Form CMS-10496 STATE HEALTH INSURANCE EXCHANGE SECURITY INCIDENT REPORT

State Health Insurance Exchange Security Incident Report

CMS-10496_HIM_State_Incident_Report-508

Incident Reporting

OMB: 0938-1216

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 0938-1216 can be found here:
2014-03-06 - Extension without change of a currently approved collection
Document [pdf]
Download: pdf | pdf
DO NOT INCLUDE PERSONALLY IDENTIFIABLE INFORMATION IN THIS REPORT EXCEPT WHEN IDENTIFYING THE REPORTING INDIVIDUAL.
DEPARTMENT OF HEALTH AND HUMAN SERVICES
CENTERS FOR MEDICARE & MEDICAID SERVICES

STATE HEALTH INSURANCE EXCHANGE SECURITY INCIDENT REPORT
Instructions: This form is to be used by States to report security incidents in accordance with the
Computer Matching Agreement Between the Centers for Medicare & Medicaid Services (CMS) and State
Based Administering Entities for the Disclosure of Insurance Affordability Programs Information under
the Patient Protection and Affordable Care Act. Reports must be submitted to the State’s designated
CMS State Officer within one hour of discovery.

Date/Time Submitted:
INCIDENT TRACKING NUMBER
*State Tracking # (tracking number generated by State)

CMS Tracking # (To be completed by CMS)

* Required information
REPORTING INDIVIDUAL CONTACT INFORMATION
Name*
Office Phone*

Email*
Cell Phone

State*

Title

INCIDENT CATEGORY*
Lost/Stolen Asset (Section A)
PII Breach (Section B Mandatory)	
Malicious Code (Section C) (Cat 3)
Unauthorized Access (Section D) (Cat 1)

Improper Usage (Section E) (Cat 4)
Denial of Service (Section F) (Cat 2)
Scans/Probes/Attempted Access (Section F) (Cat 5)
Investigations (Section F) (Cat 6)

TYPE OF DEVICE INVOLVED IN INCIDENT*
Blackberry
Cell phone
Computer (Non-specific)
Computer Files
Desktop Computer

Domain Controller
E-mail
Hard Drive (External)
Hard Drive (Internal)
Laptop
Paper Documents

CD/DVD
PDA
Server
Tape/DLT/DASD
USB Thumb Drive
Other__

SECTION A: LOST/STOLEN ASSET
PII Involved? (if so, complete Section B)

Yes

No

Brief Description: Include actions taken, asset brand/model, date and time, location of theft/damage and whether or not PII was exposed

Form CMS-10496 (07/13)	

1

SECTION B: PII BREACH
BREACH CATEGORY Check below
Document Theft
Hardware/Media Theft
Document Loss
Hardware/Media Loss

Document Lost in Transit
Hardware/Media Lost in Transit
Improper Usage
Unintended Manual Disclosure

Number of Individuals Whose PII Was Lost or Compromised List
Number of Individuals Impacted:

Unintended Electronic Disclosure
Unauthorized Access
Hacking or IT Incident
Document sent to Wrong Address

Number below or check box

Unknown

Other

Brief Description: Ensure to include the format of the PII (i.e. email, web, database, etc), population affected, categories of PII involved, whether PII
lost, stolen or compromised, and the actions taken, if any.

SECTION C: MALICIOUS CODE
MALWARE TYPE Check below
Worm
Virus
Trojan

NAME OF MALWARE if known

OPERATING SYSTEM
Buffer Overflow
Denial of Service (DoS)
Other:

ACTION TAKEN REGARDING MALWARE
Quarantined
Cleaned
Left Alone

Windows
Linux

Unix
Mac

PRIOR TO EVENT, WAS AFFECTED
NODE PROPERLY PATCHED?
Yes
No

Description of current actions taken (if any):

Form CMS-10496 (07/13)	2

SECTION D: UNAUTHORIZED ACCESS
Describe Violation

Actions taken (if any)

SECTION E: IMPROPER USAGE/POLICY VIOLATION
TYPE OF VIOLATION
(P2P) File Sharing
Instant Messenger

Inappropriate Web sites
Remote Access

Unapproved Software
Other (Describe)

Describe Incident

Actions taken (if any)

SECTION F: DENIAL OF SERVICE, SCANS/PROBES/ATTEMPTED ACCESS, & INVESTIGATIONS
Describe Violation

Actions taken (if any)

PRA Disclosure Statement
According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control
number. The valid OMB control number for this information collection is 0938-XXXX. The time required to complete this information collection is estimated
to average 15 minutes per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and
review the information collection. If you have comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please
write to: CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance Officer, Mail Stop C4-26-05, Baltimore, Maryland 21244-1850. Please do not send
applications, claims, payments, medical records or any documents containing sensitive information to the PRA Reports Clearance Office. Please note that
any correspondence not pertaining to the information collection burden approved under the associated OMB control number listed on this form will not be
reviewed, forwarded, or retained. If you have questions or concerns regarding where to submit your documents, please contact 1-800-MEDICARE.
Form CMS-10496 (07/13)	2
File Type	application/pdf
File Modified	2013-08-21
File Created	2013-08-15