Knowledge Base: Security & Privacy Incidents
Knowledge Base: Security & Privacy Incidents
What is a Security Incident?
What is a Security Incident?
A security incident is attempted or actual:
Unauthorized access, use, disclosure, modification, or destruction of information
Interference with information technology operation
Violation of company policy, laws or regulations
Examples of security incidents include:
Computer system intrusion
Unauthorized access to, or use of, systems, software, or data
Unauthorized changes to systems, software, or data
Loss or theft of equipment used to store or work with sensitive KindHealth data
Denial of service attack
Interference with the intended use of IT resources
Compromised user accounts
What should I do if I suspect a serious Security Incident?
What should I do if I suspect a serious Security Incident?
Don't just ignore it - Report it!
Immediately report suspected security incidents to your supervisor and raise a Support Ticket so the Security Management Team can start investigating right away. Be sure to indicate whether sensitive information might be at risk.
If you think your computer has been compromised, or someone might be accessing your computer remotely, it's best to disconnect from the network, turn the wireless off, and leave the computer on until an IT personnel arrives.
Theft of Devices
Theft of Devices
Report suspected theft of KindHealth issued machines, or personal machines used to store or collect KindHealth date to the police, your supervisor, and the Security Management Team.
Contact the police department where the device was stolen.
If in Austin, you can access their online incident reporting system here.
Raise a Support Ticket and be sure indicate whether or not sensitive information was stored on the device.
See the checklist for lost/stolen devices below for additional details
Checklist for Lost or Stolen Devices
Checklist for Lost or Stolen Devices
Report lost or stolen devices to the police
Always get an incident or report number
Complete and submit a Support Ticket so the Security Management Team can help identify and address potential compromised accounts or data
The device may be remotely wiped if missing for a certain period of time/
Notify your supervisor
For phones, notify your carrier and see if they can deactivate the device
Change all stored passwords used on the device, including email, Slack, company portal logins, etc.
Notify credit card companies and banks of you used the device for banking or shopping
Try to track its location, if possible
Reporting Spam and Phishing
Reporting Spam and Phishing
Summary Only. For more information, see Report Phishing Attempts.
DO NOT respond directly to a phishing attempt
DO REPORT an email phishing attempt immediately to the Security Management Team and Google:
Copy the entire message including full headers and send to security@kindhealth.co. Full headers are a critical resources in determining the origin of a phishing email. How to send "Full headers."
Report to Google. Click the three vertical dots by the "reply" button and select "Report phishing"
Page updated
Report abuse