Documente Academic
Documente Profesional
Documente Cultură
From 1 January 2013 until 30 June 2015, the Department of Health and Human Services categorized
incidents using Categories, as defined in the NIST Special Publication 800-61, rev.1. A list of the possib
categories can be found on the References tab of this spreadsheet.
Beginning 1 July 2015, HHS converted from the legacy Category system to the Impact Classification
system (defined in NIST SP800-61, rev.2 and expanded at https://www.us-cert.gov/incident-notification
guidelines). Impact Classifications consist of a four-factor matrix that provides a more descriptive pictu
of the impact of an incident on the Department.
Incidents that were created during the transition phase from Categories to Impact Classifications were
dual-coded. These incidents are reported herein using only the official reporting mechanism, to preven
duplicate or extraneous reporting.
The Quantity provided represents the number of documented incidents that match the defining tuple
preceding the value on that row. It should be assumed that if a possible tuple is not present, the value
that month is zero.
The earliest month available with complete data is January 2013, due to document retention policies.
Document retention for incident data is based on General Records Schedule 24, item 7
(http://www.archives.gov/records-mgmt/grs/grs24.html). This item states that computer security incide
handling records are to be "(d)estroyed/deleted 3 years after all necessary follow-up actions have bee
completed." See the Implementation Aid at the bottom of the website page for additional clarification
Full Name
ACF
AoA
Administration on Aging
CDC
CMS
CSIRC
FDA
IHS
ITIO
NIH
OIG
OS
PSC
TIC
Incident Categories
Categories
Functional Impact
High
Medium
Low
None
Information Impact
Category 99 - Non-Incident
Proprietary
Classified
Privacy
Integrity
None
Recoverability
Not Recoverable
Extended
Supplemented
Regular
Not Applicable
Threat Vector
Unknown
Attrition
Web
Email
External/Removable Media
Impersonation/ Spoofing
Improper Usage
Loss/Theft of Equipment
Other
Impact Classifications
Description
Organization has lost the ability to provide all critical services to all system users.
Organization has lost the ability to provide a critical service to a subset of system users.
Organization has experienced a loss of efficiency, but can still provide all critical services to all users with minimal eff
Organization has experienced no loss in ability to provide all services to all users.
Description
The confidentiality of classified information was compromised.
The confidentiality of unclassified proprietary information, such as Protected Critical Infrastructure Information (PCII)
The confidentiality of PII or PHI was compromised.
The necessary integrity of information was modified without authorization.
No information was exfiltrated, modified, deleted, or otherwise compromised.
Description
Recovery from the incident is not possible (e.g., data exfiltrated and posted publicly)
Time to recovery is unpredictable; additional resources and outside help needed
Time to recovery is predictable with additional resources
Time to recovery is predictable with existing resources
Incident does not require recovery
Description
Cause of attack is unidentified
Brute force methods to compromise or degrade systems/services
Attack executed from a website or web-based application
Attack executed via an email message or attachment
Attack executed from removable media or a peripheral device
Attack involving replacement of legitimate content/services with a malicious substitute
Incident involving a violation of acceptable use policies by a legitimate user
Loss or theft of the organization's computing device(s) or media
OPDIV
Category
Quantity
CDC
Category 06 - Investigation
CDC
CDC
31
CDC
13
CDC
58
CMS
Category 99 - Non-Incident
CMS
CMS
73
CMS
CMS
FDA
FDA
26
3
HRSA
HRSA
HRSA
IHS
IHS
15
IHS
ITIO
NIH
61
NIH
58
NIH
33
NIH
48
OIG
OS
OS
Category 99 - Non-Incident
OS
OS
OPDIV
Category
Quantity
CDC
Category 99 - Non-Incident
CDC
19
CDC
Category 01 - Unauthorized
Access
21
CDC
Category 06 - Investigation
CDC
CMS
Category 06 - Investigation
CMS
Category 04 - Inappropriate
Usage
22
CMS
Category 99 - Non-Incident
68
CMS
Category 01 - Unauthorized
Access
315
CMS
CMS
11
71
CSIRC
FDA
FDA
Category 99 - Non-Incident
FDA
Category 01 - Unauthorized
Access
14
FDA
HRSA
HRSA
Category 01 - Unauthorized
Access
IHS
IHS
IHS
Category 01 - Unauthorized
Access
Category 04 - Inappropriate
Usage
11
6
IHS
16
NIH
110
NIH
Category 99 - Non-Incident
NIH
NIH
NIH
OIG
OIG
Category 04 - Inappropriate
Usage
Category 01 - Unauthorized
Access
Category 05 - Scans, Probes
and Attempted Access
Category 04 - Inappropriate
Usage
Category 01 - Unauthorized
Access
2
37
46
62
2
4
OS
Category 06 - Investigation
OS
Category 04 - Inappropriate
Usage
OS
Category 99 - Non-Incident
OS
PSC
SAMHSA
1
1
1
OPDIV
Category
Quantity
CDC
32
CDC
Category 01 - Unauthorized
Access
39
CDC
Category 99 - Non-Incident
11
CDC
Category 03 - Malicious
Code
88
CMS
Category 01 - Unauthorized
Access
CMS
Category 06 - Investigation
CMS
Category 03 - Malicious
Code
CMS
Category 99 - Non-Incident
58
CMS
Category 04 - Inappropriate
Usage
10
FDA
Category 01 - Unauthorized
Access
FDA
262
FDA
FDA
Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
2
1
HRSA
Category 01 - Unauthorized
Access
IHS
Category 99 - Non-Incident
IHS
Category 01 - Unauthorized
Access
IHS
IHS
ITIO
Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
Category 03 - Malicious
Code
49
14
3
ITIO
Category 06 - Investigation
NIH
91
NIH
Category 03 - Malicious
Code
70
NIH
Category 99 - Non-Incident
NIH
Category 04 - Inappropriate
Usage
62
NIH
Category 01 - Unauthorized
Access
44
OIG
Category 04 - Inappropriate
Usage
OS
Category 99 - Non-Incident
OS
Category 04 - Inappropriate
Usage
OS
Category 01 - Unauthorized
Access
OS
Category 06 - Investigation
OS
PSC
Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
1
3
PSC
OPDIV
Category
ACF
CDC
Category 05 - Scans,
Probes and Attempted
Access
11
CDC
Category 03 - Malicious
Code
67
CDC
Category 99 - NonIncident
CDC
CDC
33
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
CMS
Category 03 - Malicious
Code
Category 06 Investigation
Quantity
7
8
CMS
10
CMS
Category 99 - NonIncident
60
CMS
275
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
Category 99 - NonIncident
FDA
FDA
HHS
Category 03 - Malicious
Code
Category 99 - NonIncident
12
3
1
HRSA
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
28
IHS
Category 99 - NonIncident
IHS
16
IHS
ITIO
NIH
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident
4
5
22
NIH
104
NIH
59
NIH
Category 05 - Scans,
Probes and Attempted
Access
76
NIH
OS
Category 03 - Malicious
Code
Category 06 Investigation
83
1
OS
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
OPDIV
Category
Quantity
CDC
Category 06 - Investigation
CDC
Category 04 - Inappropriate
Usage
CDC
Category 01 - Unauthorized
Access
54
CDC
Category 99 - Non-Incident
CDC
29
CDC
Category 03 - Malicious
Code
63
CMS
CMS
Category 06 - Investigation
CMS
Category 03 - Malicious
Code
CMS
Category 99 - Non-Incident
392
CMS
Category 04 - Inappropriate
Usage
11
CMS
Category 01 - Unauthorized
Access
306
FDA
Category 01 - Unauthorized
Access
19
FDA
Category 03 - Malicious
Code
11
FDA
Category 99 - Non-Incident
FDA
HRSA
Category 01 - Unauthorized
Access
IHS
Category 03 - Malicious
Code
IHS
Category 99 - Non-Incident
IHS
Category 04 - Inappropriate
Usage
IHS
Category 01 - Unauthorized
Access
18
IHS
ITIO
Category 01 - Unauthorized
Access
NIH
Category 99 - Non-Incident
29
NIH
Category 04 - Inappropriate
Usage
99
NIH
Category 01 - Unauthorized
Access
61
NIH
86
NIH
Category 03 - Malicious
Code
65
OIG
Category 01 - Unauthorized
Access
16
OIG
Category 04 - Inappropriate
Usage
OS
Category 06 - Investigation
OS
Category 01 - Unauthorized
Access
OS
PSC
Category 04 - Inappropriate
Usage
Category 04 - Inappropriate
Usage
1
4
PSC
Category 99 - Non-Incident
PSC
Category 01 - Unauthorized
Access
OPDIV
Category
CDC
Category 99 - NonIncident
CDC
CDC
20
CDC
Category 05 - Scans,
Probes and Attempted
Access
50
CDC
Category 03 - Malicious
Code
77
CMS
15
CMS
233
CMS
CMS
CMS
CSIRC
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 99 - NonIncident
Quantity
1
2
873
1
FDA
FDA
FDA
FDA
HHS
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
7
8
1
HRSA
HRSA
Category 06 Investigation
IHS
IHS
28
IHS
Category 03 - Malicious
Code
10
IHS
Category 05 - Scans,
Probes and Attempted
Access
ITIO
NIH
Category 99 - NonIncident
Category 02 - Denial of
Service
1
1
1
NIH
Category 05 - Scans,
Probes and Attempted
Access
61
NIH
Category 03 - Malicious
Code
53
NIH
50
NIH
Category 99 - NonIncident
29
NIH
75
OCR
OIG
Category 99 - NonIncident
OIG
OIG
OS
Category 99 - NonIncident
OS
OS
OS
Category 06 Investigation
PSC
Category 05 - Scans,
Probes and Attempted
Access
PSC
Category 99 - NonIncident
PSC
SAMHSA
OPDIV
Category
ACF
AHRQ
Category 06 Investigation
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 99 - NonIncident
CDC
CDC
CMS
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Quantity
32
21
34
1
CMS
CMS
280
CMS
Category 99 - NonIncident
227
CMS
Category 05 - Scans,
Probes and Attempted
Access
FDA
FDA
12
FDA
Category 05 - Scans,
Probes and Attempted
Access
10
FDA
FDA
Category 03 - Malicious
Code
Category 99 - NonIncident
23
5
IHS
IHS
18
IHS
IHS
IHS
ITIO
ITIO
NIH
NIH
Category 99 - NonIncident
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident
1
1
2
2
1
42
27
NIH
93
NIH
42
NIH
Category 05 - Scans,
Probes and Attempted
Access
88
OIG
Category 05 - Scans,
Probes and Attempted
Access
OIG
Category 06 Investigation
OIG
OS
Category 06 Investigation
OS
OS
Category 99 - NonIncident
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
PSC
PSC
OPDIV
Category
ACF
ACF
Category 00 - Network
Testing
ACF
Category 99 - NonIncident
ACF
CDC
12
CDC
Category 06 Investigation
CDC
CDC
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
CMS
Quantity
188
2
31
58
8
CMS
21
CMS
Category 99 - NonIncident
86
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
306
FDA
Category 05 - Scans,
Probes and Attempted
Access
28
FDA
FDA
10
2
FDA
37
FDA
FDA
Category 02 - Denial of
Service
HRSA
HRSA
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
8
2
IHS
17
IHS
ITIO
ITIO
ITIO
Category 05 - Scans,
Probes and Attempted
Access
NIH
90
NIH
24
NIH
Category 05 - Scans,
Probes and Attempted
Access
95
NIH
NIH
53
22
OIG
Category 05 - Scans,
Probes and Attempted
Access
OIG
OIG
OS
Category 99 - NonIncident
OS
Category 02 - Denial of
Service
OS
OS
Category 06 Investigation
PSC
PSC
OPDIV
Category
ACF
Category 99 - NonIncident
ACF
ACF
Category 06 Investigation
CDC
Category 02 - Denial of
Service
CDC
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
19
CDC
11
CDC
CDC
Category 06 Investigation
Category 03 - Malicious
Code
Quantity
2
72
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
Category 03 - Malicious
Code
CMS
323
CMS
Category 99 - NonIncident
56
CMS
14
FDA
Category 06 Investigation
FDA
19
FDA
FDA
FDA
Category 02 - Denial of
Service
Category 99 - NonIncident
1
1
FDA
Category 05 - Scans,
Probes and Attempted
Access
14
FDA
Category 03 - Malicious
Code
10
HRSA
HRSA
HRSA
HRSA
IHS
IHS
IHS
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 06 Investigation
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident
3
1
1
1
1
4
1
IHS
14
IHS
13
ITIO
ITIO
ITIO
Category 99 - NonIncident
Category 03 - Malicious
Code
NIH
NIH
Category 06 Investigation
NIH
NIH
NIH
Category 03 - Malicious
Code
Category 99 - NonIncident
2
2
33
1
83
30
21
NIH
Category 05 - Scans,
Probes and Attempted
Access
71
OS
OS
Category 99 - NonIncident
OS
OS
Category 06 Investigation
PSC
PSC
Category 06 Investigation
PSC
OPDIV
Category
CDC
CDC
12
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
CMS
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
CMS
Quantity
54
365
2
2
127
CMS
51
FDA
Category 99 - NonIncident
FDA
10
FDA
13
FDA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
Category 99 - NonIncident
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
16
1
6
IHS
IHS
Category 02 - Denial
of Service
IHS
ITIO
NIH
28
NIH
22
NIH
Category 99 - NonIncident
17
NIH
Category 05 - Scans,
Probes and Attempted
Access
58
NIH
20
OIG
OS
OS
PSC
SAMHSA
OPDIV
Category
ACF
CDC
Category 99 - NonIncident
CDC
Category 03 - Malicious
Code
55
CDC
Category 05 - Scans,
Probes and Attempted
Access
39
CDC
16
CMS
28
CMS
309
CMS
CMS
FDA
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident
Quantity
111
3
1
FDA
23
FDA
Category 03 - Malicious
Code
30
FDA
Category 05 - Scans,
Probes and Attempted
Access
12
HRSA
HRSA
HRSA
Category 99 - NonIncident
Category 03 - Malicious
Code
2
2
IHS
18
IHS
IHS
ITIO
ITIO
ITIO
NIH
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 01 Unauthorized Access
Category 03 - Malicious
Code
Category 03 - Malicious
Code
1
2
1
18
23
NIH
Category 05 - Scans,
Probes and Attempted
Access
90
NIH
22
NIH
22
NIH
