Information Security
Information security is everyone's responsibility.
| Scam Alert: ITG will never ask for your password via email. |
Top Tips
- Never share your password. Never send personal information through email. ITG will never ask you for your password in an email. If you have any suspicions, call the Help Desk (503-494-2222).
- Protect patient health information (PHI).
- Store personal info on a removable disk, not in My Documents, on your H: drive, or any other network drive.
Threats
- Social engineering and phishing, hoaxes and urban myths
- Spyware, malware, and viruses
- Risks of file-sharing technology
Auto-screensavers on Windows computers
Did you know it's a requirement to lock access to your computer when you're away from your desk? Because that's such an easy step to overlook, in January 2010, ITG enabled a screensaver lock on all the Windows computers it manages. It locks automatically after twenty minutes of inactivity. To unlock it, just enter your network username and password. Like all screensavers, it won't affect any work in progress. The new screensaver is an OHSU logo, and is permanent. (You won't be able to change it.)
What is an information security incident?
- unauthorized access, use, interference, destruction, or disclosure of electronic restricted information
- electronic fraud
- copyright violations and piracy
Examples include viruses, worms, hackers, password sharing, copyright violations, piracy, and computer or device theft.
Where do I report an information security concern?
Reporting of suspected or known information security incidents is a critical component of OHSU’s information security program. All OHSU users are required to report such incidents to the Office of Integrity and may do so either by name or anonymously. Report an information security incident or concern.
Where do I report misuse of email?
The anti-spam filter catches most unwanted email. Log into the Spam Report to view a list of your email messages processed by the anti-spam filter. You can also add senders to the blocked senders list and the trusted senders list.
You may also forward the inappropriate email to the Help Desk. Please note what action you'd like the Help Desk to take. The Help Desk will assess what can or cannot be done and advise or escalate as appropriate.
Where do I report lost or stolen equipment?
Contact Public Safety immediately: 4-7744.
If the lost or stolen equipment included any restricted information (protected health information, employee information), also contact the Office of Integrity at 4-8849 or email them.
Information Security Guidelines
Information Privacy & Security, part of the OHSU Integrity Program, protects the confidentiality, availability and integrity of all information.
Activities include departmental privacy and security training; incident investigation; policy clarification; privacy complaint handling; and computer system security assessments.
