Caveats:

From 1 January 2013 until 30 June 2015, the Department of Health and Human Services categorized
incidents using Categories, as defined in the NIST Special Publication 800-61, rev.1. A list of the possib
categories can be found on the References tab of this spreadsheet.

Beginning 1 July 2015, HHS converted from the legacy Category system to the Impact Classification
system (defined in NIST SP800-61, rev.2 and expanded at https://www.us-cert.gov/incident-notification
guidelines). Impact Classifications consist of a four-factor matrix that provides a more descriptive pictu
of the impact of an incident on the Department.

Incidents that were created during the transition phase from Categories to Impact Classifications were
dual-coded. These incidents are reported herein using only the official reporting mechanism, to preven
duplicate or extraneous reporting.

The Quantity provided represents the number of documented incidents that match the defining tuple
preceding the value on that row. It should be assumed that if a possible tuple is not present, the value
that month is zero.

The earliest month available with complete data is January 2013, due to document retention policies.
Document retention for incident data is based on General Records Schedule 24, item 7
(http://www.archives.gov/records-mgmt/grs/grs24.html). This item states that computer security incide
handling records are to be "(d)estroyed/deleted 3 years after all necessary follow-up actions have bee
completed." See the Implementation Aid at the bottom of the website page for additional clarification

HHS Operational Divisions

OPDIV

Full Name

ACF

Administration for Children and Families

AoA

Administration on Aging

CDC

Centers for Disease Control and Prevention

CMS

Centers for Medicare and Medicaid Services

CSIRC

Computer Security Incident Response Center

FDA

Food and Drug Administration

IHS

Indian Health Services

ITIO

Office of the Secretary

NIH

National Institutes of Health

OIG

Office of Inspector General

OS

Office of the Secretary

PSC

Program Support Center

TIC

Trusted Internet Connection

Incident Categories
Categories

Functional Impact

Category 00 - Network Testing

High

Category 01 - Unauthorized Access

Medium

Category 02 - Denial of Service

Low

Category 03 - Malicious Code

None

Category 04 - Inappropriate Usage

Category 05 - Scans, Probes and Attempted
Access
Category 06 - Investigation

Information Impact

Category 99 - Non-Incident

Proprietary

Classified

Privacy
Integrity
None
Recoverability
Not Recoverable
Extended
Supplemented
Regular
Not Applicable
Threat Vector
Unknown
Attrition
Web
Email
External/Removable Media
Impersonation/ Spoofing
Improper Usage
Loss/Theft of Equipment

Other

Impact Classifications
Description
Organization has lost the ability to provide all critical services to all system users.
Organization has lost the ability to provide a critical service to a subset of system users.

Organization has experienced a loss of efficiency, but can still provide all critical services to all users with minimal eff
Organization has experienced no loss in ability to provide all services to all users.

Description
The confidentiality of classified information was compromised.

The confidentiality of unclassified proprietary information, such as Protected Critical Infrastructure Information (PCII)
The confidentiality of PII or PHI was compromised.
The necessary integrity of information was modified without authorization.
No information was exfiltrated, modified, deleted, or otherwise compromised.
Description
Recovery from the incident is not possible (e.g., data exfiltrated and posted publicly)
Time to recovery is unpredictable; additional resources and outside help needed
Time to recovery is predictable with additional resources
Time to recovery is predictable with existing resources
Incident does not require recovery
Description
Cause of attack is unidentified
Brute force methods to compromise or degrade systems/services
Attack executed from a website or web-based application
Attack executed via an email message or attachment
Attack executed from removable media or a peripheral device
Attack involving replacement of legitimate content/services with a malicious substitute
Incident involving a violation of acceptable use policies by a legitimate user
Loss or theft of the organization's computing device(s) or media

An attack that does not fit into any other vector

OPDIV

Category

Quantity

CDC

Category 06 - Investigation

CDC

Category 04 - Inappropriate Usage

CDC

Category 01 - Unauthorized Access

31

CDC

Category 05 - Scans, Probes and

Attempted Access

13

CDC

Category 03 - Malicious Code

58

CMS

Category 99 - Non-Incident

CMS

Category 03 - Malicious Code

CMS

Category 01 - Unauthorized Access

73

CMS

Category 04 - Inappropriate Usage

CMS

Category 02 - Denial of Service

FDA

Category 01 - Unauthorized Access

FDA

Category 05 - Scans, Probes and

Attempted Access

26
3

HRSA

Category 05 - Scans, Probes and

Attempted Access

HRSA

Category 01 - Unauthorized Access

HRSA

Category 03 - Malicious Code

IHS

Category 04 - Inappropriate Usage

IHS

Category 01 - Unauthorized Access

15

IHS

Category 03 - Malicious Code

ITIO

Category 03 - Malicious Code

NIH

Category 05 - Scans, Probes and

Attempted Access

61

NIH

Category 01 - Unauthorized Access

58

NIH

Category 03 - Malicious Code

33

NIH

Category 04 - Inappropriate Usage

48

OIG

Category 01 - Unauthorized Access

OS

Category 04 - Inappropriate Usage

OS

Category 99 - Non-Incident

OS

Category 03 - Malicious Code

OS

Category 01 - Unauthorized Access

OPDIV

Category

Quantity

CDC

Category 99 - Non-Incident

CDC

Category 05 - Scans, Probes

and Attempted Access

19

CDC

Category 01 - Unauthorized
Access

21

CDC

Category 06 - Investigation

CDC

Category 03 - Malicious Code

CMS

Category 06 - Investigation

CMS

Category 04 - Inappropriate
Usage

22

CMS

Category 99 - Non-Incident

68

CMS

Category 01 - Unauthorized
Access

315

CMS

Category 05 - Scans, Probes

and Attempted Access

CMS

Category 03 - Malicious Code

11

71

CSIRC

Category 05 - Scans, Probes

and Attempted Access

FDA

Category 05 - Scans, Probes

and Attempted Access

FDA

Category 99 - Non-Incident

FDA

Category 01 - Unauthorized
Access

14

FDA

Category 03 - Malicious Code

HRSA

Category 05 - Scans, Probes

and Attempted Access

HRSA

Category 01 - Unauthorized
Access

IHS

Category 05 - Scans, Probes

and Attempted Access

IHS
IHS

Category 01 - Unauthorized
Access
Category 04 - Inappropriate
Usage

11
6

IHS

Category 03 - Malicious Code

16

NIH

Category 03 - Malicious Code

110

NIH

Category 99 - Non-Incident

NIH
NIH
NIH
OIG
OIG

Category 04 - Inappropriate
Usage
Category 01 - Unauthorized
Access
Category 05 - Scans, Probes
and Attempted Access
Category 04 - Inappropriate
Usage
Category 01 - Unauthorized
Access

2
37
46
62
2
4

OS

Category 06 - Investigation

OS

Category 04 - Inappropriate
Usage

OS

Category 99 - Non-Incident

OS
PSC
SAMHSA

Category 05 - Scans, Probes

and Attempted Access
Category 01 - Unauthorized
Access
Category 01 - Unauthorized
Access

1
1
1

OPDIV

Category

Quantity

CDC

Category 05 - Scans, Probes

and Attempted Access

32

CDC

Category 01 - Unauthorized
Access

39

CDC

Category 99 - Non-Incident

11

CDC

Category 03 - Malicious
Code

88

CMS

Category 01 - Unauthorized
Access

CMS

Category 06 - Investigation

CMS

Category 03 - Malicious
Code

CMS

Category 99 - Non-Incident

58

CMS

Category 04 - Inappropriate
Usage

10

FDA

Category 01 - Unauthorized
Access

FDA

Category 05 - Scans, Probes

and Attempted Access

262

FDA
FDA

Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage

2
1

HRSA

Category 01 - Unauthorized
Access

IHS

Category 99 - Non-Incident

IHS

Category 01 - Unauthorized
Access

IHS
IHS
ITIO

Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
Category 03 - Malicious
Code