Category 99 - NonIncident
21
OS
OS
OS
Category 99 - NonIncident
OS
PSC
Category 03 - Malicious
Code
Category 99 - NonIncident
1
1
PSC
TIC
Category 99 - NonIncident
OPDIV
Category
ACF
Category 99 - Non-Incident
ACF
Category 01 - Unauthorized
Access
ACF
Category 04 - Inappropriate
Usage
AHRQ
Category 04 - Inappropriate
Usage
AoA
Category 01 - Unauthorized
Access
AoA
Category 04 - Inappropriate
Usage
CDC
CDC
CDC
Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
Quantity
34
29
2
CDC
Category 01 - Unauthorized
Access
CMS
Category 03 - Malicious
Code
CMS
Category 99 - Non-Incident
95
CMS
Category 04 - Inappropriate
Usage
24
20
2
CMS
Category 01 - Unauthorized
Access
CMS
FDA
Category 99 - Non-Incident
FDA
Category 04 - Inappropriate
Usage
FDA
Category 01 - Unauthorized
Access
14
FDA
FDA
Category 03 - Malicious
Code
HRSA
Category 01 - Unauthorized
Access
HRSA
Category 03 - Malicious
Code
IHS
IHS
Category 03 - Malicious
Code
IHS
Category 99 - Non-Incident
IHS
Category 04 - Inappropriate
Usage
13
IHS
Category 01 - Unauthorized
Access
ITIO
Category 99 - Non-Incident
ITIO
ITIO
ITIO
NIH
NIH
Category 03 - Malicious
Code
Category 04 - Inappropriate
Usage
Category 00 - Network
Testing
Category 03 - Malicious
Code
Category 99 - Non-Incident
249
11
13
4
1
32
26
NIH
NIH
NIH
Category 01 - Unauthorized
Access
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
34
34
1
NIH
64
OIG
Category 01 - Unauthorized
Access
OS
OS
Category 02 - Denial of
Service
OS
Category 99 - Non-Incident
OS
Category 04 - Inappropriate
Usage
PSC
Category 99 - Non-Incident
PSC
SAMHSA
Category 04 - Inappropriate
Usage
Category 04 - Inappropriate
Usage
2
1
OPDIV
Category
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 03 - Malicious
Code
CDC
Category 99 - Non-Incident
CDC
Category 04 - Inappropriate
Usage
CDC
Category 01 - Unauthorized
Access
16
CMS
Category 99 - Non-Incident
75
CMS
CMS
CMS
CMS
CMS
FDA
FDA
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 01 - Unauthorized
Access
Category 05 - Scans,
Probes and Attempted
Access
Category 04 - Inappropriate
Usage
Quantity
29
16
1
1
4
316
15
2
FDA
Category 01 - Unauthorized
Access
13
FDA
Category 99 - Non-Incident
FDA
Category 03 - Malicious
Code
HRSA
Category 99 - Non-Incident
HRSA
Category 01 - Unauthorized
Access
HRSA
Category 04 - Inappropriate
Usage
IHS
Category 01 - Unauthorized
Access
IHS
IHS
IHS
IHS
ITIO
ITIO
ITIO
ITIO
NIH
NIH
NIH
NIH
NIH
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - Non-Incident
Category 04 - Inappropriate
Usage
Category 03 - Malicious
Code
Category 99 - Non-Incident
Category 04 - Inappropriate
Usage
Category 05 - Scans,
Probes and Attempted
Access
Category 99 - Non-Incident
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
Category 05 - Scans,
Probes and Attempted
Access
Category 01 - Unauthorized
Access
16
3
4
3
9
29
1
1
2
40
41
1
98
28
NIH
Category 03 - Malicious
Code
OIG
Category 01 - Unauthorized
Access
OIG
Category 99 - Non-Incident
OS
Category 04 - Inappropriate
Usage
OS
Category 01 - Unauthorized
Access
OS
Category 99 - Non-Incident
OS
Category 03 - Malicious
Code
PSC
Category 99 - Non-Incident
PSC
Category 03 - Malicious
Code
45
OPDIV
Category
Quantity
ACF
Category 01 - Unauthorized
Access
AHRQ
Category 99 - Non-Incident
CDC
10
CDC
Category 01 - Unauthorized
Access
15
CDC
Category 03 - Malicious
Code
27
CDC
Category 99 - Non-Incident
CMS
Category 04 - Inappropriate
Usage
28
CMS
Category 01 - Unauthorized
Access
304
CMS
Category 99 - Non-Incident
350
CMS
CMS
Category 03 - Malicious
Code
CSIRC
Category 99 - Non-Incident
FDA
Category 04 - Inappropriate
Usage
14
FDA
Category 01 - Unauthorized
Access
19
FDA
FDA
Category 03 - Malicious
Code
FDA
Category 99 - Non-Incident
HHS
Category 99 - Non-Incident
HRSA
Category 99 - Non-Incident
HRSA
Category 03 - Malicious
Code
IHS
Category 99 - Non-Incident
IHS
Category 01 - Unauthorized
Access
IHS
ITIO
Category 04 - Inappropriate
Usage
Category 03 - Malicious
Code
11
27
ITIO
Category 01 - Unauthorized
Access
ITIO
Category 00 - Network
Testing
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
44
NIH
63
NIH
Category 03 - Malicious
Code
44
NIH
Category 99 - Non-Incident
28
NIH
Category 01 - Unauthorized
Access
33
ITIO
NIH
NIH
OS
Category 03 - Malicious
Code
OS
Category 01 - Unauthorized
Access
OS
OS
Category 04 - Inappropriate
Usage
Category 02 - Denial of
Service
2
1
OS
Category 99 - Non-Incident
PSC
Category 01 - Unauthorized
Access
SAMHSA
Category 01 - Unauthorized
Access
OPDIV
Category
AHRQ
Category 01 - Unauthorized
Access
AHRQ
Category 03 - Malicious
Code
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 01 - Unauthorized
Access
60
CDC
Category 03 - Malicious
Code
38
CDC
Category 99 - Non-Incident
CMS
Category 04 - Inappropriate
Usage
14
CMS
Category 01 - Unauthorized
Access
357
CMS
Category 99 - Non-Incident
140
CMS
CMS
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Quantity
10
3
CSIRC
Category 99 - Non-Incident
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
Category 03 - Malicious
Code
11
FDA
Category 01 - Unauthorized
Access
19
FDA
Category 99 - Non-Incident
FDA
Category 04 - Inappropriate
Usage
FDA
Category 02 - Denial of
Service
HRSA
Category 99 - Non-Incident
IHS
IHS
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
4
4
IHS
Category 01 - Unauthorized
Access
15
IHS
Category 99 - Non-Incident
IHS
Category 04 - Inappropriate
Usage
25
ITIO
Category 03 - Malicious
Code
14
ITIO
Category 01 - Unauthorized
Access
ITIO
Category 04 - Inappropriate
Usage
ITIO
Category 99 - Non-Incident
NIH
Category 05 - Scans,
Probes and Attempted
Access
73
NIH
Category 01 - Unauthorized
Access
30
NIH
Category 03 - Malicious
Code
25
NIH
Category 99 - Non-Incident
31
NIH
Category 02 - Denial of
Service
NIH
Category 04 - Inappropriate
Usage
OS
Category 03 - Malicious
Code
OS
Category 01 - Unauthorized
Access
OS
Category 99 - Non-Incident
PSC
Category 04 - Inappropriate
Usage
PSC
Category 99 - Non-Incident
PSC
Category 01 - Unauthorized
Access
1
72
OPDIV
Category
Quantity
AHRQ
Category 03 - Malicious
Code
CDC
Category 99 - NonIncident
CDC
Category 03 - Malicious
Code
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
52
CMS
11
CMS
Category 02 - Denial of
Service
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
Category 03 - Malicious
Code
CMS
373
CMS
Category 99 - NonIncident
104
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
19
FDA
HRSA
HRSA
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident
4
4
1
HRSA
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
