Start Report Over
Type of Incident Detected
Choose an incident type
Denial of service
Date / Time Detected
Location Incident Detected From
Site Point of Contact
How was the incident detected?
Location(s) of affected systems:
Date and time incident handlers arrived at the site:
Describe affected information system(s)
Corporate Property Number
Is the affected system connected to a network
Describe the physical security of the location affected information systems ( locks, security, alarms, building access, etc.)
Other Incidents Related to this Incident:
Breach Incident Status
Choose a status
Forwarded for investigation
Date and Time Incident Discovered:
Date and Time Incident Reported:
Date and Time Incident Occurred:
Personnel Involved in Incident:
Type and Volume of Information Involved:
Accessibility/Vulnerability of ePHI / Protective Controls in Place: (e.g. Encryption, etc.):
Indicators of Compromise Related to the Incident:
Root Cause of Incident:
Awareness of Incident (who knows about it now):
Isolate affected systems
Approval to remove from network?
if Yes, name of Approver
Date and Time Removed
If No, state the reason
Initial Risk Assessment
Number of Individuals Potentially Affected:
Potential Privacy Breach (Yes/No):
Risk to Individuals (Types and Extents):
Financial Risk to Organization:
Legal/Contractual Risk to Organization:
Regulatory Risk to Organization:
Public Relations Risk to Organization:
ePHI Accessed or Modified in an Unauthorized Manner (Yes / No):
Backup of Affected Systems
Last System backup successful?
Name of persons who did backup
Date and time last backup started
Date and time last backup completed
Backup Storage Location
Current Actions Taken:
Evidence Gathered / Chain of Custody:
People Contacted: (e.g., system owners, system administrators, Law enforcement, outside counsel, forensics investigators):
Data Breach Services Provider Contacted:
Close or Move to Investigation Phase and Why:
Name of persons performing forensics
Was the root cause identified?
Desribe root cause findings
How was eradication validated
Covered Entity(s) (CE) Affected:
Date Covered Entity(s) (CE) Notified:
Method(s) used to Notify Covered Entity(s) (CE):
Notification Record (Ticket # Documenting Notification):
System Generated List of Individuals Affected Attached (Required):
Click or drag a file to this area to upload.
Upload any relevant information pertinent to the incident (i.e. emails, screenshots, etc)
Click or drag files to this area to upload.
You can upload up to 5 files.
*File must be under 512MB. Supported file types: Images: jpg, jpeg, png, gif, ico, pdf, doc, docx, ppt, pptx, pps, ppsx, odt, xls, xlsx, psd, mp3, m4a, ogg, wav, mp4, m4v, mov, wmv, avi, mpg, ogv, 3gp, 3g2
This is a preview of your submission. It has not been submitted yet!
Please take a moment to verify your information. You can also go back to make changes.