Skip Quick LinksSkip Online Users

Online Users

last 5 minutes: 1
Skip Upcoming Events

Upcoming Events

There are no upcoming events
Update - Cyber Incidents at U.S. Office of Personnel Management

Dear Colleagues,

I am writing to provide an update on the recent cyber incidents at the U.S. Office of Personnel Management (OPM). We are committed to providing you updates as soon as they are available and we are reaching out today to share updated information from OPM. The information below can be found on OPM’s new, online incident resource center – https://www.opm.gov/cybersecurity. This site will offer information regarding the OPM incidents and will direct individuals to materials, training, and useful information on best practices to secure data, protect against identity theft, and stay safe online.

Update from OPM:
Today, the U.S. Office of Personnel Management (OPM) announced the results of the interagency forensics investigation into a recent cyber incident involving Federal background investigation data and the steps it is taking to protect those impacted. HHS and OPM will continue to provide additional information going forward.

Background on the intrusion into OPM’s systems. Since the end of 2013, OPM has undertaken an aggressive effort to upgrade the agency’s cybersecurity posture, adding numerous tools and capabilities to its various legacy networks. As a direct result of these steps, OPM was able to identify two separate but related cybersecurity incidents on its systems.

Today, OPM announced the results of the interagency forensic investigation into the second incident. As previously announced, in late-May 2015, as a result of ongoing efforts to secure its systems, OPM discovered an incident affecting background investigation records of current, former, and prospective Federal employees and contractors. Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

This incident is separate but related to a previous incident, discovered in April 2015, affecting personnel data for current and former Federal employees. OPM and its interagency partners concluded with a high degree of confidence that personnel data for 4.2 million individuals had been stolen. This number has not changed since it was announced by OPM in early June, and OPM has worked to notify all of these individuals and ensure that they are provided with the appropriate support and tools to protect their personal information.

Analysis of background investigation incident. Since learning of the incident affecting background investigation records, OPM and the interagency incident response team have moved swiftly and thoroughly to assess the breach, analyze what data may have been stolen, and identify those individuals who may be affected. The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants. As noted above, some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.

If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.

Assistance for impacted individuals. OPM is also announcing the steps it is taking to protect those impacted:

1. Providing a comprehensive suite of monitoring and protection services for background investigation applicants and non-applicants whose Social Security Numbers, and in many cases other sensitive information, were stolen – For the 21.5 million background investigation applicants, spouses or co-habitants with Social Security Numbers and other sensitive information that was stolen from OPM databases, OPM and the Department of Defense (DOD) will work with a private-sector firm specializing in credit and identity theft monitoring to provide services such as:

Full service identity restoration support and victim recovery assistance
Identity theft insurance
Identity monitoring for minor children
Continuous credit monitoring
Fraud monitoring services beyond credit files


The protections in this suite of services are tailored to address potential risks created by this particular incident, and will be provided for a period of at least 3 years, at no charge.

In the coming weeks, OPM will begin to send notification packages to these individuals, which will provide details on the incident and information on how to access these services. OPM will also provide educational materials and guidance to help them prevent identity theft, better secure their personal and work-related data, and become more generally informed about cyber threats and other risks presented by malicious actors.

2. Helping other individuals who had other information included on background investigation forms – Beyond background investigation applicants and their spouses or co-habitants described above, there are other individuals whose name, address, date of birth, or other similar information may have been listed on a background investigation form, but whose Social Security Numbers are not included. These individuals could include immediate family members or other close contacts of the applicant. In many cases, the information about these individuals is the same as information generally available in public forums, such as online directories or social media, and therefore the compromise of this information generally does not present the same level of risk of identity theft or other issues.

The notification package that will be sent to background investigation applicants will include detailed information that the applicant can provide to individuals he or she may have listed on a background investigation form. This information will explain the types of data that may have been included on the form, best practices they can exercise to protect themselves, and the resources publicly available to address questions or concerns.

3. Establishing an online cybersecurity incident resource center – Today, OPM launched a new, online incident resource center - located at https://www.opm.gov/cybersecurity - to offer information regarding the OPM incidents as well as direct individuals to materials, training, and useful information on best practices to secure data, protect against identity theft, and stay safe online. This resource site will be regularly updated with the most recent information about both the personnel records and background investigation incidents, responses to frequently asked questions, and tools that can help guard against emerging cyber threats.

