS e-mail systems. Our Computer Security Incident Response Center (CSIRC) and incident response teams at the affected OpDivs are working together to minimize the impact of these incidents and prevent future phishing campaigns from being successful. We live in a world where phishing attacks have become the norm, and we’d like to work with you to sharpen your skills so that you can protect yourself at work, and at home.

These phishing activities are extremely serious and represent a very real danger to the security and privacy of HHS data. It is imperative that all staff understand the criticality of these external threats, and learn how best to thwart these phishing attempts to reduce the risk to HHS systems and data. 

With data breaches in both the public and private sector, it’s possible that we’ll see an increase in spear phishing:  making use of additional information learned about you and your position, these emails could at first blush, appear to be valid. Across the federal government, and at HHS we are taking measures to defend our networks, but technology can only defend against those malicious acts we know about. You are our front line defenders, and the actions you take can help to keep HHS secure.

Please take a few moments to review the following best practices for detecting and preventing phishing attempts from becoming successful, and how to report suspicious activity when observed.

- Frank

Frank Baitman
Chief Information Officer
US Department of Health and Human Services

PHISHING AWARENESS: HOW TO DETECT AND PREVENT PHISHING ATTACKS

What is a phishing attack?

A phishing attack uses e-mail and a malicious website to solicit personal information or deposit malware by posing as a trustworthy organization, often fabricating an urgent reason to motivate you to enter account numbers, passwords, and other sensitive data. When a user responds with the requested information, it often results in identity theft, loss of personal information, malware infections, theft of HHS data including personally identifiable information (PII) and protected health information (PHI), and even the ability to see everything occurring on your computer.

Some of the most sophisticated and high profile attacks started very simply – with a simple phishing e-mail.

For these sophisticated attacks to be successful, all you have to do is click the link. If you are suspicious about the authenticity of an e-mail, do not click on any links contained in the e-mail and follow the steps below.

Identifying a Phishing Email

Be wary of any e-mail that:

  • Requests confirmation for personal or financial information
  • Requests credential verification
  • Requests quick action
  • Originates with a non-HHS e-mail
  • Sent by an HHS e-mail, but is NOT from support personnel
  • Has links to NON-government websites
  • Contains grammatical errors or misspellings

Protecting Yourself from Phishing Attacks

Never divulge personal information via phone or on unsecure websites.

  • Be wary of e-mails that ask the user to contact a specific phone number to update user’s information.
  • Do not click on links, download files, or open e-mail attachments from unknown senders.
  • Do not click on links, download files, or open e-mail attachments from unexpected senders.
  • Be wary of website pop-ups; never enter personal information in a pop-up screen.

Be wary of links to websites that request personal information.

  • Some Phishing sites are exact replicas of legitimate websites.
  • If you receive an e-mail that you suspect contains a phishing link, type in the web address to the site yourself to verify the message.

Don’t fall for “too good to be true” promises or urgent requests!

  • Phishers typically send e-mails stating that your account password has expired, and provide a link to verify your information.

Additional Resources:

There are multiple online resources available for more information on phishing and phishing prevention.

These are legitimate links but if you’re suspicious in most cases you can hover over the link with your cursor or right-click to see the full link address:  try this on the two government links above!  When links look suspicious, avoid and report.

Reporting a Suspicious E-mail:

Many OpDivs provide regular information and updates on phishing and provide mechanisms to report suspicious activity.  Please ensure you aware of the reporting processes at your OpDiv.  In general: 

  1. Do not click on any links contained in the e-mail. Do not reply to the e-mail.
  2. Forward the e-mail to your OpDiv’s designated reporting mailbox (see below).
  3. Delete the message from your inbox.

 

Operating Division Reporting Address
Centers for Disease Control and Prevention (CDC) csirt@cdc.gov
Centers for Medicare and Medicaid Services (CMS) soc@gms.hhs.gov
Food and Drug Administration (FDA) antispam@fda.hhs.gov
Health Resources and Services Administration (HRSA) soc@hrsa.gov
Indian Health Service (IHS) irt@ihs.gov
National Institutes of Health (NIH) irt@nih.gov
Office of Inspector General (OIG) isso@oig.hhs.gov

If you think that you may have clicked on a phishing link or been the victim of a phishing attack, please use the contact information above to appropriately report the incident to your OpDiv. HHS customers without an OpDiv-specific reporting process should contact csirc@hhs.gov.  Reporting suspected phishing attacks is not only important for HHS and OpDiv situational awareness; it allows us to better investigate the attack and alert you when there’s an ongoing threat to the Department.

 


June 11, 2015
Email update from the HHS Deputy Assistant Secretary/Security, Intelligence, and Counterintelligence

Colleagues:

To ensure you have all available information to protect personally identifiable information (PII) that   may have been exposed during the recent cybersecurity incident affecting the systems at the Office of Personnel Management, we are posting additional information from the National Counterintelligence and Security Center for your security awareness. 

Current and former employees who are concerned about what measures they should take to ensure the safety of their personal information after the breach can obtain further information at http://www.ncsc.gov/about/docs/Dealing_with_a_Breach_of_your_PII.pdf.  For tips and guidance on how to protect your personal information from being exploited by cyber criminals and foreign intelligence services, please review this video: https://www.youtube.com/watch?v=Vh_rAu3-Gb8&feature=youtu.be. These links have also been posted to the Department of Health and Human Services’ intranet under the Security/Counterintelligence tab and can also be accessed on the blog of HHS’s public internet page. Finally, if you notice suspicious activity or are approached by cyber criminals or foreign intelligence services, contact the Department’s Directorate of Counterintelligence at awareness@hhs.gov.

The Department takes the potential loss of employee personal information seriously and will continue to engage both internally and with our partners throughout the government to minimize the potential risks to current and former employees. In our increasingly interconnected and digital world, everyone in the Department has a role to play in safeguarding information systems, both at work and at home. To this end, I call on everyone in the Department to recommit to strengthening the security, innovation, and efficiency of our Department’s cyber posture, both at work and at home.

- Patricia A. Long
Deputy Assistant Secretary/Security, Intelligence, and Counterintelligence
US Department of Health and Human Services

 


June 9, 2015
Email update from the HHS CIO

HHS Colleagues:

You may have received an email, similar to the image below, from the United States Office of Personnel Management (OPM) CIO. OPM has engaged CSID - a company specializing in identify theft protection and fraud resolution - to assist with this incident.  As a result, the email originates from a .com email address and concerns OPM’s recent cyber security incident that we informed you about last Thursday. As a reminder, this incident affected OPM's systems and data, and may have exposed your personal information.

Many of you raised questions about this email, and we very much appreciate your attention to the unexpected source email address and to the .com URL:  http://www.csid.com/OPM/  The fact that you’re asking about this link is testament to our security awareness.

Please be assured that this is a legitimate email which has been tailored to each of the potentially affected federal employees, and provides a complimentary subscription to CSID Protector Plus for 18 months. We all need to stay vigilant on identifying spam and phishing emails to protect the Department. We appreciate your willingness to submit possible phishing emails and your diligence in securing the Department.

- Frank Baitman
Chief Information Officer
US Department of Health and Human Services

Date Last Reviewed:  April 2017