21
IHS
IHS
IHS
ITIO
ITIO
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
Category 99 - NonIncident
Category 03 - Malicious
Code
2
1
18
3
25
ITIO
ITIO
NIH
Category 05 - Scans,
Probes and Attempted
Access
78
NIH
NIH
Category 03 - Malicious
Code
Category 99 - NonIncident
24
18
NIH
58
NIH
28
OIG
OIG
OS
Category 99 - NonIncident
OS
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
Category 03 - Malicious
Code
PSC
PSC
Category 99 - NonIncident
PSC
TIC
TIC
Category 03 - Malicious
Code
Category 99 - NonIncident
1
4
OPDIV
Category
ACF
AHRQ
CDC
37
CDC
Category 99 - NonIncident
CDC
CDC
Category 05 - Scans,
Probes and Attempted
Access
CMS
Category 05 - Scans,
Probes and Attempted
Access
14
CMS
13
CMS
334
CMS
CMS
Category 99 - NonIncident
Category 03 Malicious Code
Quantity
109
10
CMS
FDA
FDA
Category 00 - Network
Testing
Category 99 - NonIncident
Category 03 Malicious Code
2
3
2
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
10
HRSA
HRSA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
IHS
19
IHS
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
1
3
ITIO
ITIO
ITIO
ITIO
Category 99 - NonIncident
Category 03 Malicious Code
1
7
NIH
63
NIH
28
NIH
Category 05 - Scans,
Probes and Attempted
Access
91
NIH
NIH
OS
35
24
2
OS
OS
PSC
Category 99 - NonIncident
PSC
SAMHSA
Category 99 - NonIncident
TIC
TIC
Category 99 - NonIncident
OPDIV
Category
AHRQ
AoA
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
16
CDC
CDC
CMS
CMS
CMS
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Quantity
5
5
16
9
120
CMS
10
CMS
288
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
17
FDA
FDA
Category 99 - NonIncident
Category 03 - Malicious
Code
1
3
HRSA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
HRSA
HRSA
Category 99 - NonIncident
Category 03 - Malicious
Code
2
2
IHS
23
IHS
12
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
Category 03 - Malicious
Code
Category 99 - NonIncident
4
5
ITIO
Category 05 - Scans,
Probes and Attempted
Access
ITIO
ITIO
ITIO
Category 99 - NonIncident
Category 03 - Malicious
Code
2
18
NIH
64
NIH
23
NIH
Category 05 - Scans,
Probes and Attempted
Access
80
NIH
NIH
Category 03 - Malicious
Code
Category 99 - NonIncident
27
36
OS
OS
OS
OS
PSC
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident
3
1
1
PSC
PSC
TIC
Category 99 - NonIncident
OPDIV
Category
ACF
Category 99 - NonIncident
ACF
ACF
AHRQ
Category 99 - NonIncident
AHRQ
CDC
Category 05 - Scans,
Probes and Attempted
Access
15
CDC
CDC
Category 03 - Malicious
Code
Category 99 - NonIncident
Quantity
11
10
CDC
CDC
21
CMS
276
CMS
Category 99 - NonIncident
106
CMS
CMS
Category 02 - Denial of
Service
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
Category 03 - Malicious
Code
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
FDA
Category 03 - Malicious
Code
Category 99 - NonIncident
26
12
2
1
2
FDA
FDA
18
HRSA
Category 03 - Malicious
Code
HRSA
IHS
Category 03 - Malicious
Code
IHS
IHS
Category 99 - NonIncident
IHS
ITIO
Category 99 - NonIncident
ITIO
ITIO
ITIO
Category 05 - Scans,
Probes and Attempted
Access
ITIO
Category 03 - Malicious
Code
NIH
Category 05 - Scans,
Probes and Attempted
Access
NIH
Category 03 - Malicious
Code
37
NIH
37
NIH
Category 99 - NonIncident
18
NIH
66
NIH
Category 02 - Denial of
Service
OIG
OIG
Category 05 - Scans,
Probes and Attempted
Access
OS
Category 03 - Malicious
Code
OS
OS
PSC
Category 99 - NonIncident
Category 99 - NonIncident
1
15
102
3
3
PSC
PSC
SAMHSA
SAMHSA
TIC
Category 99 - NonIncident
OPDIV
Category
CDC
CDC
20
CDC
Category 05 - Scans,
Probes and Attempted
Access
14
CDC
Category 03 - Malicious
Code
CDC
Category 99 - NonIncident
CMS
Category 99 - NonIncident
101
CMS
29
CMS
264
CMS
Category 05 - Scans,
Probes and Attempted
Access
14
CMS
FDA
FDA
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 04 Inappropriate Usage
Quantity
33
2
2
FDA
21
FDA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
HRSA
HRSA
Category 99 - NonIncident
Category 03 - Malicious
Code
7
8
IHS
26
IHS
13
IHS
IHS
ITIO
ITIO
ITIO
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 01 Unauthorized Access
Category 99 - NonIncident
Category 03 - Malicious
Code
ITIO
NIH
Category 05 - Scans,
Probes and Attempted
Access
NIH
NIH
Category 03 - Malicious
Code
Category 99 - NonIncident
3
3
1
3
40
2
100
32
32
NIH
56
NIH
28
OIG
Category 99 - NonIncident
OIG
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
OS
Category 03 - Malicious
Code
Category 99 - NonIncident
3
9
OS
OS
TIC
Category 99 - NonIncident
OPDIV
Category
CDC
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
19
CDC
Category 03 - Malicious
Code
12
CDC
Category 06 Investigation
CDC
CDC
12
CMS
Category 99 - NonIncident
79
CMS
Category 05 - Scans,
Probes and Attempted
Access
37
CMS
CMS
CMS
CMS
Category 03 - Malicious
Code
Category 00 - Network
Testing
Category 06 Investigation
Category 04 Inappropriate Usage
Quantity
6
27
1
1
32
CMS
CSIRC
Category 06 Investigation
FDA
FDA
26
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
FDA
HRSA
HRSA
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 99 - NonIncident
Category 03 - Malicious
Code
282
3
1
7
17
HRSA
Category 05 - Scans,
Probes and Attempted
Access
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
Category 03 - Malicious
Code
Category 06 Investigation
3
1
IHS
41
IHS
40
IHS
ITIO
ITIO
Category 99 - NonIncident
Category 99 - NonIncident
Category 03 - Malicious
Code
2
3
33
ITIO
NIH
Category 05 - Scans,
Probes and Attempted
Access
NIH
NIH
Category 99 - NonIncident
Category 03 - Malicious
Code
108
35
32
NIH
59
NIH
20
OIG
OIG
OS
OS
OS
OS
PSC
PSC
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident
3
2
2
1
OPDIV
Category
AHRQ
Category 01 - Unauthorized
Access
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 03 - Malicious
Code
CDC
Category 99 - Non-Incident
CDC
Category 04 - Inappropriate
Usage
CDC
Category 01 - Unauthorized
Access
18
CMS
Category 06 - Investigation
10
CMS
Category 04 - Inappropriate
Usage
25
CMS
Category 01 - Unauthorized
Access
237
CMS
Category 99 - Non-Incident
76
CMS
CMS
CMS
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 Non-Incident
Quantity
13
19
22
2
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
Category 01 - Unauthorized
Access
17
FDA
Category 99 - Non-Incident
FDA
Category 03 - Malicious
Code
HRSA
Category 99 - Non-Incident
HRSA
HRSA
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
4
3
HRSA
Category 01 - Unauthorized
Access
IHS
Category 06 - Investigation
IHS
Category 03 - Malicious
Code