49
14
3

ITIO

Category 06 - Investigation

NIH

Category 05 - Scans, Probes

and Attempted Access

91

NIH

Category 03 - Malicious
Code

70

NIH

Category 99 - Non-Incident

NIH

Category 04 - Inappropriate
Usage

62

NIH

Category 01 - Unauthorized
Access

44

OIG

Category 04 - Inappropriate
Usage

OS

Category 99 - Non-Incident

OS

Category 04 - Inappropriate
Usage

OS

Category 01 - Unauthorized
Access

OS

Category 06 - Investigation

OS
PSC

Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage

1
3

PSC

Category 05 - Scans, Probes

and Attempted Access

OPDIV

Category

ACF

Category 01 Unauthorized Access

CDC

Category 05 - Scans,
Probes and Attempted
Access

11

CDC

Category 03 - Malicious
Code

67

CDC

Category 99 - NonIncident

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

33

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS
CMS

Category 03 - Malicious
Code
Category 06 Investigation

Quantity

7
8

CMS

Category 04 Inappropriate Usage

10

CMS

Category 99 - NonIncident

60

CMS

Category 01 Unauthorized Access

275

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 99 - NonIncident

FDA

Category 01 Unauthorized Access

FDA
HHS

Category 03 - Malicious
Code
Category 99 - NonIncident

12
3
1

HRSA

Category 01 Unauthorized Access

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS

Category 01 Unauthorized Access

28

IHS

Category 99 - NonIncident

IHS

Category 04 Inappropriate Usage

16

IHS
ITIO
NIH

Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident

4
5
22

NIH

Category 04 Inappropriate Usage

104

NIH

Category 01 Unauthorized Access

59

NIH

Category 05 - Scans,
Probes and Attempted
Access

76

NIH
OS

Category 03 - Malicious
Code
Category 06 Investigation

83
1

OS

Category 04 Inappropriate Usage

OS

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 01 Unauthorized Access

OPDIV

Category

Quantity

CDC

Category 06 - Investigation

CDC

Category 04 - Inappropriate
Usage

CDC

Category 01 - Unauthorized
Access

54

CDC

Category 99 - Non-Incident

CDC

Category 05 - Scans, Probes

and Attempted Access

29

CDC

Category 03 - Malicious
Code

63

CMS

Category 05 - Scans, Probes

and Attempted Access

CMS

Category 06 - Investigation

CMS

Category 03 - Malicious
Code

CMS

Category 99 - Non-Incident

392

CMS

Category 04 - Inappropriate
Usage

11

CMS

Category 01 - Unauthorized
Access

306

FDA

Category 01 - Unauthorized
Access

19

FDA

Category 03 - Malicious
Code

11

FDA

Category 99 - Non-Incident

FDA

Category 05 - Scans, Probes

and Attempted Access

HRSA

Category 01 - Unauthorized
Access

IHS

Category 03 - Malicious
Code

IHS

Category 99 - Non-Incident

IHS

Category 04 - Inappropriate
Usage

IHS

Category 01 - Unauthorized
Access

18

IHS

Category 05 - Scans, Probes

and Attempted Access

ITIO

Category 01 - Unauthorized
Access

NIH

Category 99 - Non-Incident

29

NIH

Category 04 - Inappropriate
Usage

99

NIH

Category 01 - Unauthorized
Access

61

NIH

Category 05 - Scans, Probes

and Attempted Access

86

NIH

Category 03 - Malicious
Code

65

OIG

Category 01 - Unauthorized
Access

16

OIG

Category 04 - Inappropriate
Usage

OS

Category 06 - Investigation

OS

Category 01 - Unauthorized
Access

OS
PSC

Category 04 - Inappropriate
Usage
Category 04 - Inappropriate
Usage

1
4

PSC

Category 99 - Non-Incident

PSC

Category 01 - Unauthorized
Access

OPDIV

Category

CDC

Category 99 - NonIncident

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

20

CDC

Category 05 - Scans,
Probes and Attempted
Access

50

CDC

Category 03 - Malicious
Code

77

CMS

Category 04 Inappropriate Usage

15

CMS

Category 01 Unauthorized Access

233

CMS
CMS
CMS
CSIRC

Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 99 - NonIncident

Quantity

1
2
873
1

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

FDA
FDA
HHS

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident

7
8
1

HRSA

Category 01 Unauthorized Access

HRSA

Category 06 Investigation

IHS

Category 01 Unauthorized Access

IHS

Category 04 Inappropriate Usage

28

IHS

Category 03 - Malicious
Code

10

IHS

Category 05 - Scans,
Probes and Attempted
Access

ITIO
NIH

Category 99 - NonIncident
Category 02 - Denial of
Service

1
1
1

NIH

Category 05 - Scans,
Probes and Attempted
Access

61

NIH

Category 03 - Malicious
Code

53

NIH

Category 01 Unauthorized Access

50

NIH

Category 99 - NonIncident

29

NIH

Category 04 Inappropriate Usage

75

OCR

Category 01 Unauthorized Access

OIG

Category 99 - NonIncident

OIG

Category 01 Unauthorized Access

OIG

Category 04 Inappropriate Usage

OS

Category 99 - NonIncident

OS

Category 01 Unauthorized Access

OS

Category 04 Inappropriate Usage

OS

Category 06 Investigation

PSC

Category 05 - Scans,
Probes and Attempted
Access

PSC

Category 99 - NonIncident

PSC

Category 01 Unauthorized Access

SAMHSA

Category 01 Unauthorized Access

OPDIV

Category

ACF

Category 04 Inappropriate Usage

AHRQ

Category 06 Investigation

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 99 - NonIncident

CDC

Category 01 Unauthorized Access

CDC
CMS

Category 03 - Malicious
Code
Category 03 - Malicious
Code

Quantity

32

21

34
1

CMS

Category 04 Inappropriate Usage

CMS

Category 01 Unauthorized Access

280

CMS

Category 99 - NonIncident

227

CMS

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

12

FDA

Category 05 - Scans,
Probes and Attempted
Access

10

FDA
FDA

Category 03 - Malicious
Code
Category 99 - NonIncident

23
5

IHS

Category 04 Inappropriate Usage

IHS

Category 01 Unauthorized Access

18

IHS
IHS
IHS
ITIO
ITIO
NIH
NIH

Category 99 - NonIncident
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident

1
1
2
2
1
42
27

NIH

Category 04 Inappropriate Usage

93

NIH

Category 01 Unauthorized Access

42

NIH

Category 05 - Scans,
Probes and Attempted
Access

88

OIG

Category 05 - Scans,
Probes and Attempted
Access

OIG

Category 06 Investigation

OIG

Category 04 Inappropriate Usage

OS

Category 06 Investigation

OS

Category 04 Inappropriate Usage

OS

Category 99 - NonIncident

OS

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 01 Unauthorized Access

PSC

Category 01 Unauthorized Access

PSC

Category 04 Inappropriate Usage

OPDIV

Category

ACF

Category 03 Malicious Code

ACF

Category 00 - Network
Testing

ACF

Category 99 - NonIncident

ACF

Category 01 Unauthorized Access

CDC

Category 01 Unauthorized Access

12

CDC

Category 06 Investigation

CDC

Category 04 Inappropriate Usage

CDC

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC
CMS

Category 03 Malicious Code

Category 06 Investigation

Quantity

188
2
31
58
8

CMS

Category 04 Inappropriate Usage

21

CMS

Category 99 - NonIncident

86

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 01 Unauthorized Access

306

FDA

Category 05 - Scans,
Probes and Attempted
Access

28

FDA
FDA

Category 03 Malicious Code

Category 99 - NonIncident

10
2

FDA

Category 01 Unauthorized Access

37

FDA

Category 04 Inappropriate Usage

FDA

Category 02 - Denial of
Service

HRSA

Category 03 Malicious Code

HRSA

Category 01 Unauthorized Access

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS

Category 03 Malicious Code

Category 99 - NonIncident

8
2

IHS

Category 04 Inappropriate Usage

17

IHS

Category 01 Unauthorized Access

ITIO

Category 03 Malicious Code

ITIO

Category 01 Unauthorized Access

ITIO

Category 05 - Scans,
Probes and Attempted
Access

NIH

Category 04 Inappropriate Usage

90

NIH

Category 01 Unauthorized Access

24

NIH

Category 05 - Scans,
Probes and Attempted
Access

95

NIH
NIH

Category 03 Malicious Code

Category 99 - NonIncident

53
22

OIG

Category 05 - Scans,
Probes and Attempted
Access

OIG

Category 01 Unauthorized Access

OIG

Category 04 Inappropriate Usage

OS

Category 99 - NonIncident

OS

Category 02 - Denial of
Service

OS

Category 01 Unauthorized Access

OS

Category 06 Investigation

PSC

Category 04 Inappropriate Usage

PSC

Category 01 Unauthorized Access

OPDIV

Category

ACF

Category 99 - NonIncident

ACF

Category 01 Unauthorized Access

ACF

Category 06 Investigation

CDC

Category 02 - Denial of
Service

CDC

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

19

CDC

Category 01 Unauthorized Access

11

CDC
CDC

Category 06 Investigation
Category 03 - Malicious
Code

Quantity

2
72

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 03 - Malicious
Code

CMS

Category 01 Unauthorized Access

323

CMS

Category 99 - NonIncident

56

CMS

Category 04 Inappropriate Usage

14

FDA

Category 06 Investigation

FDA

Category 01 Unauthorized Access

19

FDA

Category 04 Inappropriate Usage

FDA
FDA

Category 02 - Denial of
Service
Category 99 - NonIncident

1
1

FDA

Category 05 - Scans,
Probes and Attempted
Access

14

FDA

Category 03 - Malicious
Code

10

HRSA

Category 01 Unauthorized Access

HRSA
HRSA
HRSA
IHS
IHS
IHS

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 06 Investigation
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident

3
1
1
1
1
4
1

IHS

Category 04 Inappropriate Usage

14

IHS

Category 01 Unauthorized Access

13

ITIO

Category 04 Inappropriate Usage

ITIO
ITIO

Category 99 - NonIncident
Category 03 - Malicious
Code

NIH

Category 01 Unauthorized Access

NIH

Category 06 Investigation

NIH

Category 04 Inappropriate Usage

NIH
NIH

Category 03 - Malicious
Code
Category 99 - NonIncident

2
2
33
1
83
30
21

NIH

Category 05 - Scans,
Probes and Attempted
Access

71

OS

Category 01 Unauthorized Access

OS

Category 99 - NonIncident

OS

Category 04 Inappropriate Usage

OS

Category 06 Investigation

PSC

Category 04 Inappropriate Usage

PSC

Category 06 Investigation

PSC

Category 01 Unauthorized Access

OPDIV

Category

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

12

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 03 Malicious Code

CMS

Category 01 Unauthorized Access

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS
CMS

Category 03 Malicious Code

Category 99 - NonIncident

Quantity

54

365

2
2
127

CMS

Category 04 Inappropriate Usage

51

FDA

Category 99 - NonIncident

FDA

Category 01 Unauthorized Access

10

FDA

Category 03 Malicious Code

13

FDA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 99 - NonIncident

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS

Category 03 Malicious Code

Category 99 - NonIncident

16

1
6

IHS

Category 04 Inappropriate Usage

IHS

Category 02 - Denial
of Service

IHS

Category 01 Unauthorized Access

ITIO

Category 03 Malicious Code

NIH

Category 04 Inappropriate Usage

28

NIH

Category 01 Unauthorized Access

22

NIH

Category 99 - NonIncident

17

NIH

Category 05 - Scans,
Probes and Attempted
Access

58

NIH

Category 03 Malicious Code

20

OIG

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

OS

Category 03 Malicious Code

PSC

Category 04 Inappropriate Usage

SAMHSA

Category 01 Unauthorized Access

OPDIV

Category

ACF

Category 01 Unauthorized Access

CDC

Category 99 - NonIncident

CDC

Category 03 - Malicious
Code

55

CDC

Category 05 - Scans,
Probes and Attempted
Access

39

CDC

Category 01 Unauthorized Access

16

CMS

Category 04 Inappropriate Usage

28

CMS

Category 01 Unauthorized Access

309

CMS
CMS
FDA

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident

Quantity

111
3
1

FDA

Category 01 Unauthorized Access

23

FDA

Category 03 - Malicious
Code

30

FDA

Category 05 - Scans,
Probes and Attempted
Access

12

HRSA

Category 01 Unauthorized Access

HRSA
HRSA

Category 99 - NonIncident
Category 03 - Malicious
Code

2
2

IHS

Category 04 Inappropriate Usage

18

IHS

Category 01 Unauthorized Access

IHS
ITIO
ITIO
ITIO
NIH

Category 03 - Malicious
Code
Category 99 - NonIncident
Category 01 Unauthorized Access
Category 03 - Malicious
Code
Category 03 - Malicious
Code