4. Establishing a call center to respond to questions – In the coming weeks, a call center will be opened to respond to questions and provide more information. In the interim, individuals are encouraged to visit https://www.opm.gov/cybersecurity. Individuals will not be able to receive personalized information until notifications begin and the call center is opened. OPM recognizes that it is important to be able to provide individual assistance to those that reach out with questions, and will work with its partners to establish this call center as quickly as possible.

5. Protecting all Federal employees – In the coming months, the Administration will work with Federal employee representatives and other stakeholders to develop a proposal for the types of credit and identity theft monitoring services that should be provided to all Federal employees in the future – regardless of whether they have been affected by this incident – to ensure their personal information is always protected.

In conclusion, I want you to know that I am as concerned about these incidents as you are, and we want to ensure you that we are in constant contact with OPM. HHS’s entire leadership is committed to providing you with the most recent resources and support. Thank you.

E.J. Holland, Jr.

Assistant Secretary for Administration


Update to all HHS staff on OPM cyber security incidents

Dear Colleagues,

I am writing to provide an update on the recent cyber incidents at the U.S. Office of Personnel Management (OPM). OPM is working hard to improve customer service, complete its forensics effort, and to conduct a comprehensive IT systems review. Many of your questions and concerns about these incidents are addressed here.

Personnel Records Incident
First, OPM is working to complete the process of notifying individuals whose personally identifiable information (PII) may have been compromised by the incident involving personnel records announced on June 4th. All notices will be sent by letter or email. Notification letters are being sent by first class mail to those individuals from whom an email bounce back message was received.
OPM is offering credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. All affected employees are automatically enrolled for a comprehensive, 18-month membership, whether or not they have yet received a notice from OPM. For more information on the CSID services and for contact information, please visit this HHS Intranet webpage: http://intranet.hhs.gov/security/ossi-cyber-incident.html
We have heard your concerns regarding these notifications and CSID’s customer service – and HHS has been working with OPM to improve the quality of your experience. We understand that many of you are concerned about providing PII to CSID to register for this service. OPM has confirmed that it is not possible for CSID to provide credit monitoring services without your Social Security Number, but that you will still receive identity theft protection even if you do not register.

Background Investigation Incident
Second, regarding the separate but related cyber incident affecting background investigations announced on June 15th, we understand that many of you are concerned and are seeking more information. This incident remains under investigation by OPM, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI). The investigators are working to determine the complete list of affected individuals. Once this information is available, OPM will coordinate with agencies to send notifications to those affected individuals as soon as possible, but this will take some time. We expect to provide information regarding affected individuals and our notification process during the week of July 6th.

E-QIP Suspension
OPM recently announced the temporary suspension of the E-QIP system, a web-based platform used to complete and submit background investigation forms. The suspension is to enable OPM to implement vulnerability mitigation. The actions OPM has taken are not the direct result of malicious activity on its network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network. OPM expects e-QIP could be offline for four to six weeks while these security enhancements are implemented. It is unlikely that this situation will affect many current employees. In the unlikely event it does, individuals affected will be contacted directly by your HHS division representative.

Resources for You
OPM also continues to update their Frequently Asked Questions which you can find here: http://www.opm.gov/cybersecurity
We encourage you to review OPM Director Katherine Archuleta’s recent blog which also addresses many of these concerns:
http://www.opm.gov/blogs/Director. OPM is the definitive source for information on the recent cyber incidents and we will continue to update you as we learn more information.

Personal Safety and Cybersecurity Reminders
The following are also some key reminders of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.
Safety of Personal Information Resources from National Counterintelligence and Security Center:
  • Employees can find information about the measures they can take to ensure the safety of their personal information at the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov.
Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
1-877-IDTHEFT (438-4338)
TDD: 1-202-326-2502

Cyber Security Incident Update


NDMS recommends that users visit the OPM website (http://www.opm.gov/news/latest-news/announcements/) for more information on the Breach. NDMS Responders are also encouraged to read (DHS) US-CERT's guidance (https://www.us-cert.gov/ncas/tips/ST04-014) on avoiding social engineering and phishing attacks and report suspicious emails (https://www.us-cert.gov/report-phishing).