IHS
Category 99 - Non-Incident
IHS
Category 04 - Inappropriate
Usage
24
IHS
Category 01 - Unauthorized
Access
27
ITIO
Category 03 - Malicious
Code
19
ITIO
Category 04 - Inappropriate
Usage
ITIO
Category 06 - Investigation
NIH
Category 99 - Non-Incident
20
NIH
Category 04 - Inappropriate
Usage
72
NIH
Category 01 - Unauthorized
Access
18
NIH
NIH
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
84
22
OIG
Category 04 - Inappropriate
Usage
OIG
Category 01 - Unauthorized
Access
OS
Category 04 - Inappropriate
Usage
OS
Category 99 - Non-Incident
OS
Category 03 - Malicious
Code
PSC
Category 04 - Inappropriate
Usage
OPDIV
Category
AHRQ
CDC
Category 06 Investigation
CDC
CDC
16
CDC
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 03 - Malicious
Code
CMS
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
CMS
CMS
Category 99 NonIncident
Category 03 - Malicious
Code
Category 06 Investigation
Quantity
16
5
253
5
1
16
3
CMS
16
CMS
Category 99 - NonIncident
105
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
FDA
FDA
Category 02 - Denial of
Service
Category 99 - NonIncident
Category 03 - Malicious
Code
4
1
3
2
FDA
17
HRSA
HRSA
Category 03 - Malicious
Code
12
IHS
30
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
IHS
ITIO
ITIO
NIH
NIH
Category 03 - Malicious
Code
Category 06 Investigation
Category 04 Inappropriate Usage
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 06 Investigation
Category 04 Inappropriate Usage
1
8
38
35
1
1
57
NIH
23
NIH
Category 99 - NonIncident
14
NIH
Category 05 - Scans,
Probes and Attempted
Access
86
NIH
OS
OS
OS
OS
Category 03 - Malicious
Code
Category 99 NonIncident
Category 06 Investigation
Category 03 - Malicious
Code
Category 99 - NonIncident
17
1
2
2
2
OS
OS
PSC
PSC
Category 06 Investigation
PSC
OPDIV
Category
AHRQ
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 99 - NonIncident
CDC
Category 03 - Malicious
Code
CDC
CDC
CMS
Category 99 - NonIncident
78
CMS
Category 05 - Scans,
Probes and Attempted
Access
22
CMS
CMS
CMS
CMS
Category 03 - Malicious
Code
Category 00 - Network
Testing
Category 99 NonIncident
Category 06 Investigation
Quantity
12
24
1
5
1
CMS
25
CMS
250
CSIRC
FDA
FDA
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 06 Investigation
1
3
2
FDA
FDA
16
FDA
Category 99 - NonIncident
FDA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
HRSA
Category 03 - Malicious
Code
IHS
Category 05 - Scans,
Probes and Attempted
Access
IHS
IHS
Category 03 - Malicious
Code
Category 06 Investigation
3
4
IHS
23
IHS
19
ITIO
ITIO
NIH
NIH
NIH
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
3
26
58
23
23
NIH
60
NIH
22
OIG
Category 99 - NonIncident
OS
OS
OS
OS
PSC
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident
1
2
1
PSC
PSC
SAMHSA
SAMHSA
Category 99 - NonIncident
Category 05 Scans/Probes/Attempted
Access
1
1
OPDIV
Category
ACF
ACF
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 99 - NonIncident
CDC
CDC
CMS
Category 03 - Malicious
Code
Category 05 Scans/Probes/Attempted
Access
Quantity
25
12
2
CMS
34
CMS
282
CMS
Category 99 - NonIncident
67
CMS
Category 05 - Scans,
Probes and Attempted
Access
31
CMS
Category 03 - Malicious
Code
10
FDA
Category 99 - NonIncident
FDA
FDA
19
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
Category 03 - Malicious
Code
HRSA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
HRSA
HRSA
IHS
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 NonIncident
4
2
1
IHS
15
IHS
25
IHS
IHS
ITIO
ITIO
ITIO
ITIO
NIH
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 02 - Denial of
Service
Category 03 - Malicious
Code
Category 01 Unauthorized Access
Category 99 - NonIncident
Category 99 - NonIncident
1
3
1
11
1
1
18
NIH
61
NIH
27
NIH
Category 05 - Scans,
Probes and Attempted
Access
87
NIH
OIG
OS
OS
OS
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 01 Unauthorized Access
Category 99 - NonIncident
Category 03 - Malicious
Code
31
2
2
2
2
OS
PSC
Category 99 - NonIncident
PSC
OPDIV
Category
ACF
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 99 - NonIncident
CDC
Category 03 - Malicious
Code
CDC
CDC
14
CMS
CMS
Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Quantity
3
1
CMS
86
CMS
231
CMS
CMS
Unknown
Category 99 - NonIncident
1
35
CMS
CMS
CSIRC
FDA
FDA
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 - NonIncident
29
10
1
2
3
FDA
FDA
19
FDA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
HRSA
Category 03 - Malicious
Code
Category 99 - NonIncident
1
1
HRSA
IHS
IHS
IHS
IHS
ITIO
ITIO
ITIO
ITIO
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 02 - Denial of
Service
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 NonIncident
1
7
1
3
1
1
ITIO
NIH
Category 99 - NonIncident
16
NIH
50
NIH
34
NIH
Category 05 - Scans,
Probes and Attempted
Access
80
NIH
OIG
Category 03 - Malicious
Code
Category 02 - Denial of
Service
24
1
OIG
Category 05 - Scans,
Probes and Attempted
Access
OS
Category 99 - NonIncident
OS
OS
PSC
OPDIV
Category
Quantity
ACF
ACF
Category 99 - NonIncident
ACF
Category 01 Unauthorized
Access
AHRQ
Category 01 Unauthorized
Access
CDC
29
CDC
Category 99 - NonIncident
13
CDC
CDC
Category 01 Unauthorized
Access
32
CDC
11
CMS
19
CMS
12
CMS
Category 99 NonIncident
CMS
Category 05 Scans/Probes/Attem
pted Access
CMS
89
CMS
CMS
CMS
FDA
Unknown
Category 01 Unauthorized
Access
Category 99 - NonIncident
Category 99 - NonIncident
112
118
44
3
FDA
FDA
Category 01 Unauthorized
Access
FDA
Category 05 Scans/Probes/Attem
pted Access
FDA
HRSA
HRSA
Category 01 Unauthorized
Access
HRSA
IHS
17
IHS
IHS
Category 99 - NonIncident
IHS
52
IHS
Category 01 Unauthorized
Access
60
ITIO
ITIO
ITIO
Category 01 Unauthorized
Access
Category 99 - NonIncident
5
1
2
ITIO
ITIO
ITIO
Category 99 NonIncident
ITIO
Category 05 Scans/Probes/Attem
pted Access
NIH
Category 05 Scans/Probes/Attem
pted Access
NIH
68
NIH
NIH
Category 01 Unauthorized
Access
Category 99 - NonIncident
30
21
NIH
NIH
OIG
Category 99 - NonIncident
OIG
OIG
OIG
Category 01 Unauthorized
Access
OS
OS
OS
Category 99 - NonIncident
OS
OS
Category 01 Unauthorized
Access
PSC
PSC
PSC
SAMHSA
Category 99 - NonIncident
Category 01 Unauthorized
Access
Category 03 Malicious Code
105
15
6
2
2
SAMHSA
Category 01 Unauthorized
Access
OPDIV
Category
ACF
ACF
AHRQ
Category 99 - NonIncident
AHRQ
AHRQ
CDC
Category 99 - NonIncident
CDC
Category 03 - Malicious
Code
11
CDC
Category 05 - Scans,
Probes and Attempted
Access
12
CDC
38
CMS
CMS
Unknown
Category 99 - NonIncident
Quantity
178
16
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