1
2
1
18
23

NIH

Category 05 - Scans,
Probes and Attempted
Access

90

NIH

Category 04 Inappropriate Usage

22

NIH

Category 01 Unauthorized Access

22

NIH

Category 99 - NonIncident

21

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

OS

Category 99 - NonIncident

OS
PSC

Category 03 - Malicious
Code
Category 99 - NonIncident

1
1

PSC

Category 04 Inappropriate Usage

TIC

Category 99 - NonIncident

OPDIV

Category

ACF

Category 99 - Non-Incident

ACF

Category 01 - Unauthorized
Access

ACF

Category 04 - Inappropriate
Usage

AHRQ

Category 04 - Inappropriate
Usage

AoA

Category 01 - Unauthorized
Access

AoA

Category 04 - Inappropriate
Usage

CDC

Category 05 - Scans, Probes

and Attempted Access

CDC
CDC

Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage

Quantity

34
29
2

CDC

Category 01 - Unauthorized
Access

CMS

Category 03 - Malicious
Code

CMS

Category 99 - Non-Incident

95

CMS

Category 04 - Inappropriate
Usage

24

20
2

CMS

Category 01 - Unauthorized
Access

CMS

Category 05 - Scans, Probes

and Attempted Access

FDA

Category 99 - Non-Incident

FDA

Category 04 - Inappropriate
Usage

FDA

Category 01 - Unauthorized
Access

14

FDA

Category 05 - Scans, Probes

and Attempted Access

FDA

Category 03 - Malicious
Code

HRSA

Category 01 - Unauthorized
Access

HRSA

Category 03 - Malicious
Code

IHS

Category 05 - Scans, Probes

and Attempted Access

IHS

Category 03 - Malicious
Code

IHS

Category 99 - Non-Incident

IHS

Category 04 - Inappropriate
Usage

13

IHS

Category 01 - Unauthorized
Access

ITIO

Category 99 - Non-Incident

ITIO
ITIO
ITIO
NIH
NIH

Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
Category 00 - Network
Testing
Category 03 - Malicious
Code
Category 99 - Non-Incident

249

11

13
4
1
32
26

NIH
NIH
NIH

Category 01 - Unauthorized
Access
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service

34
34
1

NIH

Category 05 - Scans, Probes

and Attempted Access

64

OIG

Category 01 - Unauthorized
Access

OS

Category 05 - Scans, Probes

and Attempted Access

OS

Category 02 - Denial of
Service

OS

Category 99 - Non-Incident

OS

Category 04 - Inappropriate
Usage

PSC

Category 99 - Non-Incident

PSC
SAMHSA

Category 04 - Inappropriate
Usage
Category 04 - Inappropriate
Usage

2
1

OPDIV

Category

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 03 - Malicious
Code

CDC

Category 99 - Non-Incident

CDC

Category 04 - Inappropriate
Usage

CDC

Category 01 - Unauthorized
Access

16

CMS

Category 99 - Non-Incident

75

CMS
CMS
CMS
CMS
CMS
FDA
FDA

Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 01 - Unauthorized
Access
Category 05 - Scans,
Probes and Attempted
Access
Category 04 - Inappropriate
Usage

Quantity

29

16
1
1
4
316
15
2

FDA

Category 01 - Unauthorized
Access

13

FDA

Category 99 - Non-Incident

FDA

Category 03 - Malicious
Code

HRSA

Category 99 - Non-Incident

HRSA

Category 01 - Unauthorized
Access

HRSA

Category 04 - Inappropriate
Usage

IHS

Category 01 - Unauthorized
Access

IHS
IHS
IHS
IHS
ITIO
ITIO
ITIO
ITIO
NIH
NIH
NIH
NIH
NIH

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - Non-Incident
Category 04 - Inappropriate
Usage
Category 03 - Malicious
Code
Category 99 - Non-Incident
Category 04 - Inappropriate
Usage
Category 05 - Scans,
Probes and Attempted
Access
Category 99 - Non-Incident
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
Category 05 - Scans,
Probes and Attempted
Access
Category 01 - Unauthorized
Access

16

3
4
3
9
29
1
1
2
40
41
1
98
28

NIH

Category 03 - Malicious
Code

OIG

Category 01 - Unauthorized
Access

OIG

Category 99 - Non-Incident

OS

Category 04 - Inappropriate
Usage

OS

Category 01 - Unauthorized
Access

OS

Category 99 - Non-Incident

OS

Category 03 - Malicious
Code

PSC

Category 99 - Non-Incident

PSC

Category 03 - Malicious
Code

45

OPDIV

Category

Quantity

ACF

Category 01 - Unauthorized
Access

AHRQ

Category 99 - Non-Incident

CDC

Category 05 - Scans, Probes

and Attempted Access

10

CDC

Category 01 - Unauthorized
Access

15

CDC

Category 03 - Malicious
Code

27

CDC

Category 99 - Non-Incident

CMS

Category 04 - Inappropriate
Usage

28

CMS

Category 01 - Unauthorized
Access

304

CMS

Category 99 - Non-Incident

350

CMS

Category 05 - Scans, Probes

and Attempted Access

CMS

Category 03 - Malicious
Code

CSIRC

Category 99 - Non-Incident

FDA

Category 04 - Inappropriate
Usage

14

FDA

Category 01 - Unauthorized
Access

19

FDA

Category 05 - Scans, Probes

and Attempted Access

FDA

Category 03 - Malicious
Code

FDA

Category 99 - Non-Incident

HHS

Category 99 - Non-Incident

HRSA

Category 99 - Non-Incident

HRSA

Category 03 - Malicious
Code

IHS

Category 99 - Non-Incident

IHS

Category 01 - Unauthorized
Access

IHS
ITIO

Category 04 - Inappropriate
Usage
Category 03 - Malicious
Code

11
27

ITIO

Category 01 - Unauthorized
Access

ITIO

Category 05 - Scans, Probes

and Attempted Access

Category 00 - Network
Testing
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service

44

NIH

Category 05 - Scans, Probes

and Attempted Access

63

NIH

Category 03 - Malicious
Code

44

NIH

Category 99 - Non-Incident

28

NIH

Category 01 - Unauthorized
Access

33

ITIO
NIH
NIH

OS

Category 03 - Malicious
Code

OS

Category 01 - Unauthorized
Access

OS
OS

Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service

2
1

OS

Category 99 - Non-Incident

PSC

Category 01 - Unauthorized
Access

SAMHSA

Category 01 - Unauthorized
Access

OPDIV

Category

AHRQ

Category 01 - Unauthorized
Access

AHRQ

Category 03 - Malicious
Code

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 01 - Unauthorized
Access

60

CDC

Category 03 - Malicious
Code

38

CDC

Category 99 - Non-Incident

CMS

Category 04 - Inappropriate
Usage

14

CMS

Category 01 - Unauthorized
Access

357

CMS

Category 99 - Non-Incident

140

CMS
CMS

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code

Quantity

10
3

CSIRC

Category 99 - Non-Incident

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 03 - Malicious
Code

11

FDA

Category 01 - Unauthorized
Access

19

FDA

Category 99 - Non-Incident

FDA

Category 04 - Inappropriate
Usage

FDA

Category 02 - Denial of
Service

HRSA

Category 99 - Non-Incident

IHS
IHS

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code

4
4

IHS

Category 01 - Unauthorized
Access

15

IHS

Category 99 - Non-Incident

IHS

Category 04 - Inappropriate
Usage

25

ITIO

Category 03 - Malicious
Code

14

ITIO

Category 01 - Unauthorized
Access

ITIO

Category 04 - Inappropriate
Usage

ITIO

Category 99 - Non-Incident

NIH

Category 05 - Scans,
Probes and Attempted
Access

73

NIH

Category 01 - Unauthorized
Access

30

NIH

Category 03 - Malicious
Code

25

NIH

Category 99 - Non-Incident

31

NIH

Category 02 - Denial of
Service

NIH

Category 04 - Inappropriate
Usage

OS

Category 03 - Malicious
Code

OS

Category 01 - Unauthorized
Access

OS

Category 99 - Non-Incident

PSC

Category 04 - Inappropriate
Usage

PSC

Category 99 - Non-Incident

PSC

Category 01 - Unauthorized
Access

1
72

OPDIV

Category

Quantity

AHRQ

Category 03 - Malicious
Code

CDC

Category 99 - NonIncident

CDC

Category 03 - Malicious
Code

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 01 Unauthorized Access

52

CMS

Category 04 Inappropriate Usage

11

CMS

Category 02 - Denial of
Service

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 03 - Malicious
Code

CMS

Category 01 Unauthorized Access

373

CMS

Category 99 - NonIncident

104

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 01 Unauthorized Access

19

FDA
HRSA
HRSA

Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident

4
4
1

HRSA

Category 01 Unauthorized Access

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS

Category 01 Unauthorized Access

21

IHS
IHS
IHS
ITIO
ITIO

Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
Category 99 - NonIncident
Category 03 - Malicious
Code