(Edited by Sean Carter - original submission Thursday, 2 July 2015, 12:44 PM)


Links in this message go to non-HHS websites which may not be accessible to all visitors. 

Dear Colleagues,

I am writing to provide you an update on the recent cyber incidents at the U.S. Office of Personnel Management (OPM).

As we have recently shared, on June 4th, OPM announced an intrusion impacting personnel information of approximately four million current and former Federal employees. OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. Additional information is available on the company’s website, https://www.csid.com/opm/ and by calling toll-free 844-777-2743 (international callers: call collect 512-327-0705). More information can also be found on OPM’s website: www.opm.gov.

Notifications to individuals affected by this incident began on June 8th on a rolling basis through June 19th. However, it may take several days beyond June 19 for a notification to arrive by email or mail. If you have any questions about whether you were among those affected by the incident announced on June 4, you may call the toll free number above.

On June 12th, OPM announced a separate cyber intrusion affecting systems that contain information related to background investigations of current, former, and prospective Federal Government employees from across all branches of government, as well as other individuals for whom a Federal background investigation was conducted, including contractors. This incident remains under investigation by OPM, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI). The investigators are working to determine the exact number and list of potentially affected individuals. We understand that many of you are concerned about this intrusion. As this is an ongoing investigation, please know that OPM is working to notify potentially affected individuals as soon as possible.

It is an important reminder that OPM discovered this incident as a result of the agency’s concerted and aggressive efforts to strengthen its cybersecurity capabilities and protect the security and integrity of the information entrusted to the agency. In addition, OPM continues to work with the Office of Management and Budget (OMB), the Department of Homeland Security, the FBI, and other elements of the Federal Government to enhance the security of its systems and to detect and thwart evolving and persistent cyber threats. As a result of the work by the interagency incident response team, we have confidence in the integrity of the OPM systems and continue to use them in the performance of OPM’s mission. OPM continues to process background investigations and carry out other functions on its networks.

Additionally, OMB has instructed Federal agencies to immediately take a number of steps to further protect Federal information and assets and improve the resilience of Federal networks. We are working with OMB to ensure we are enforcing the latest standards and tools to protect the security and interests of the HHS workforce.

We will continue to update you as we learn more about the cyber incidents at OPM. OPM is the definitive source for information on the recent cyber incidents. Please visit OPM’s website for regular updates on both incidents and for answers to frequently asked questions: www.opm.gov/cybersecurity.

HHS employees who want to learn additional information about the measures they can take to ensure the safety of their personal information can find resources at the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov.


Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

https://www.identitytheft.gov/
1-877-IDTHEFT (438-4338)
TDD: 1-202-326-2502


I am writing to provide you an update on the ongoing investigation into the cyber intrusion at the U.S. Office of Personnel Management (OPM) announced on June 4th. OPM has recently discovered that additional systems were compromised. These systems included those that contain information related to the background investigations of current, former, and prospective Federal government employees, as well as other individuals for whom a Federal background investigation was conducted.

This separate incident – like the one that was announced on June 4th affecting personnel information of current and former federal employees – was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture, adding numerous tools and capabilities to its network.

OPM, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) are working as part of this ongoing investigation to determine the number of people affected by this separate intrusion. OPM will notify those individuals whose information may have been compromised as soon as practicable. You will be updated when we have more information on how and when these notifications will occur.

OPM remains committed to improving its security capabilities and has invested significant resources in implementing tools to strengthen its security barriers. Additionally, the Office of Management and Budget (OMB) has instructed Federal agencies to immediately take a number of steps to further protect Federal information and assets and improve the resilience of Federal networks. We are working closely with OMB, DHS and other experts across the government in these efforts to detect and thwart evolving and persistent threats, and ensure that Health and Human Services is able to deliver its mission to enhance and protect the health and well-being of all Americans.

As we have recently shared with you, the following are some key reminders of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.

See previous posts for information in this regard.


Identity Theft Clearinghouse

Federal Trade Commission

600 Pennsylvania Avenue, NW

Washington, DC 20580

https://www.identitytheft.gov/

1-877-IDTHEFT (438-4338)

TDD: 1-202-326-2502


HHS Colleagues:

You may have received an email, similar to the image below, from the United States Office of Personnel Management (OPM) CIO. OPM has engaged CSID - a company specializing in identify theft protection and fraud resolution - to assist with this incident. As a result, the email originates from a .com email address and concerns OPM’s recent cyber security incident that we informed you about last Thursday. As a reminder, this incident affected OPM's systems and data, and may have exposed your personal information.