Category 03 - Malicious
Code
CMS
CMS
CMS
CMS
CMS
CSIRC
FDA
FDA
FDA
72
4
11
68
1
1
5
1
1
FDA
Category 05 - Scans,
Probes and Attempted
Access
FDA
23
HRSA
HRSA
HRSA
IHS
Category 99 NonIncident
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 05 Scans/Probes/Attempted
Access
1
4
2
1
IHS
23
IHS
14
IHS
Category 99 - NonIncident
IHS
IHS
ITIO
ITIO
ITIO
NIH
NIH
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 NonIncident
Category 03 - Malicious
Code
Category 04 Inappropriate Usage
Category 02 - Denial of
Service
Category 99 - NonIncident
1
3
1
10
3
2
26
NIH
Category 05 - Scans,
Probes and Attempted
Access
79
NIH
Category 03 - Malicious
Code
19
NIH
27
NIH
NIH
Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
1
5
NIH
59
OIG
OS
OS
Category 99 - NonIncident
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
Category 03 - Malicious
Code
OS
OS
PSC
Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code
3
2
1
PSC
SAMHSA
TIC
Category 99 - NonIncident
OPDIV
Category
ACF
ACF
Category 03 - Malicious
Code
ACF
AHRQ
Category 99 - NonIncident
CDC
Category 05 - Scans,
Probes and Attempted
Access
CDC
Category 99 - NonIncident
CDC
CDC
CMS
CMS
Category 03 - Malicious
Code
Category 03 - Malicious
Code
Category 99 NonIncident
CMS
CMS
Category 05 Scans/Probes/Attempted
Access
CMS
Quantity
21
7
17
4
7
4
56
7
75
CMS
CMS
CMS
Unknown
Category 02 - Denial of
Service
Category 99 - NonIncident
194
1
11
CMS
Category 05 - Scans,
Probes and Attempted
Access
FDA
15
FDA
FDA
FDA
FDA
FDA
HRSA
HRSA
HRSA
Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 99 NonIncident
1
4
5
1
2
1
1
1
HRSA
HRSA
IHS
IHS
IHS
IHS
Category 05 Scans/Probes/Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
2
2
1
36
IHS
ITIO
Category 99 NonIncident
ITIO
ITIO
ITIO
Category 05 - Scans,
Probes and Attempted
Access
ITIO
NIH
Category 03 - Malicious
Code
Category 05 Scans/Probes/Attempted
Access
6
2
NIH
58
NIH
22
NIH
Category 99 - NonIncident
19
NIH
Category 05 - Scans,
Probes and Attempted
Access
NIH
Category 03 - Malicious
Code
OIG
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
Category 99 - NonIncident
OS
OS
Category 99 NonIncident
101
26
PSC
PSC
SAMHSA
Category 05 - Scans,
Probes and Attempted
Access
OPDIV
Category
Quantity
ACF
Category 05 - Scans,
Probes and Attempted
Access
AHRQ
Category 05 Scans/Probes/Attempted
Access
AHRQ
Category 05 - Scans,
Probes and Attempted
Access
AoA
Category 05 - Scans,
Probes and Attempted
Access
AoA
CDC
CDC
19
CDC
Category 05 - Scans,
Probes and Attempted
Access
16
CDC
Category 03 - Malicious
Code
14
CDC
Category 99 - NonIncident
CMS
Category 05 - Scans,
Probes and Attempted
Access
CMS
81
CMS
CMS
CMS
CMS
CMS
CSIRC
FDA
FDA
FDA
Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
Category 04 Inappropriate Usage
Unknown
Category 99 - NonIncident
Category 99 - NonIncident
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 05 Scans/Probes/Attempted
Access
8
8
75
209
16
1
2
4
3
FDA
FDA
18
FDA
Category 99 - NonIncident
HRSA
Category 05 - Scans,
Probes and Attempted
Access
HRSA
HRSA
HRSA
IHS
IHS
IHS
IHS
ITIO
ITIO
Category 99 - NonIncident
Category 03 - Malicious
Code
Category 05 - Scans,
Probes and Attempted
Access
Category 03 - Malicious
Code
Category 99 - NonIncident
Category 04 Inappropriate Usage
Category 00 - Network
Testing
Category 99 - NonIncident
1
2
1
2
1
27
1
4
ITIO
ITIO
ITIO
Category 99 NonIncident
ITIO
Category 05 - Scans,
Probes and Attempted
Access
ITIO
Category 03 - Malicious
Code
NIH
49
NIH
38
NIH
Category 99 - NonIncident
16
NIH
Category 05 - Scans,
Probes and Attempted
Access
NIH
Category 03 - Malicious
Code
176
23
NIH
NIH
Category 99 NonIncident
Category 05 Scans/Probes/Attempted
Access
3
2
OIG
OS
Category 05 - Scans,
Probes and Attempted
Access
OS
OS
Category 03 - Malicious
Code
Category 99 - NonIncident
1
1
OS
OS
PSC
Category 05 - Scans,
Probes and Attempted
Access
PSC
SAMHSA
Category 99 - NonIncident
SAMHSA
Category 05 - Scans,
Probes and Attempted
Access
OPDIV
ACF
Functional Impact
None
Information Impact
Integrity
Recoverability Effort
Regular
ACF
None
None
Regular
ACF
None
None
Regular
ACF
None
None
Not Applicable
ACF
None
Privacy
Regular
ACF
None
Integrity
Regular
AHRQ
None
None
Regular
AHRQ
None
None
Not Applicable
AHRQ
None
None
Not Applicable
CDC
None
Privacy
Regular
CDC
None
Privacy
Regular
CDC
CDC
None
None
None
None
Regular
Regular
CDC
None
None
Regular
CDC
None
None
Regular
CDC
None
None
Not Recoverable
CDC
CDC
CDC
CDC
None
None
None
None
None
None
None
None
Not Applicable
Not Recoverable
Not Applicable
Not Applicable
CDC
None
None
Not Applicable
CMS
None
None
Not Applicable
CMS
None
None
Regular
CMS
CMS
CMS
CMS
Low
Low
None
None
Privacy
Integrity
None
Privacy
Extended
Regular
Regular
Regular
CMS
None
None
Not Applicable
CMS
None
None
Not Applicable
CMS
None
Privacy
Regular
CMS
CMS
None
None
None
None
Not Applicable
Not Applicable
CMS
None
Privacy
Not Recoverable
CMS
None
Privacy
Regular
CMS
None
Proprietary
Regular
CMS
CMS
None
None
None
None
Not Applicable
Not Applicable
CMS
Medium
Privacy
Not Applicable
CMS
CMS
CMS
None
None
None
Privacy
Privacy
Privacy
Not Applicable
Regular
Regular
CMS
None
None
Extended
CMS
CMS
CMS
CMS
CMS
CMS
Medium
None
None
None
None
Medium
Privacy
Privacy
Privacy
Privacy
Integrity
None
Not Applicable
Not Recoverable
Regular
Not Applicable
Regular
Regular
CMS
None
Privacy
Not Applicable
CMS
Medium
Proprietary
Not Applicable
CMS
Low
Privacy
Supplemented
CMS
CMS
None
Low
Privacy
Privacy
Not Applicable
Not Recoverable
CMS
Low
Privacy
Extended
CMS
Low
Integrity
Regular
CMS
CMS
CMS
Low
None
Medium
Privacy
Privacy
Privacy
Regular
Extended
Regular
CMS
Low
Integrity
Extended
CMS
None
Privacy
Extended
CMS
CMS
CMS
CMS
CMS
Medium
Low
Low
None
Medium
Privacy
Privacy
None
Privacy
Privacy
Regular
Not Applicable
Regular
Extended
Not Applicable
CMS
Low
Privacy
Not Applicable
CMS
Low
None
Regular
CMS
High
None
Not Applicable
CMS
None
None
Regular
CMS
Low
Privacy
Not Applicable
CMS
Low
None
Not Applicable
CMS
CMS
CSIRC
FDA
FDA
FDA
FDA
FDA
High
None
None
None
None
None
None
None
Integrity
None
None
None
None
Integrity
Integrity
None
Regular
Regular
Regular
Regular
Regular
Regular
Regular
Regular
FDA
None
None
Not Recoverable
FDA
None
None
Not Applicable
FDA
None
None
Not Applicable
FDA
None
None
Regular
FDA
None
None
Not Applicable
FDA
None
None
Regular
FDA
None
None
Regular
FDA
None
None
Extended
HRSA
HRSA
HRSA
IHS
None
None
None
None
None
None
Integrity
None
Not Applicable
Not Applicable
Regular
Regular
IHS
None
Privacy
Regular