2
1
18
3
25

ITIO

Category 04 Inappropriate Usage

ITIO

Category 01 Unauthorized Access

NIH

Category 05 - Scans,
Probes and Attempted
Access

78

NIH
NIH

Category 03 - Malicious
Code
Category 99 - NonIncident

24
18

NIH

Category 04 Inappropriate Usage

58

NIH

Category 01 Unauthorized Access

28

OIG

Category 01 Unauthorized Access

OIG

Category 04 Inappropriate Usage

OS

Category 99 - NonIncident

OS

Category 04 Inappropriate Usage

OS

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 03 - Malicious
Code

PSC

Category 04 Inappropriate Usage

PSC

Category 99 - NonIncident

PSC

Category 01 Unauthorized Access

TIC
TIC

Category 03 - Malicious
Code
Category 99 - NonIncident

1
4

OPDIV

Category

ACF

Category 01 Unauthorized Access

AHRQ

Category 01 Unauthorized Access

CDC

Category 01 Unauthorized Access

37

CDC

Category 99 - NonIncident

CDC

Category 03 Malicious Code

CDC

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 05 - Scans,
Probes and Attempted
Access

14

CMS

Category 04 Inappropriate Usage

13

CMS

Category 01 Unauthorized Access

334

CMS
CMS

Category 99 - NonIncident
Category 03 Malicious Code

Quantity

109
10

CMS
FDA
FDA

Category 00 - Network
Testing
Category 99 - NonIncident
Category 03 Malicious Code

2
3
2

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 01 Unauthorized Access

10

HRSA

Category 03 Malicious Code

HRSA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 01 Unauthorized Access

IHS

Category 04 Inappropriate Usage

19

IHS

Category 01 Unauthorized Access

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS

Category 03 Malicious Code

Category 99 - NonIncident

1
3

ITIO

Category 04 Inappropriate Usage

ITIO

Category 01 Unauthorized Access

ITIO
ITIO

Category 99 - NonIncident
Category 03 Malicious Code

1
7

NIH

Category 04 Inappropriate Usage

63

NIH

Category 01 Unauthorized Access

28

NIH

Category 05 - Scans,
Probes and Attempted
Access

91

NIH
NIH
OS

Category 03 Malicious Code

Category 99 - NonIncident
Category 99 - NonIncident

35
24
2

OS

Category 01 Unauthorized Access

OS

Category 04 Inappropriate Usage

PSC

Category 99 - NonIncident

PSC

Category 04 Inappropriate Usage

SAMHSA

Category 99 - NonIncident

TIC

Category 01 Unauthorized Access

TIC

Category 99 - NonIncident

OPDIV

Category

AHRQ

Category 01 Unauthorized Access

AoA

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 01 Unauthorized Access

16

CDC
CDC
CMS
CMS
CMS

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident

Quantity

5
5
16
9
120

CMS

Category 04 Inappropriate Usage

10

CMS

Category 01 Unauthorized Access

288

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 01 Unauthorized Access

17

FDA
FDA

Category 99 - NonIncident
Category 03 - Malicious
Code

1
3

HRSA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 01 Unauthorized Access

HRSA
HRSA

Category 99 - NonIncident
Category 03 - Malicious
Code

2
2

IHS

Category 04 Inappropriate Usage

23

IHS

Category 01 Unauthorized Access

12

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS

Category 03 - Malicious
Code
Category 99 - NonIncident

4
5

ITIO

Category 05 - Scans,
Probes and Attempted
Access

ITIO

Category 01 Unauthorized Access

ITIO
ITIO

Category 99 - NonIncident
Category 03 - Malicious
Code

2
18

NIH

Category 04 Inappropriate Usage

64

NIH

Category 01 Unauthorized Access

23

NIH

Category 05 - Scans,
Probes and Attempted
Access

80

NIH
NIH

Category 03 - Malicious
Code
Category 99 - NonIncident

27
36

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

OS
OS
PSC

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident

3
1
1

PSC

Category 01 Unauthorized Access

PSC

Category 04 Inappropriate Usage

TIC

Category 99 - NonIncident

OPDIV

Category

ACF

Category 99 - NonIncident

ACF

Category 01 Unauthorized Access

ACF

Category 04 Inappropriate Usage

AHRQ

Category 99 - NonIncident

AHRQ

Category 01 Unauthorized Access

CDC

Category 05 - Scans,
Probes and Attempted
Access

15

CDC
CDC

Category 03 - Malicious
Code
Category 99 - NonIncident

Quantity

11
10

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

21

CMS

Category 01 Unauthorized Access

276

CMS

Category 99 - NonIncident

106

CMS

Category 04 Inappropriate Usage

CMS

Category 02 - Denial of
Service

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 03 - Malicious
Code

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA
FDA

Category 03 - Malicious
Code
Category 99 - NonIncident

26

12
2
1
2

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

18

HRSA

Category 03 - Malicious
Code

HRSA

Category 01 Unauthorized Access

IHS

Category 03 - Malicious
Code

IHS

Category 04 Inappropriate Usage

IHS

Category 99 - NonIncident

IHS

Category 01 Unauthorized Access

ITIO

Category 99 - NonIncident

ITIO

Category 04 Inappropriate Usage

ITIO

Category 01 Unauthorized Access

ITIO

Category 05 - Scans,
Probes and Attempted
Access

ITIO

Category 03 - Malicious
Code

NIH

Category 05 - Scans,
Probes and Attempted
Access

NIH

Category 03 - Malicious
Code

37

NIH

Category 01 Unauthorized Access

37

NIH

Category 99 - NonIncident

18

NIH

Category 04 Inappropriate Usage

66

NIH

Category 02 - Denial of
Service

OIG

Category 04 Inappropriate Usage

OIG

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 03 - Malicious
Code

OS

Category 04 Inappropriate Usage

OS
PSC

Category 99 - NonIncident
Category 99 - NonIncident

1
15
102

3
3

PSC

Category 01 Unauthorized Access

PSC

Category 04 Inappropriate Usage

SAMHSA

Category 04 Inappropriate Usage

SAMHSA

Category 01 Unauthorized Access

TIC

Category 99 - NonIncident

OPDIV

Category

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

20

CDC

Category 05 - Scans,
Probes and Attempted
Access

14

CDC

Category 03 - Malicious
Code

CDC

Category 99 - NonIncident

CMS

Category 99 - NonIncident

101

CMS

Category 04 Inappropriate Usage

29

CMS

Category 01 Unauthorized Access

264

CMS

Category 05 - Scans,
Probes and Attempted
Access

14

CMS
FDA
FDA

Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 04 Inappropriate Usage

Quantity

33
2
2

FDA

Category 01 Unauthorized Access

21

FDA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 01 Unauthorized Access

HRSA
HRSA

Category 99 - NonIncident
Category 03 - Malicious
Code

7
8

IHS

Category 04 Inappropriate Usage

26

IHS

Category 01 Unauthorized Access

13

IHS
IHS
ITIO
ITIO
ITIO

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 01 Unauthorized Access
Category 99 - NonIncident
Category 03 - Malicious
Code

ITIO

Category 04 Inappropriate Usage

NIH

Category 05 - Scans,
Probes and Attempted
Access

NIH
NIH

Category 03 - Malicious
Code
Category 99 - NonIncident

3
3
1
3
40
2

100
32
32

NIH

Category 04 Inappropriate Usage

56

NIH

Category 01 Unauthorized Access

28

OIG

Category 99 - NonIncident

OIG

Category 04 Inappropriate Usage

OS

Category 05 - Scans,
Probes and Attempted
Access

OS
OS

Category 03 - Malicious
Code
Category 99 - NonIncident

3
9

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

TIC

Category 99 - NonIncident

OPDIV

Category

CDC

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

19

CDC

Category 03 - Malicious
Code

12

CDC

Category 06 Investigation

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

12

CMS

Category 99 - NonIncident

79

CMS

Category 05 - Scans,
Probes and Attempted
Access

37

CMS
CMS
CMS
CMS

Category 03 - Malicious
Code
Category 00 - Network
Testing
Category 06 Investigation
Category 04 Inappropriate Usage

Quantity
6

27
1
1
32

CMS

Category 01 Unauthorized Access

CSIRC

Category 06 Investigation

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

26

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA
FDA
HRSA
HRSA

Category 03 - Malicious
Code
Category 99 - NonIncident
Category 99 - NonIncident
Category 03 - Malicious
Code

