Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • Big Wins
Breadcrumb
  1. Home
  2. About
  3. Agencies
  4. ASA
  5. Office of the Chief Information Officer (OCIO)
  6. Health Sector Cybersecurity Coordination Center (HC3)
  7. HC3 Victim Notification
  • Assistant Secretary for Administration (ASA)
  • Fair Chance to Compete for Jobs Act
  • About ASA
  • EEO
    • About EEO
      • No Fear
      • Programs & Offices
      • Contact Reasonable Accommodation Coordinators
      • Personal Assistant Services
    • EEO Policy Statement
  • Office of Organizational Management (OOM)
    • About OOM
    • Consulting Services
    • Fair Act Inventory
    • Contact Us
  • Office of Human Resources (OHR)
    • About OHR
      • OHR Divisions
      • Mission and Vision
      • Leadership
      • Contact Us
    • Begin Your Career at HHS
    • New Employee Orientation
    • HR Policy Library
  • Office of the Chief Information Officer (OCIO)
    • About OCIO
      • What We Do
      • Our Mission
      • Plans & Reports
      • Contact Us
    • Cybersecurity
      • HC3 Home Page
      • HC3 About Us
      • HC3 FAQ
      • HC3 Products
      • HC3 Victim Notification
      • HC3 Contact Us
    • HHS IT Management Jobs
  • Program Support Center (PSC)
    • Accounting
    • Board for Correction
    • Building Operations
    • Debt Collection
    • Federal Real Property Assistance Program (FRPAP)
    • FedResponse Contact Center
    • Financial Reporting Services
    • Grants Management
    • Indirect Cost Negotiations
    • Intake, Suitability, and Badging
    • Mail and Publishing
    • Physical Security, Emergency Management, and Safety
    • Real Property Policy and Strategy
    • Space Design and Construction
    • Supply Chain Management
    • Transportation Services
  • PSC Federal Occupational Health (FOH)
    • Office of the Director
    • Behavioral Health Services
    • Clinical Health Services
    • Environmental Health and Safety Services
    • Wellness and Health Promotion Services

HC3 Victim Notification

HC3 Cyber Engagement (CE) works with many partners, including several thousand Healthcare and Public Health (HPH) entities, law enforcement entities, and preparedness and security vendors, to help elevate cybersecurity posture in the HPH Critical Infrastructure Sector. Some of this work involves directly and indirectly sharing vulnerabilities, victim feeds, and analyses.

What Are Victim Notifications?

Directed communications to victims or potential victims of breaches, vulnerable equipment, or personal identifiable information (PII)/protected health information (PHI) theft.

What Do the Notifications Cover?

  • Victimized HPH entities where a threat actor:
    • has obtained access to the infrastructure of an HPH entity
    • has stolen and posted sensitive PHI/PII for sale
    • is conducting a business email compromise and is posing as a representative of the HPH entity
  • Vulnerable HPH entities who:
    • inadvertently share PHI/PII in an open format
    • are susceptible to known vulnerabilities or have exposed systems
HC3 Victim Notice.png
*This content is in the process of Section 508 review. If you need immediate assistance accessing this content, please submit a request to HC3@hhs.gov. Content will be updated pending the outcome of the Section 508 review.

 

How Is the Information Obtained?

HC3 gathers the information from a variety of sources, including original research and tips from partners.

How Are Victims Notified?

HC3 leverages the HHS Office of Inspector General (HHS-OIG) and the FBI to get in touch with the impacted entities. As the law enforcement arm of the HHS, the OIG has the authority to engage in more directed actions in support of HPH entities.

HC3 Contact Info: HC3@hhs.gov

HHS-OIG Contact Info: OICCU@oig.hhs.gov

Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed December 21, 2022
Back to top

Subscribe to Email Updates

Receive the latest updates from the Secretary and Press Releases.

Subscribe
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

Follow HHS

Follow Secretary Kennedy