IHS
None
Privacy
Regular
IHS
None
Privacy
Not Recoverable
ITIO
ITIO
None
None
None
None
Regular
Regular
ITIO
None
None
Regular
ITIO
ITIO
ITIO
ITIO
ITIO
ITIO
NIH
NIH
NIH
NIH
None
None
None
Low
None
None
None
None
Low
None
None
None
Integrity
None
Integrity
Integrity
Integrity
Integrity
None
None
Regular
Not Applicable
Regular
Regular
Regular
Regular
Regular
Regular
Regular
Regular
NIH
None
None
Regular
NIH
None
None
Regular
NIH
None
None
Regular
NIH
NIH
NIH
NIH
NIH
None
None
None
None
None
None
Privacy
Privacy
None
None
Regular
Regular
Not Applicable
Not Applicable
Regular
NIH
NIH
NIH
NIH
OIG
None
None
None
None
None
None
None
None
None
Privacy
Not Applicable
Regular
Not Applicable
Not Applicable
Regular
OIG
None
Privacy
Regular
OIG
None
None
Regular
OS
None
Privacy
Regular
OS
OS
OS
None
None
None
Privacy
Privacy
None
Regular
Regular
Regular
PSC
None
Privacy
Regular
PSC
PSC
PSC
None
None
None
Privacy
None
None
Regular
Regular
Not Applicable
PSC
Low
Privacy
Regular
PSC
None
Privacy
Regular
Threat Vector
Email
Quantity
1
Unknown
Unknown
Loss or Theft of
Equipment
Unknown
Loss or Theft of
Equipment
Unknown
Other
Improper Usage
Web
Unknown
7
2
Loss or Theft of
Equipment
19
Loss or Theft of
Equipment
Email
Email
Unknown
Other
7
3
1
1
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Other
Web
Unknown
Other
Improper Usage
Web
3
1
2
116
2
15
Loss or Theft of
Equipment
Email
Unknown
1
4
Loss or Theft of
Equipment
Improper Usage
46
Improper Usage
Attrition
Other
Loss or Theft of
Equipment
Unknown
Email
Web
Loss or Theft of
Equipment
Email
Other
Unknown
Other
Web
Unknown
1
16
2
1
23
1
3
20
2
7
33
2
1
Improper Usage
Loss or Theft of
Equipment
Impersonation/Sp
oofing
Email
Unknown
1
4
1
Improper Usage
Impersonation/Sp
oofing
Email
Other
Other
1
1
1
9
2
Loss or Theft of
Equipment
Improper Usage
Email
Unknown
Web
Email
Other
3
2
1
1
6
Improper Usage
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Email
Web
Web
Email
Other
Other
Web
Attrition
1
5
1
1
1
1
2
2
Loss or Theft of
Equipment
Other
Loss or Theft of
Equipment
Loss or Theft of
Equipment
11
Improper Usage
Unknown
Loss or Theft of
Equipment
Web
Unknown
Web
Unknown
1
1
2
1
Improper Usage
18
Improper Usage
Web
Unknown
1
1
Loss or Theft of
Equipment
Email
Email
Web
Unknown
Unknown
Email
Email
Web
Email
Other
3
1
4
1
4
2
6
1
2
8
Loss or Theft of
Equipment
18
Improper Usage
45
Impersonation/Sp
oofing
Email
Unknown
Other
Unknown
Web
2
157
1
1
1
12
Other
Unknown
Email
Attrition
Other
11
18
1
1
1
Improper Usage
Improper Usage
Email
Unknown
Web
1
1
1
Improper Usage
Email
Unknown
Other
1
2
1
Improper Usage
Other
OPDIV
CDC
CMS
CMS
Functional Impact
None
None
Low
Information Impact
Privacy
Privacy
Privacy
Recoverability Effort
Extended
Extended
Extended
CMS
None
None
Extended
NIH
None
None
Extended
NIH
Low
Privacy
Extended
AHRQ
None
None
Not Applicable
CDC
CDC
CDC
None
None
None
None
None
None
Not Applicable
Not Applicable
Not Applicable
CDC
None
None
Not Applicable
CMS
None
Privacy
Not Applicable
CMS
CMS
CMS
CMS
CMS
CMS
CMS
CMS
CMS
CMS
Medium
Low
None
Low
None
Low
None
None
Low
None
Privacy
None
Privacy
Privacy
Privacy
Privacy
Privacy
None
Privacy
None
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
CMS
Low
None
Not Applicable
CMS
None
None
Not Applicable
CMS
None
None
Not Applicable
CMS
Medium
Privacy
Not Applicable
CMS
None
None
Not Applicable
CMS
CMS
CMS
CMS
Medium
Medium
Low
Medium
Privacy
None
None
Privacy
Not Applicable
Not Applicable
Not Applicable
Not Applicable
CMS
CMS
Medium
Low
None
None
Not Applicable
Not Applicable
FDA
Low
Integrity
Not Applicable
FDA
None
None
Not Applicable
FDA
None
None
Not Applicable
FDA
Medium
Integrity
Not Applicable
HRSA
HRSA
None
None
None
None
Not Applicable
Not Applicable
HRSA
None
None
Not Applicable
IHS
ITIO
ITIO
ITIO
NIH
NIH
None
Low
None
None
None
None
None
None
None
None
None
None
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
NIH
None
None
Not Applicable
NIH
None
None
Not Applicable
CDC
None
None
Not Recoverable
CMS
CMS
None
Low
Privacy
Privacy
Not Recoverable
Not Recoverable
CMS
None
Privacy
Not Recoverable
CMS
None
None
Not Recoverable
CMS
None
None
Not Recoverable
CMS
None
Privacy
Not Recoverable
FDA
None
None
Not Recoverable
FDA
Low
None
Not Recoverable
ACF
Low
Privacy
Regular
ACF
ACF
None
None
Privacy
Integrity
Regular
Regular
ACF
Medium
Privacy
Regular
AHRQ
None
Privacy
Regular
AHRQ
CDC
CDC
None
Medium
None
None
Integrity
None
Regular
Regular
Regular
CDC
None
Privacy
Regular
CDC
None
None
Regular
CDC
None
None
Regular
CDC
CMS
CMS
CMS
CMS
CMS
None
Medium
None
None
None
None
Integrity
Integrity
Privacy
None
Privacy
None
Regular
Regular
Regular
Regular
Regular
Regular
CMS
None
Privacy
Regular
CMS
None
None
Regular
CMS
None
Privacy
Regular
CMS
None
None
Regular
CMS
CMS
None
Low
Privacy
None
Regular
Regular
CMS
None
None
Regular
CMS
CMS
CMS
FDA
Low
Medium
Medium
None
None
Privacy
Privacy
None
Regular
Regular
Regular
Regular
FDA
None
None
Regular
FDA
None
Integrity
Regular
FDA
HRSA
Low
None
Integrity
Integrity
Regular
Regular
IHS
IHS
IHS
Low
None
None
None
Integrity
Privacy
Regular
Regular
Regular
IHS
None
Privacy
Regular
IHS
IHS
ITIO
ITIO
ITIO
None
None
Low
None
High
Privacy
None
None
None
None
Regular
Regular
Regular
Regular
Regular
ITIO
None
Proprietary
Regular
ITIO
ITIO
ITIO
ITIO
ITIO
ITIO
NIH
Low
Medium
None
Low
Low
None
None
None
None
Privacy
None
Privacy
None
None
Regular
Regular
Regular
Regular
Regular
Regular
Regular
NIH
None
None
Regular
NIH
None
Privacy
Regular
NIH
NIH
NIH
NIH
NIH
None
None
None
None
Low
None
Integrity
Integrity
None
Integrity
Regular
Regular
Regular
Regular
Regular
NIH
Low
Privacy
Regular
NIH
None
None
Regular
NIH
None
None
Regular
NIH
None
None
Regular
OIG
OIG
OIG
OS
OS
OS
OS
None
None
Low
None
None
Low
Low
Privacy
Privacy
Privacy
None
None
Privacy
Integrity
Regular
Regular
Regular
Regular
Regular
Regular
Regular
PSC
None
Privacy
Regular
PSC
Low
Privacy
Regular
SAMHSA
None
None
Regular
Threat Vector
Unknown
Other
Other
Quantity
1
2
3
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Unknown
Other
Unknown
Email
Other
1
5
1
Loss or Theft of
Equipment
Improper Usage
Other
Other
Email
Unknown
Unknown
Other
Other
Web
Email
Unknown
1
4
1
1
7
1
31
9
2
3
Improper Usage
Other
Loss or Theft of
Equipment
Improper Usage
Improper Usage
Email
Other
Web
Web
13
1
2
1
Email
Unknown
1
4
Loss or Theft of
Equipment
Other
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Web
Unknown
4
1
Loss or Theft of
Equipment
Other
Web
Web
Other
Unknown
Other