282

3
1
7
17

HRSA

Category 05 - Scans,
Probes and Attempted
Access

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS

Category 03 - Malicious
Code
Category 06 Investigation

3
1

IHS

Category 04 Inappropriate Usage

41

IHS

Category 01 Unauthorized Access

40

IHS
ITIO
ITIO

Category 99 - NonIncident
Category 99 - NonIncident
Category 03 - Malicious
Code

2
3
33

ITIO

Category 04 Inappropriate Usage

NIH

Category 05 - Scans,
Probes and Attempted
Access

NIH
NIH

Category 99 - NonIncident
Category 03 - Malicious
Code

108
35
32

NIH

Category 04 Inappropriate Usage

59

NIH

Category 01 Unauthorized Access

20

OIG

Category 01 Unauthorized Access

OIG

Category 04 Inappropriate Usage

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

OS
OS
PSC
PSC

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident

3
2
2
1

OPDIV

Category

AHRQ

Category 01 - Unauthorized
Access

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 03 - Malicious
Code

CDC

Category 99 - Non-Incident

CDC

Category 04 - Inappropriate
Usage

CDC

Category 01 - Unauthorized
Access

18

CMS

Category 06 - Investigation

10

CMS

Category 04 - Inappropriate
Usage

25

CMS

Category 01 - Unauthorized
Access

237

CMS

Category 99 - Non-Incident

76

CMS
CMS
CMS

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 Non-Incident

Quantity

13

19
22
2

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 01 - Unauthorized
Access

17

FDA

Category 99 - Non-Incident

FDA

Category 03 - Malicious
Code

HRSA

Category 99 - Non-Incident

HRSA
HRSA

Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access

4
3

HRSA

Category 01 - Unauthorized
Access

IHS

Category 06 - Investigation

IHS

Category 03 - Malicious
Code

IHS

Category 99 - Non-Incident

IHS

Category 04 - Inappropriate
Usage

24

IHS

Category 01 - Unauthorized
Access

27

ITIO

Category 03 - Malicious
Code

19

ITIO

Category 04 - Inappropriate
Usage

ITIO

Category 06 - Investigation

NIH

Category 99 - Non-Incident

20

NIH

Category 04 - Inappropriate
Usage

72

NIH

Category 01 - Unauthorized
Access

18

NIH
NIH

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code

84
22

OIG

Category 04 - Inappropriate
Usage

OIG

Category 01 - Unauthorized
Access

OS

Category 04 - Inappropriate
Usage

OS

Category 99 - Non-Incident

OS

Category 03 - Malicious
Code

PSC

Category 04 - Inappropriate
Usage

OPDIV

Category

AHRQ

Category 01 Unauthorized Access

CDC

Category 06 Investigation

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

16

CDC

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 03 - Malicious
Code

CMS

Category 01 Unauthorized Access

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS
CMS
CMS

Category 99 NonIncident
Category 03 - Malicious
Code
Category 06 Investigation

Quantity

16

5
253

5
1
16
3

CMS

Category 04 Inappropriate Usage

16

CMS

Category 99 - NonIncident

105

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA
FDA
FDA

Category 02 - Denial of
Service
Category 99 - NonIncident
Category 03 - Malicious
Code

4
1
3
2

FDA

Category 01 Unauthorized Access

17

HRSA

Category 01 Unauthorized Access

HRSA

Category 03 - Malicious
Code

12

IHS

Category 01 Unauthorized Access

30

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS
IHS
ITIO
ITIO
NIH
NIH

Category 03 - Malicious
Code
Category 06 Investigation
Category 04 Inappropriate Usage
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 06 Investigation
Category 04 Inappropriate Usage

1
8
38
35
1
1
57

NIH

Category 01 Unauthorized Access

23

NIH

Category 99 - NonIncident

14

NIH

Category 05 - Scans,
Probes and Attempted
Access

86

NIH
OS
OS
OS
OS

Category 03 - Malicious
Code
Category 99 NonIncident
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident

17
1
2
2
2

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

PSC

Category 04 Inappropriate Usage

PSC

Category 06 Investigation

PSC

Category 01 Unauthorized Access

OPDIV

Category

AHRQ

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 99 - NonIncident

CDC

Category 03 - Malicious
Code

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

CMS

Category 99 - NonIncident

78

CMS

Category 05 - Scans,
Probes and Attempted
Access

22

CMS
CMS
CMS
CMS

Category 03 - Malicious
Code
Category 00 - Network
Testing
Category 99 NonIncident
Category 06 Investigation

Quantity

12

24
1
5
1

CMS

Category 04 Inappropriate Usage

25

CMS

Category 01 Unauthorized Access

250

CSIRC
FDA
FDA

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 06 Investigation

1
3
2

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

16

FDA

Category 99 - NonIncident

FDA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 01 Unauthorized Access

HRSA

Category 03 - Malicious
Code

IHS

Category 05 - Scans,
Probes and Attempted
Access

IHS
IHS

Category 03 - Malicious
Code
Category 06 Investigation

3
4

IHS

Category 04 Inappropriate Usage

23

IHS

Category 01 Unauthorized Access

19

ITIO
ITIO
NIH
NIH
NIH

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident

3
26
58
23
23

NIH

Category 04 Inappropriate Usage

60

NIH

Category 01 Unauthorized Access

22

OIG

Category 99 - NonIncident

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

OS
OS
PSC

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident

1
2
1

PSC

Category 01 Unauthorized Access

PSC

Category 04 Inappropriate Usage

SAMHSA
SAMHSA

Category 99 - NonIncident
Category 05 Scans/Probes/Attempted
Access

1
1

OPDIV

Category

ACF

Category 01 Unauthorized Access

ACF

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 99 - NonIncident

CDC

Category 01 Unauthorized Access

CDC
CMS

Category 03 - Malicious
Code
Category 05 Scans/Probes/Attempted
Access

Quantity

25

12
2

CMS

Category 04 Inappropriate Usage

34

CMS

Category 01 Unauthorized Access

282

CMS

Category 99 - NonIncident

67

CMS

Category 05 - Scans,
Probes and Attempted
Access

31

CMS

Category 03 - Malicious
Code

10

FDA

Category 99 - NonIncident

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

19

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 03 - Malicious
Code

HRSA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 01 Unauthorized Access

HRSA
HRSA
IHS

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 NonIncident

4
2
1

IHS

Category 04 Inappropriate Usage

15

IHS

Category 01 Unauthorized Access

25

IHS
IHS
ITIO
ITIO
ITIO
ITIO
NIH

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 02 - Denial of
Service
Category 03 - Malicious
Code
Category 01 Unauthorized Access
Category 99 - NonIncident
Category 99 - NonIncident

1
3
1
11
1
1
18

NIH

Category 04 Inappropriate Usage

61

NIH

Category 01 Unauthorized Access

27

NIH

Category 05 - Scans,
Probes and Attempted
Access

87

NIH
OIG
OS
OS
OS

Category 03 - Malicious
Code
Category 99 - NonIncident
Category 01 Unauthorized Access
Category 99 - NonIncident
Category 03 - Malicious
Code

31
2
2
2
2

OS

Category 04 Inappropriate Usage

PSC

Category 99 - NonIncident

PSC

Category 01 Unauthorized Access

OPDIV

Category

ACF

Category 04 Inappropriate Usage

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 99 - NonIncident

CDC

Category 03 - Malicious
Code

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

14

CMS
CMS

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access

Quantity

3
1

CMS

Category 04 Inappropriate Usage

86

CMS

Category 01 Unauthorized Access

231

CMS
CMS

Unknown
Category 99 - NonIncident

1
35

CMS
CMS
CSIRC
FDA
FDA

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident

29
10
1
2
3

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

19

FDA

Category 05 - Scans,
Probes and Attempted
Access

HRSA
HRSA

Category 03 - Malicious
Code
Category 99 - NonIncident

1
1

HRSA

Category 01 Unauthorized Access

IHS

Category 04 Inappropriate Usage

IHS

Category 01 Unauthorized Access

IHS
IHS
ITIO
ITIO
ITIO
ITIO

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 02 - Denial of
Service
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 NonIncident

1
7
1
3
1
1

ITIO

Category 04 Inappropriate Usage

NIH

Category 99 - NonIncident

16

NIH

Category 04 Inappropriate Usage

50

NIH

Category 01 Unauthorized Access

34

NIH

Category 05 - Scans,
Probes and Attempted
Access

80

NIH
OIG

Category 03 - Malicious
Code
Category 02 - Denial of
Service

24
1

OIG

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 99 - NonIncident

OS

Category 01 Unauthorized Access

OS

Category 04 Inappropriate Usage

PSC

Category 04 Inappropriate Usage

OPDIV

Category

Quantity

ACF

Category 04 Inappropriate Usage

ACF

Category 99 - NonIncident

ACF

Category 01 Unauthorized
Access

AHRQ

Category 01 Unauthorized
Access

CDC

Category 03 Malicious Code

29

CDC

Category 99 - NonIncident

13

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized
Access

32

CDC

Category 05 Scans, Probes and

Attempted Access

11

CMS

Category 05 Scans, Probes and

Attempted Access

19

CMS

Category 03 Malicious Code

12

CMS

Category 99 NonIncident

CMS

Category 05 Scans/Probes/Attem
pted Access

CMS

Category 04 Inappropriate Usage

89

CMS
CMS
CMS
FDA

Unknown
Category 01 Unauthorized
Access
Category 99 - NonIncident
Category 99 - NonIncident

112
118
44
3

FDA

Category 05 Scans, Probes and

Attempted Access

FDA

Category 01 Unauthorized
Access

FDA

Category 05 Scans/Probes/Attem
pted Access

FDA

Category 03 Malicious Code

HRSA

Category 04 Inappropriate Usage

HRSA

Category 01 Unauthorized
Access

HRSA

Category 03 Malicious Code

IHS

Category 05 Scans, Probes and

Attempted Access

17

IHS

Category 03 Malicious Code

IHS

Category 99 - NonIncident

IHS

Category 04 Inappropriate Usage

52

IHS

Category 01 Unauthorized
Access

60

ITIO

Category 04 Inappropriate Usage

ITIO
ITIO

Category 01 Unauthorized
Access
Category 99 - NonIncident

5
1
2

ITIO

Category 05 Scans, Probes and

Attempted Access

ITIO

Category 03 Malicious Code

ITIO

Category 99 NonIncident

ITIO

Category 05 Scans/Probes/Attem
pted Access

NIH

Category 05 Scans/Probes/Attem
pted Access

NIH

Category 04 Inappropriate Usage

68

NIH
NIH

Category 01 Unauthorized
Access
Category 99 - NonIncident

30
21

NIH

Category 05 Scans, Probes and

Attempted Access

NIH

Category 03 Malicious Code

OIG

Category 99 - NonIncident

OIG

Category 04 Inappropriate Usage

OIG

Category 05 Scans, Probes and

Attempted Access

OIG

Category 01 Unauthorized
Access

OS

Category 05 Scans, Probes and

Attempted Access

OS

Category 03 Malicious Code

OS

Category 99 - NonIncident

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized
Access

PSC

Category 04 Inappropriate Usage

PSC
PSC
SAMHSA

Category 99 - NonIncident
Category 01 Unauthorized
Access
Category 03 Malicious Code

105

15

6
2
2

SAMHSA

Category 01 Unauthorized
Access

OPDIV

Category

ACF

Category 01 Unauthorized Access

ACF

Category 04 Inappropriate Usage

AHRQ

Category 99 - NonIncident

AHRQ

Category 01 Unauthorized Access

AHRQ

Category 04 Inappropriate Usage

CDC

Category 99 - NonIncident

CDC

Category 03 - Malicious
Code

11

CDC

Category 05 - Scans,
Probes and Attempted
Access

12

CDC

Category 01 Unauthorized Access

38

CMS
CMS

Unknown
Category 99 - NonIncident

Quantity

178
16

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 03 - Malicious
Code

CMS
CMS
CMS
CMS
CMS
CSIRC
FDA
FDA
FDA

Category 01 Unauthorized Access

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 04 Inappropriate Usage
Category 02 - Denial of
Service
Category 99 - NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident

72
4
11
68
1
1
5
1
1

FDA

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 01 Unauthorized Access

23

HRSA
HRSA
HRSA
IHS

Category 99 NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 05 Scans/Probes/Attempted
Access

1
4
2
1

IHS

Category 04 Inappropriate Usage

23

IHS

Category 01 Unauthorized Access

14

IHS

Category 99 - NonIncident

IHS
IHS
ITIO
ITIO
ITIO
NIH
NIH

Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 NonIncident
Category 03 - Malicious
Code
Category 04 Inappropriate Usage
Category 02 - Denial of
Service
Category 99 - NonIncident

1
3
1
10
3
2
26

NIH

Category 05 - Scans,
Probes and Attempted
Access

79

NIH

Category 03 - Malicious
Code

19

NIH

Category 01 Unauthorized Access

27

NIH
NIH

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access

1
5

NIH

Category 04 Inappropriate Usage

59

OIG

Category 01 Unauthorized Access

OS

Category 04 Inappropriate Usage

OS

Category 99 - NonIncident

OS

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 03 - Malicious
Code

OS
OS
PSC

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code

3
2
1

PSC

Category 04 Inappropriate Usage

SAMHSA

Category 01 Unauthorized Access

TIC

Category 99 - NonIncident

OPDIV

Category

ACF

Category 01 Unauthorized Access

ACF

Category 03 - Malicious
Code

ACF

Category 04 Inappropriate Usage

AHRQ

Category 99 - NonIncident

CDC

Category 05 - Scans,
Probes and Attempted
Access

CDC

Category 99 - NonIncident

CDC

Category 01 Unauthorized Access

CDC
CMS
CMS

Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 NonIncident

CMS

Category 01 Unauthorized Access

CMS

Category 05 Scans/Probes/Attempted
Access

CMS

Category 04 Inappropriate Usage

Quantity

21

7
17
4
7
4
56
7
75

CMS
CMS
CMS

Unknown
Category 02 - Denial of
Service
Category 99 - NonIncident

194
1
11

CMS

Category 05 - Scans,
Probes and Attempted
Access

FDA

Category 01 Unauthorized Access

15

FDA
FDA
FDA
FDA
FDA
HRSA
HRSA
HRSA

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 NonIncident

1
4
5
1
2
1
1
1

HRSA

Category 04 Inappropriate Usage

HRSA

Category 01 Unauthorized Access

IHS
IHS
IHS
IHS

Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage

2
2
1
36

IHS

Category 01 Unauthorized Access

ITIO

Category 99 NonIncident

ITIO

Category 04 Inappropriate Usage

ITIO

Category 01 Unauthorized Access

ITIO

Category 05 - Scans,
Probes and Attempted
Access

ITIO
NIH

Category 03 - Malicious
Code
Category 05 Scans/Probes/Attempted
Access

6
2

NIH

Category 04 Inappropriate Usage

58

NIH

Category 01 Unauthorized Access

22

NIH

Category 99 - NonIncident

19

NIH

Category 05 - Scans,
Probes and Attempted
Access

NIH

Category 03 - Malicious
Code

OIG

Category 01 Unauthorized Access

OS

Category 05 - Scans,
Probes and Attempted
Access

OS

Category 99 - NonIncident

OS

Category 04 Inappropriate Usage

OS

Category 99 NonIncident

101
26

PSC

Category 01 Unauthorized Access

PSC

Category 04 Inappropriate Usage

SAMHSA

Category 05 - Scans,
Probes and Attempted
Access

OPDIV

Category

Quantity

ACF

Category 05 - Scans,
Probes and Attempted
Access

AHRQ

Category 05 Scans/Probes/Attempted
Access

AHRQ

Category 05 - Scans,
Probes and Attempted
Access

AoA

Category 05 - Scans,
Probes and Attempted
Access

AoA

Category 04 Inappropriate Usage

CDC

Category 04 Inappropriate Usage

CDC

Category 01 Unauthorized Access

19

CDC

Category 05 - Scans,
Probes and Attempted
Access

16

CDC

Category 03 - Malicious
Code

14

CDC

Category 99 - NonIncident

CMS

Category 05 - Scans,
Probes and Attempted
Access

CMS

Category 01 Unauthorized Access

81

CMS
CMS
CMS
CMS
CMS
CSIRC
FDA
FDA
FDA

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 04 Inappropriate Usage
Unknown
Category 99 - NonIncident
Category 99 - NonIncident
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 05 Scans/Probes/Attempted
Access

8
8
75
209
16
1
2
4
3

FDA

Category 04 Inappropriate Usage

FDA

Category 01 Unauthorized Access

18

FDA

Category 99 - NonIncident

HRSA

Category 05 - Scans,
Probes and Attempted
Access

HRSA

Category 01 Unauthorized Access

HRSA
HRSA
IHS
IHS
IHS
IHS
ITIO
ITIO

Category 99 - NonIncident
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
Category 00 - Network
Testing
Category 99 - NonIncident

