Reporting a security breach to our office

You must report a security breach to our office within two days of discovering a breach.

Your report must include:

  • The date of the incident.
  • The date you discovered the breach.
  • The number of customers or consumers affected.
  • What actions are being taken.

Reporting to other agencies

If a breach of unsecured protected health information affects individuals, a covered entity must notify the Human and Health Services Secretary of the breach.

If a security breach affects more than 500 Washington residents, you must also notify the Attorney General's Office.

Notifying impacted individuals and entities

You must notify any individuals or entities that are impacted by the security breach within 60 days of discovering the breach.

The notifications must include:

  • A brief description of what happened, including the date of the breach and when it was discovered.
  • A description of the types of unsecured protected health information involved in the breach.
  • Any steps individuals should take to protect themselves from potential harm resulting from the breach.
  • A brief description of what you are doing to investigate the breach, mitigate harm to individuals, and to protect against future breaches.
  • Contact information for individuals to ask questions or learn additional information.

Report a security breach

Note: Please DO NOT include personal health information, social security numbers or other confidential information. We will contact you if we need more information.

Indicates required field
Have you reported this breach to the U.S. Department of Health and Human Services?

Note: Please upload your reporting form or any confirmation documentation of your reporting to U.S. Department of Health and Human Services (www.hhs.gov).

Have you reported this breach to WA State Office of the Attorney General?

Note: Please upload your reporting form or any confirmation documentation of your reporting to WA State Office of the Attorney General (fortress.wa.gov).

Maximum 4 files.
20 MB limit.
Allowed types: txt, rtf, pdf, doc, docx, odt, ppt, pptx, odp, xls, xlsx, ods.
30 MB limit per form.