As a result of the current Federal government funding situation, the information on this website may not be up to date or acted upon. Updates regarding government operating status and resumption of normal operations can be found at www.opm.gov . Despite the lapse in appropriations, IHS will continue to provide direct clinical health care services as well as referrals for contracted services that cannot be provided through IHS clinics. For more information on how IHS is impacted, visit: HHS Contingency Plan
To meet federal requirements and provide IHS with centralized incident reporting and response services, IHS established the IHS Incident Response Team (IRT) to coordinate IHS-wide cyber security information sharing, analysis, and response activities. The IHS IRT provides a centralized resource for collecting, analyzing, and disseminating information technology security incident-related information.
The IHS IRT coordinates incident response planning with Area information systems security officers (ISSO), site managers, local IT staff and various external entities. The IHS IRT reports activities to the IHS Chief Information Security Officer and the HHS Computer Security Incident Response Center (CSIRC).
IHS IRT Services
The IHS IRT provides the following services:
- Cyber-related alerts, warnings, advisories, and lessons learned
- Centralized incident reporting, tracking, and response coordination
- Coordination with IHS Area Offices and facilities for computer security
The IRT is part of the Division of Information Security, Office of Information Technology, and is located in Rockville, MD.
Incident Response Procedures
If you witness an IHS suspicious event or a potential incident, IMMEDIATELY do the following:
- Contact - via email, phone or in person - your site manager or local ISSO. Be prepared to provide the date, time, location, and any other information you feel may be useful.
- If you do not reach your site manager or local ISSO, contact your Area ISSO.
- If you do not reach the Area ISSO, contact the IHS IRT using the information at the bottom of this page.
- Do not discuss any suspicious activity with others to minimize impact on a possible investigation.
- If the potential incident involves an information system:
- STOP using the information system. Wait for further instructions from your ISSO or the IRT.
- LOCK the system (e.g., Ctrl+Alt+Delete ' Lock Computer).
- Do NOT turn it off, logout, or otherwise change anything.
- If possible, prevent others from physically accessing the system.