1
2
1
2
1
27
1
4

ITIO

Category 04 Inappropriate Usage

ITIO

Category 01 Unauthorized Access

ITIO

Category 99 NonIncident

ITIO

Category 05 - Scans,
Probes and Attempted
Access

ITIO

Category 03 - Malicious
Code

NIH

Category 04 Inappropriate Usage

49

NIH

Category 01 Unauthorized Access

38

NIH

Category 99 - NonIncident

16

NIH

Category 05 - Scans,
Probes and Attempted
Access

NIH

Category 03 - Malicious
Code

176
23

NIH
NIH

Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access

3
2

OIG

Category 04 Inappropriate Usage

OS

Category 05 - Scans,
Probes and Attempted
Access

OS
OS

Category 03 - Malicious
Code
Category 99 - NonIncident

1
1

OS

Category 04 Inappropriate Usage

OS

Category 01 Unauthorized Access

PSC

Category 05 - Scans,
Probes and Attempted
Access

PSC

Category 04 Inappropriate Usage

SAMHSA

Category 99 - NonIncident

SAMHSA

Category 05 - Scans,
Probes and Attempted
Access

OPDIV
ACF

Functional Impact
None

Information Impact
Integrity

Recoverability Effort
Regular

ACF

None

None

Regular

ACF

None

None

Regular

ACF

None

None

Not Applicable

ACF

None

Privacy

Regular

ACF

None

Integrity

Regular

AHRQ

None

None

Regular

AHRQ

None

None

Not Applicable

AHRQ

None

None

Not Applicable

CDC

None

Privacy

Regular

CDC

None

Privacy

Regular

CDC
CDC

None
None

None
None

Regular
Regular

CDC

None

None

Regular

CDC

None

None

Regular

CDC

None

None

Not Recoverable

CDC
CDC
CDC
CDC

None
None
None
None

None
None
None
None

Not Applicable
Not Recoverable
Not Applicable
Not Applicable

CDC

None

None

Not Applicable

CMS

None

None

Not Applicable

CMS

None

None

Regular

CMS
CMS
CMS
CMS

Low
Low
None
None

Privacy
Integrity
None
Privacy

Extended
Regular
Regular
Regular

CMS

None

None

Not Applicable

CMS

None

None

Not Applicable

CMS

None

Privacy

Regular

CMS
CMS

None
None

None
None

Not Applicable
Not Applicable

CMS

None

Privacy

Not Recoverable

CMS

None

Privacy

Regular

CMS

None

Proprietary

Regular

CMS
CMS

None
None

None
None

Not Applicable
Not Applicable

CMS

Medium

Privacy

Not Applicable

CMS
CMS
CMS

None
None
None

Privacy
Privacy
Privacy

Not Applicable
Regular
Regular

CMS

None

None

Extended

CMS
CMS
CMS
CMS
CMS
CMS

Medium
None
None
None
None
Medium

Privacy
Privacy
Privacy
Privacy
Integrity
None

Not Applicable
Not Recoverable
Regular
Not Applicable
Regular
Regular

CMS

None

Privacy

Not Applicable

CMS

Medium

Proprietary

Not Applicable

CMS

Low

Privacy

Supplemented

CMS
CMS

None
Low

Privacy
Privacy

Not Applicable
Not Recoverable

CMS

Low

Privacy

Extended

CMS

Low

Integrity

Regular

CMS
CMS
CMS

Low
None
Medium

Privacy
Privacy
Privacy

Regular
Extended
Regular

CMS

Low

Integrity

Extended

CMS

None

Privacy

Extended

CMS
CMS
CMS
CMS
CMS

Medium
Low
Low
None
Medium

Privacy
Privacy
None
Privacy
Privacy

Regular
Not Applicable
Regular
Extended
Not Applicable

CMS

Low

Privacy

Not Applicable

CMS

Low

None

Regular

CMS

High

None

Not Applicable

CMS

None

None

Regular

CMS

Low

Privacy

Not Applicable

CMS

Low

None

Not Applicable

CMS
CMS
CSIRC
FDA
FDA
FDA
FDA
FDA

High
None
None
None
None
None
None
None

Integrity
None
None
None
None
Integrity
Integrity
None

Regular
Regular
Regular
Regular
Regular
Regular
Regular
Regular

FDA

None

None

Not Recoverable

FDA

None

None

Not Applicable

FDA

None

None

Not Applicable

FDA

None

None

Regular

FDA

None

None

Not Applicable

FDA

None

None

Regular

FDA

None

None

Regular

FDA

None

None

Extended

HRSA
HRSA
HRSA
IHS

None
None
None
None

None
None
Integrity
None

Not Applicable
Not Applicable
Regular
Regular

IHS

None

Privacy

Regular

IHS

None

Privacy

Regular

IHS

None

Privacy

Not Recoverable

ITIO
ITIO

None
None

None
None

Regular
Regular

ITIO

None

None

Regular

ITIO
ITIO
ITIO
ITIO
ITIO
ITIO
NIH
NIH
NIH
NIH

None
None
None
Low
None
None
None
None
Low
None

None
None
Integrity
None
Integrity
Integrity
Integrity
Integrity
None
None

Regular
Not Applicable
Regular
Regular
Regular
Regular
Regular
Regular
Regular
Regular

NIH

None

None

Regular

NIH

None

None

Regular

NIH

None

None

Regular

NIH
NIH
NIH
NIH
NIH

None
None
None
None
None

None
Privacy
Privacy
None
None

Regular
Regular
Not Applicable
Not Applicable
Regular

NIH
NIH
NIH
NIH
OIG

None
None
None
None
None

None
None
None
None
Privacy

Not Applicable
Regular
Not Applicable
Not Applicable
Regular

OIG

None

Privacy

Regular

OIG

None

None

Regular

OS

None

Privacy

Regular

OS
OS
OS

None
None
None

Privacy
Privacy
None

Regular
Regular
Regular

PSC

None

Privacy

Regular

PSC
PSC
PSC

None
None
None

Privacy
None
None

Regular
Regular
Not Applicable

PSC

Low

Privacy

Regular

PSC

None

Privacy

Regular

Threat Vector
Email

Quantity
1

Unknown

Email

Unknown

Loss or Theft of
Equipment

Unknown

Loss or Theft of
Equipment

Unknown

Email

Other

Improper Usage

Web
Unknown

7
2

Loss or Theft of
Equipment

Email

19

Loss or Theft of
Equipment

Email
Email
Unknown
Other

7
3
1
1

Loss or Theft of
Equipment

Loss or Theft of
Equipment

Email

Other
Web
Unknown
Other
Improper Usage
Web

3
1
2
116
2
15

Loss or Theft of
Equipment

Email
Unknown

1
4

Loss or Theft of
Equipment

Improper Usage

46

Improper Usage

Attrition
Other
Loss or Theft of
Equipment
Unknown
Email
Web
Loss or Theft of
Equipment
Email
Other
Unknown
Other
Web
Unknown