Many of you raised questions about this email, and we very much appreciate your attention to the unexpected source email address and to the .com URL: http://www.csid.com/OPM/ The fact that you’re asking about this link is testament to our security awareness.

Please be assured that this is a legitimate email which has been tailored to each of the potentially affected federal employees, and provides a complimentary subscription to CSID Protector Plus for 18 months. We all need to stay vigilant on identifying spam and phishing emails to protect the Department. We appreciate your willingness to submit possible phishing emails and your diligence in securing the Department.


- Frank Baitman

Chief Information Officer

US Department of Health and Human Services



Dear Colleagues,

The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed the personal information of current and former Federal employees. I have been informed by OPM that U.S. Department of Health and Human Services employee data has potentially been compromised in this incident I and wanted to share more information with you right away.

Since the incident was identified, OPM has partnered with the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation to determine the impact to Federal personnel. As a result of this investigation, OPM is notifying approximately 4 million individuals whose Personally Identifiable Information may have been compromised. The notifications will be sent beginning June 8 and continuing through June 19 by email and U.S. mail.

In order to mitigate the risk of fraud and identity theft, OPM will offer affected individuals credit monitoring services and identity theft insurance through CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance and recovery services and is available immediately at no cost to affected individuals identified by OPM. Employees whose information was affected will receive a notification directly from CSID. If you have any questions about the impact of this incident to your data or if you receive a notice and have questions about the services being offered, contact CSID directly beginning at 8 a.m. CST on June 8, 2015. The company’s website is www.csid.com/opm, and its toll free is 844-222-2743 (International callers: Call collect 512-327-0700).

Following this incident, OPM took immediate action to implement additional security measures in order to protect the sensitive personnel data it manages. I would like to take the opportunity to remind you of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.

Mary K. Wakefield

Acting Deputy Secretary

Steps for Monitoring Your Identity and Financial Information

  • Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  • Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
  • Review resources provided on the FTC identity theft website, www.Identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
  • You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion® at 1-800-680-7289 to place this alert. TransUnion® will then notify the other two credit bureaus on your behalf.

Precautions to Help You Avoid Becoming a Victim

· Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

· Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

· Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.

· Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy, http://www.us-cert.gov/ncas/tips/ST04-013).

· Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

· If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).

· Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (for more information, see Understanding Firewalls, http://www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, http://www.us-cert.gov/ncas/tips/ST04-005; and Reducing Spam, http://www.us-cert.gov/ncas/tips/ST04-007).

· Take advantage of any anti-phishing features offered by your email client and web browser.

·  Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

· Additional information about preventative steps by consulting the Federal Trade Commission’s website, www.consumer.gov/idtheft. The FTC also encourages those who discover that their information has been misused to file a complaint with the commission using the contact information below.

Identity Theft Clearinghouse

Federal Trade Commission

600 Pennsylvania Avenue, NW

Washington, DC 20580

www.consumer.gov/idtheft

1-877-IDTHEFT (438-4338)

TDD: 1-202-326-2502


2015 Mandatory Training for NDMS Intermittent Employees

The N-1080 HHS Travel Card Training for Cardholders (2015) training module is presently open for adjudicated responders.

Please direct concerns and/or questions to your respective Administrative Officer.


ATTN: All Responder e-Learn Users

Help desk support may be reached at:

The hours of operation for technical support will be from 0800 to 1700, EST, GMT-5.



Responder e-Learn is an integrated medical, public health, preparedness and response educational curriculum sponsored by the U.S. Department of Health and Human Services (HHS).

This curriculum will enhance the knowledge, skills, and abilities of Federal responders to improve and enhance their competency to prepare for and provide a unified response to disasters, incidents and ESF-8 missions.

The course content within Responder e-Learn is based upon capabilities needed to fulfill operational missions and anticipated response requirements. Upon completion of this curriculum, responders are better prepared to deliver public health and medical care services during disasters of any origin under multiple field conditions.

For system or technical support, please send an e-mail to NDMSHelpdesk@hhs.gov


Skip Calendar

Calendar

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
Today Sunday, 25 September 25 26 27 28 29 30