Loss or Theft of
Equipment
Email
1
1
1
1
1
154
2
12
Loss or Theft of
Equipment
Other
Unknown
7
2
Loss or Theft of
Equipment
Other
Loss or Theft of
Equipment
Unknown
25
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Unknown
Email
Unknown
1
1
Loss or Theft of
Equipment
Improper Usage
Other
Unknown
Email
1
1
21
Improper Usage
Unknown
Loss or Theft of
Equipment
Unknown
Other
Unknown
Web
Other
Unknown
2
1
22
7
165
3
Loss or Theft of
Equipment
Other
Improper Usage
24
Loss or Theft of
Equipment
Email
Web
24
1
Improper Usage
Other
Other
Email
Unknown
1
4
3
1
Loss or Theft of
Equipment
Improper Usage
Email
Email
1
1
Unknown
Other
Other
1
1
1
Improper Usage
Email
Unknown
Web
Unknown
Email
Improper Usage
Unknown
Email
Email
Email
Email
Web
Email
Impersonation/Sp
oofing
Improper Usage
Web
Web
Email
Unknown
Email
10
1
9
2
2
1
3
4
1
2
3
2
65
1
1
13
1
1
6
1
Improper Usage
Other
Loss or Theft of
Equipment
11
Improper Usage
39
Other
Email
Email
Web
Unknown
Email
Web
1
2
1
1
2
1
1
Improper Usage
Unknown
OPDIV
CMS
CMS
Functional Impact
Low
Low
Information Impact
Privacy
Privacy
Recoverability Effort
Extended
Extended
CMS
None
None
Extended
CMS
None
None
Extended
CMS
None
Privacy
Extended
CMS
None
Privacy
Extended
CMS
None
Privacy
Extended
CMS
None
Privacy
Extended
CMS
None
Proprietary
Extended
FDA
CMS
None
Low
Privacy
Privacy
Extended
Not Applicable
CMS
Low
Integrity
Not Applicable
CMS
Low
Integrity
Not Applicable
CMS
CMS
CMS
Low
Low
Low
Integrity
Proprietary
Privacy
Not Applicable
Not Applicable
Not Applicable
CMS
Low
Privacy
Not Applicable
CMS
Low
Privacy
Not Applicable
CMS
Low
None
Not Applicable
CMS
FDA
Low
Low
None
Integrity
Not Applicable
Not Applicable
FDA
Low
None
Not Applicable
ITIO
CMS
CMS
CMS
Low
Medium
Medium
Medium
None
None
None
Privacy
Not Applicable
Not Applicable
Not Applicable
Not Applicable
CMS
Medium
Privacy
Not Applicable
CMS
Medium
Privacy
Not Applicable
CDC
None
None
Not Applicable
CDC
CMS
CMS
CMS
CMS
None
None
None
None
None
None
None
None
None
Privacy
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Applicable
CMS
None
None
Not Applicable
CMS
CMS
None
None
Privacy
Privacy
Not Applicable
Not Applicable
CMS
None
None
Not Applicable
CMS
None
Privacy
Not Applicable
CMS
None
Privacy
Not Applicable
CMS
None
None
Not Applicable
FDA
None
None
Not Applicable
FDA
None
None
Not Applicable
HRSA
None
None
Not Applicable
HRSA
NIH
NIH
NIH
CMS
None
None
None
None
Low
Integrity
None
None
None
Privacy
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Not Recoverable
FDA
Low
None
Not Recoverable
OIG
Low
Privacy
Not Recoverable
CDC
None
None
Not Recoverable
CMS
CMS
CMS
None
None
None
Privacy
Privacy
Privacy
Not Recoverable
Not Recoverable
Not Recoverable
FDA
None
None
Not Recoverable
NIH
None
None
Not Recoverable
CMS
ACF
ACF
CMS
CMS
High
Low
Low
Low
Low
Privacy
Integrity
Privacy
Integrity
Privacy
Regular
Regular
Regular
Regular
Regular
CMS
Low
Privacy
Regular
CMS
CMS
Low
Low
None
Privacy
Regular
Regular
CMS
Low
None
Regular
CMS
Low
Privacy
Regular
CMS
FDA
FDA
FDA
ITIO
ITIO
ITIO
ITIO
Low
Low
Low
Low
Low
Low
Low
Low
Privacy
Integrity
Integrity
Integrity
Integrity
Privacy
None
None
Regular
Regular
Regular
Regular
Regular
Regular
Regular
Regular
NIH
Low
None
Regular
NIH
Low
None
Regular
NIH
Low
None
Regular
NIH
Low
Integrity
Regular
OIG
Low
Integrity
Regular
OS
Low
Privacy
Regular
PSC
Low
Integrity
Regular
SAMHSA
Low
Integrity
Regular
AHRQ
Medium
None
Regular
CMS
Medium
Privacy
Regular
CMS
Medium
Privacy
Regular
CMS
ITIO
ITIO
OS
AHRQ
Medium
Medium
Medium
Medium
None
Privacy
None
None
None
Privacy
Regular
Regular
Regular
Regular
Regular
CDC
None
Privacy
Regular
CDC
None
None
Regular
CDC
None
None
Regular
CDC
None
None
Regular
CMS
None
Privacy
Regular
CMS
CMS
None
None
Privacy
None
Regular
Regular
CMS
None
Privacy
Regular
CMS
CMS
CMS
CMS
None
None
None
None
Privacy
Integrity
None
None
Regular
Regular
Regular
Regular
CMS
None
None
Regular
CMS
CMS
None
None
Privacy
Privacy
Regular
Regular
CMS
None
None
Regular
FDA
FDA
None
None
Privacy
None
Regular
Regular
FDA
None
None
Regular
FDA
None
Privacy
Regular
IHS
IHS
None
None
Privacy
Privacy
Regular
Regular
IHS
None
Privacy
Regular
IHS
None
Privacy
Regular
ITIO
None
Privacy
Regular
ITIO
ITIO
ITIO
ITIO
NIH
None
None
None
None
None
Privacy
None
None
Privacy
None
Regular
Regular
Regular
Regular
Regular
NIH
None
Integrity
Regular
NIH
NIH
None
None
None
None
Regular
Regular
NIH
None
None
Regular
NIH
None
None
Regular
NIH
NIH
None
None
Privacy
None
Regular
Regular
NIH
None
Privacy
Regular
OS
None
Privacy
Regular
OS
PSC
None
None
Privacy
Privacy
Regular
Regular
PSC
None
Privacy
Regular
PSC
None
Privacy
Regular
SAMHSA
None
Privacy
Regular
SAMHSA
None
None
Regular
SAMHSA
None
Privacy
Regular
Threat Vector
Email
Other
Quantity
2
10
Loss or Theft of
Equipment
Improper Usage
Other
Loss or Theft of
Equipment
Improper Usage
Loss or Theft of
Equipment
Other
Unknown
1
2
Loss or Theft of
Equipment
Improper Usage
Email
Other
Other
1
1
5
Loss or Theft of
Equipment
Improper Usage
Loss or Theft of
Equipment
Attrition
Other
1
1
Loss or Theft of
Equipment
Other
Unknown
Other
Other
1
1
1
1
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Other
Email
Unknown
Other
Unknown
Loss or Theft of
Equipment
Email
Other
2
1
5
3
12
1
16
33
Improper Usage
Loss or Theft of
Equipment
Improper Usage
Web
26
Loss or Theft of
Equipment
Web
Loss or Theft of
Equipment
Email
Email
Web
Other
Unknown
1
5
1
116
1
Loss or Theft of
Equipment
Loss or Theft of
Equipment
Email
Unknown
Other
1
11
1
Other
Loss or Theft of
Equipment
Email
Unknown
Email
Unknown
Unknown
1
1
1
2
1
Loss or Theft of
Equipment
Web
Other
1
6
Loss or Theft of
Equipment
Improper Usage
Email
Email
Web
Unknown
Unknown
Email
Web
Unknown
2
2
1
2
1
3
9
4
Loss or Theft of
Equipment
Improper Usage
Loss or Theft of
Equipment
Unknown
Improper Usage
Unknown
Unknown
Improper Usage
Other
Loss or Theft of
Equipment
Email
Web
Unknown
Web
Email
2
2
1
1
1
Improper Usage
Web
Loss or Theft of
Equipment
Email
Loss or Theft of
Equipment
Other
Email
13
1
141
1
Improper Usage
18
Email
Other
Web
Other
19
1
9
5
Loss or Theft of
Equipment
Web
Unknown
2
2
42
Improper Usage
Other
Unknown
1
2
Loss or Theft of
Equipment
Improper Usage
Unknown
Other
1
3
Improper Usage
18
Improper Usage
Email
Web
Unknown
Other
Web
2
2
1
1
9
Improper Usage
Unknown
Other
2
5
Loss or Theft of
Equipment
17
Improper Usage
33
Other
Email
1
28
Improper Usage
Improper Usage
Email
Other
1
1
Improper Usage
Loss or Theft of
Equipment
Loss or Theft of
Equipment