1
16
2
1
23
1
3
20
2
7
33
2
1

Improper Usage

Loss or Theft of
Equipment

Impersonation/Sp
oofing
Email
Unknown

1
4
1

Improper Usage
Impersonation/Sp
oofing
Email
Other
Other

1
1
1
9
2

Loss or Theft of
Equipment

Improper Usage

Email
Unknown
Web
Email
Other

3
2
1
1
6

Improper Usage

Loss or Theft of
Equipment

Loss or Theft of
Equipment

Loss or Theft of
Equipment

Email

Loss or Theft of
Equipment

Email
Web
Web
Email
Other
Other
Web
Attrition

1
5
1
1
1
1
2
2

Loss or Theft of
Equipment

Other

Loss or Theft of
Equipment

Loss or Theft of
Equipment

11

Email

Improper Usage

Unknown

Loss or Theft of
Equipment

Web
Unknown
Web
Unknown

1
1
2
1

Improper Usage

18

Email

Improper Usage

Web
Unknown

1
1

Loss or Theft of
Equipment

Email
Email
Web
Unknown
Unknown
Email
Email
Web
Email
Other

3
1
4
1
4
2
6
1
2
8

Loss or Theft of
Equipment

18

Improper Usage

45

Impersonation/Sp
oofing
Email
Unknown
Other
Unknown
Web

2
157
1
1
1
12

Other
Unknown
Email
Attrition
Other

11
18
1
1
1

Improper Usage

Email

Improper Usage

Email
Unknown
Web

1
1
1

Improper Usage

Email
Unknown
Other

1
2
1

Improper Usage

Other

OPDIV
CDC
CMS
CMS

Functional Impact
None
None
Low

Information Impact
Privacy
Privacy
Privacy

Recoverability Effort
Extended
Extended
Extended

CMS

None

None

Extended

NIH

None

None

Extended

NIH

Low

Privacy

Extended

AHRQ

None

None

Not Applicable

CDC
CDC
CDC

None
None
None

None
None
None

Not Applicable
Not Applicable
Not Applicable

CDC

None

None

Not Applicable

CMS

None

Privacy

Not Applicable

CMS
CMS
CMS
CMS
CMS
CMS
CMS
CMS
CMS
CMS

Medium
Low
None
Low
None
Low
None
None
Low
None

Privacy
None
Privacy
Privacy
Privacy
Privacy
Privacy
None
Privacy
None

Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable

CMS

Low

None

Not Applicable

CMS

None

None

Not Applicable

CMS

None

None

Not Applicable

CMS

Medium

Privacy

Not Applicable

CMS

None

None

Not Applicable

CMS
CMS
CMS
CMS

Medium
Medium
Low
Medium

Privacy
None
None
Privacy

Not Applicable
Not Applicable
Not Applicable
Not Applicable

CMS
CMS

Medium
Low

None
None

Not Applicable
Not Applicable

FDA

Low

Integrity

Not Applicable

FDA

None

None

Not Applicable

FDA

None

None

Not Applicable

FDA

Medium

Integrity

Not Applicable

HRSA
HRSA

None
None

None
None

Not Applicable
Not Applicable

HRSA

None

None

Not Applicable

IHS
ITIO
ITIO
ITIO
NIH
NIH

None
Low
None
None
None
None

None
None
None
None
None
None

Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable

NIH

None

None

Not Applicable

NIH

None

None

Not Applicable

CDC

None

None

Not Recoverable

CMS
CMS

None
Low

Privacy
Privacy

Not Recoverable
Not Recoverable

CMS

None

Privacy

Not Recoverable

CMS

None

None

Not Recoverable

CMS

None

None

Not Recoverable

CMS

None

Privacy

Not Recoverable

FDA

None

None

Not Recoverable

FDA

Low

None

Not Recoverable

ACF

Low

Privacy

Regular

ACF
ACF

None
None

Privacy
Integrity

Regular
Regular

ACF

Medium

Privacy

Regular

AHRQ

None

Privacy

Regular

AHRQ
CDC
CDC

None
Medium
None

None
Integrity
None

Regular
Regular
Regular

CDC

None

Privacy

Regular

CDC

None

None

Regular

CDC

None

None

Regular

CDC
CMS
CMS
CMS
CMS
CMS

None
Medium
None
None
None
None

Integrity
Integrity
Privacy
None
Privacy
None

Regular
Regular
Regular
Regular
Regular
Regular

CMS

None

Privacy

Regular

CMS

None

None

Regular

CMS

None

Privacy

Regular

CMS

None

None

Regular

CMS
CMS

None
Low

Privacy
None

Regular
Regular

CMS

None

None

Regular

CMS
CMS
CMS
FDA

Low
Medium
Medium
None

None
Privacy
Privacy
None

Regular
Regular
Regular
Regular

FDA

None

None

Regular

FDA

None

Integrity

Regular

FDA
HRSA

Low
None

Integrity
Integrity

Regular
Regular

IHS
IHS
IHS

Low
None
None

None
Integrity
Privacy

Regular
Regular
Regular

IHS

None

Privacy

Regular

IHS
IHS
ITIO
ITIO
ITIO

None
None
Low
None
High

Privacy
None
None
None
None

Regular
Regular
Regular
Regular
Regular

ITIO

None

Proprietary

Regular

ITIO
ITIO
ITIO
ITIO
ITIO
ITIO
NIH

Low
Medium
None
Low
Low
None
None

None
None
Privacy
None
Privacy
None
None

Regular
Regular
Regular
Regular
Regular
Regular
Regular

NIH

None

None

Regular

NIH

None

Privacy

Regular

NIH
NIH
NIH
NIH
NIH

None
None
None
None
Low

None
Integrity
Integrity
None
Integrity

Regular
Regular
Regular
Regular
Regular

NIH

Low

Privacy

Regular

NIH

None

None

Regular

NIH

None

None

Regular

NIH

None

None

Regular

OIG
OIG
OIG
OS
OS
OS
OS

None
None
Low
None
None
Low
Low

Privacy
Privacy
Privacy
None
None
Privacy
Integrity

Regular
Regular
Regular
Regular
Regular
Regular
Regular

PSC

None

Privacy

Regular

PSC

Low

Privacy

Regular

SAMHSA

None

None

Regular

Threat Vector
Unknown
Other
Other

Quantity
1
2
3

Loss or Theft of
Equipment

Loss or Theft of
Equipment

Unknown

Other

Unknown
Email
Other

1
5
1

Loss or Theft of
Equipment

Improper Usage

Other
Other
Email
Unknown
Unknown
Other
Other
Web
Email
Unknown

1
4
1
1
7
1
31
9
2
3

Improper Usage

Other

Loss or Theft of
Equipment

Improper Usage

Improper Usage

Email
Other
Web
Web

13
1
2
1

Email
Unknown

1
4

Loss or Theft of
Equipment

Other

Loss or Theft of
Equipment

Loss or Theft of
Equipment

Web
Unknown

4
1

Loss or Theft of
Equipment

Other
Web
Web
Other
Unknown
Other
Loss or Theft of
Equipment
Email

1
1
1
1
1
154
2
12

Loss or Theft of
Equipment

Other
Unknown

7
2

Loss or Theft of
Equipment

Other

Loss or Theft of
Equipment

Unknown

25

Loss or Theft of
Equipment

Loss or Theft of
Equipment

Unknown

Email
Unknown

1
1

Loss or Theft of
Equipment

Improper Usage

Other
Unknown
Email

1
1
21

Improper Usage

Unknown

Loss or Theft of
Equipment

Unknown
Other
Unknown
Web
Other
Unknown

2
1
22
7
165
3

Loss or Theft of
Equipment

Other

Improper Usage

24

Loss or Theft of
Equipment

Email
Web

24
1

Improper Usage

Other
Other
Email
Unknown

1
4
3
1

Loss or Theft of
Equipment

Improper Usage

Email
Email

1
1

Unknown
Other
Other

1
1
1

Improper Usage

Email
Unknown
Web
Unknown
Email
Improper Usage
Unknown
Email
Email
Email
Email
Web
Email
Impersonation/Sp
oofing
Improper Usage
Web
Web
Email
Unknown
Email

10
1
9
2
2
1
3
4
1
2
3
2
65
1
1
13
1
1
6
1

Improper Usage

Other

Loss or Theft of
Equipment

11

Improper Usage

39

Other
Email
Email
Web
Unknown
Email
Web

1
2
1
1
2
1
1

Improper Usage

Email

Unknown

OPDIV
CMS
CMS

Functional Impact
Low
Low

Information Impact
Privacy
Privacy

Recoverability Effort
Extended
Extended

CMS

None

None

Extended

CMS

None

None

Extended

CMS

None

Privacy

Extended

CMS

None

Privacy

Extended

CMS

None

Privacy

Extended

CMS

None

Privacy

Extended

CMS

None

Proprietary

Extended

FDA
CMS

None
Low

Privacy
Privacy

Extended
Not Applicable

CMS

Low

Integrity

Not Applicable

CMS

Low

Integrity

Not Applicable

CMS
CMS
CMS

Low
Low
Low

Integrity
Proprietary
Privacy

Not Applicable
Not Applicable
Not Applicable

CMS

Low

Privacy

Not Applicable

CMS

Low

Privacy

Not Applicable

CMS

Low

None

Not Applicable

CMS
FDA

Low
Low

None
Integrity

Not Applicable
Not Applicable

FDA

Low

None

Not Applicable

ITIO
CMS
CMS
CMS

Low
Medium
Medium
Medium

None
None
None
Privacy

Not Applicable
Not Applicable
Not Applicable
Not Applicable

CMS

Medium

Privacy

Not Applicable

CMS

Medium

Privacy

Not Applicable

CDC

None

None

Not Applicable

CDC
CMS
CMS
CMS
CMS

None
None
None
None
None

None
None
None
None
Privacy

Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable

CMS

None

None

Not Applicable

CMS
CMS

None
None

Privacy
Privacy

Not Applicable
Not Applicable

CMS

None

None

Not Applicable

CMS

None

Privacy

Not Applicable

CMS

None

Privacy

Not Applicable

CMS

None

None

Not Applicable

FDA

None

None

Not Applicable

FDA

None

None

Not Applicable

HRSA

None

None

Not Applicable

HRSA
NIH
NIH
NIH
CMS

None
None
None
None
Low

Integrity
None
None
None
Privacy

Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Recoverable

FDA

Low

None

Not Recoverable

OIG

Low

Privacy

Not Recoverable

CDC

None

None

Not Recoverable

CMS
CMS
CMS

None
None
None

Privacy
Privacy
Privacy

Not Recoverable
Not Recoverable
Not Recoverable

FDA

None

None

Not Recoverable

NIH

None

None

Not Recoverable

CMS
ACF
ACF
CMS
CMS

High
Low
Low
Low
Low

Privacy
Integrity
Privacy
Integrity
Privacy

Regular
Regular
Regular
Regular
Regular

CMS

Low

Privacy

Regular

CMS
CMS

Low
Low

None
Privacy

Regular
Regular

CMS

Low

None

Regular

CMS

Low

Privacy

Regular

CMS
FDA
FDA
FDA
ITIO
ITIO
ITIO
ITIO

Low
Low
Low
Low
Low
Low
Low
Low

Privacy
Integrity
Integrity
Integrity
Integrity
Privacy
None
None

Regular
Regular
Regular
Regular
Regular
Regular
Regular
Regular

NIH

Low

None

Regular

NIH

Low

None

Regular

NIH

Low

None

Regular

NIH

Low

Integrity

Regular

OIG

Low

Integrity

Regular

OS

Low

Privacy

Regular

PSC

Low

Integrity

Regular

SAMHSA

Low

Integrity

Regular

AHRQ

Medium

None

Regular

CMS

Medium

Privacy

Regular

CMS

Medium

Privacy

Regular

CMS
ITIO
ITIO
OS
AHRQ

Medium
Medium
Medium
Medium
None

Privacy
None
None
None
Privacy

Regular
Regular
Regular
Regular
Regular

CDC

None

Privacy

Regular

CDC

None

None

Regular

CDC

None

None

Regular

CDC

None

None

Regular

CMS

None

Privacy

Regular

CMS
CMS

None
None

Privacy
None

Regular
Regular

CMS

None

Privacy

Regular

CMS
CMS
CMS
CMS

None
None
None
None

Privacy
Integrity
None
None

Regular
Regular
Regular
Regular

CMS

None

None

Regular

CMS
CMS

None
None

Privacy
Privacy

Regular
Regular

CMS

None

None

Regular

FDA
FDA

None
None

Privacy
None

Regular
Regular

FDA

None

None

Regular

FDA

None

Privacy

Regular

IHS
IHS

None
None

Privacy
Privacy

Regular
Regular

IHS

None

Privacy

Regular

IHS

None

Privacy

Regular

ITIO

None

Privacy

Regular

ITIO
ITIO
ITIO
ITIO
NIH

None
None
None
None
None

Privacy
None
None
Privacy
None

Regular
Regular
Regular
Regular
Regular

NIH

None

Integrity

Regular

NIH
NIH

None
None

None
None

Regular
Regular

NIH

None

None

Regular

NIH

None

None

Regular

NIH
NIH

None
None

Privacy
None

Regular
Regular

NIH

None

Privacy

Regular

OS

None

Privacy

Regular

OS
PSC

None
None

Privacy
Privacy

Regular
Regular

PSC

None

Privacy

Regular

PSC

None

Privacy

Regular

SAMHSA

None

Privacy

Regular

SAMHSA

None

None

Regular

SAMHSA

None

Privacy

Regular

Threat Vector
Email
Other

Quantity
2
10

Loss or Theft of
Equipment

Improper Usage

Other

Loss or Theft of
Equipment

Improper Usage

Email

Loss or Theft of
Equipment

Other
Unknown

1
2

Loss or Theft of
Equipment

Improper Usage

Email
Other
Other

1
1
5

Loss or Theft of
Equipment

Improper Usage

Loss or Theft of
Equipment

Attrition
Other

1
1

Loss or Theft of
Equipment

Other
Unknown
Other
Other

1
1
1
1

Loss or Theft of
Equipment

Email

Loss or Theft of
Equipment

Other
Email
Unknown
Other
Unknown
Loss or Theft of
Equipment
Email
Other

2
1
5
3
12
1
16
33

Improper Usage

Loss or Theft of
Equipment

Improper Usage

Web

26

Loss or Theft of
Equipment

Web

Loss or Theft of
Equipment

Email
Email
Web
Other
Unknown

1
5
1
116
1

Loss or Theft of
Equipment

Email

Loss or Theft of
Equipment

Email
Unknown
Other

1
11
1

Other

Loss or Theft of
Equipment

Email
Unknown
Email
Unknown
Unknown

1
1
1
2
1

Loss or Theft of
Equipment

Web
Other

1
6

Loss or Theft of
Equipment

Improper Usage

Email
Email
Web
Unknown
Unknown
Email
Web
Unknown

2
2
1
2
1
3
9
4

Loss or Theft of
Equipment

Improper Usage

Email

Loss or Theft of
Equipment

Unknown

Improper Usage

Unknown

Unknown

Improper Usage

Other

Loss or Theft of
Equipment

Email
Web
Unknown
Web
Email

2
2
1
1
1

Improper Usage

Web

Loss or Theft of
Equipment

Email
Loss or Theft of
Equipment
Other
Email

13
1
141
1

Improper Usage

18

Email
Other
Web
Other

19
1
9
5

Loss or Theft of
Equipment
Web
Unknown

2
2
42

Improper Usage

Other
Unknown

1
2

Loss or Theft of
Equipment

Improper Usage

Unknown
Other

1
3

Improper Usage

Email

18

Improper Usage

Email
Web
Unknown
Other
Web

2
2
1
1
9

Improper Usage

Unknown
Other

2
5

Loss or Theft of
Equipment

17

Improper Usage

33

Other
Email

1
28

Improper Usage

Improper Usage

Email
Other

1
1

Improper Usage

Email

Email

Loss or Theft of
Equipment

Loss or Theft of
Equipment