Requirements and procedures are in support of governing Columbia University IT Policies and CUIMC Information Security Procedures.
Contact your Certified IT Group or see the Information Security Office's Report an IT Security Event for help if needed. Reporting lost or stolen computers, smartphones, tablets, USB keys, portable hard drives and other equipment capable of storing protected electronic data is a vital step in preventing data breaches.
Notify proper authorities IMMEDIATELY of loss or theft, especially if the device contained confidential and sensitive data. This includes PHI and PII data, and confidential institutional information. When unsure it is best to err on the side of caution. Remember almost all devices used to access email store copies of the email messages and any attachments.
Any CUIMC provisioned equipment (computers, mobile devices, etc.) must be reported to the CUIMC Information Security Office by calling the Service Desk at 5-Help (212-305-4357), option 5. If equipment was provided by NYP, Columbia/Morningside or Weil Cornell please contact their IT support or check with a supervisor for any procedure.
Please include:
If equipment was used for Telehealth, the CITG must also email security@cumc.columbia.edu with the subject line "Lost or Stolen Device INC#" (INC# should be the ticket number created in ServiceNow). If it was a computer please include the hostname.
If the Department of Public Safety and/or local authorities were contacted (see below), please include any report number.
Items lost or stolen should be reported to the Department of Public Safety; let them know if PhoneHome tracking software was installed on a missing computer. Otherwise contact local law enforcement. Be sure to record any ticket or case number and contact information for reporting the incident. Faculty and staff should notify their Department Administrator of the missing equipment and type of data it contains.
Change your passwords and secure other accounts - change passwords for email and other sites or applications that were accessed while using the device. Notify any banking or credit card companies regarding account information that may be compromised. Columbia UNI and CUIMC email /MC domain account passwords can be changed immediately online:
Please also follow Microsoft's instructions to Sign out of Office (OneDrive and other Office apps) from any web browser; steps are towards the bottom of their page.
Data stored on some smartphones and other equipment may be able to be deleted remotely to help prevent data breaches. Verify whether this is possible with the group(s) you contact and how it should be done, procedures can vary based on the equipment and its prior use and set up. In most cases this will affect data that is has already been synced or backed up to a computer, or is kept on network storage or a server. Do not cancel phone service if a remote data wipe will be performed, as this will block the ability of remote deletion.
See help for: