Includes PHI
If medical records were stolen in a breach, the incident must be reported by a covered entity to the U.S. Dept. of Health and Human Services (HSS).[1] The reporting types are divided into 2 categories:
- Less than 500 records – Must report the incident within 60 days from the end of the calendar year the breach occurred.
- 500 or more records – Must report the incident within 60 days of discovery of the incident.
Doesn’t Include PHI
The victim of the attack is not required to report the incident and has the option to report it to the FBI. The FBI has 2 classifications for cyber attacks:
- Threat Response – When attacks are made to disrupt the day-to-day activities of an organization with malicious intent.
- Asset Response – Includes the stealing of personal data, intellectual property, or outright theft.
By Type (3)
American Health Information Management Association (AHIMA) Report Form
Download: PDF
Download: PDF, MS Word, OpenDocument
Download: PDF, MS Word, OpenDocument
Sample
CYBERSECURITY (IT) INCIDENT REPORT FORM
Use this form to report any cybersecurity issues, breaches, hacks, malware, or any other incidents involving a 3rd party.
Date of Report: [DATE]
I. CONTACT PERSON.
Full Name: [NAME] Address: [ADDRESS]
Job Title: [TITLE]
Phone: [PHONE] E-Mail: [E-MAIL]
II. THE INCIDENT.
Date of Incident: [DATE] Time: [TIME] ☐ AM ☐ PM
Type of Incident: ☐ Malware ☐ Data Breach ☐ Other: [OTHER]
How was the incident detected / discovered? [DESCRIBE]
III. NOTIFICATION.
Were other personnel notified? ☐ Yes ☐ No
If yes, enter: [DESCRIBE]
IV. CONTAINMENT
Were any containment measures made? ☐ Yes ☐ No
If yes, describe: [DESCRIBE]
V. IMPACTED SERVICES.
Was anything permanently impacted by the incident? ☐ Yes ☐ No
If yes, describe: [DESCRIBE]
VI. ATTACK VECTOR.
Do you know how the attack was made? ☐ Yes ☐ No
If yes, describe: [DESCRIBE]
VII. INFORMATION IMPACT.
Was there any data, records, or information breached? ☐ Yes ☐ No
If yes, describe: [DESCRIBE]
VIII. OTHER.
Is there any other information you would like to include in this report? ☐ Yes ☐ No
If yes, describe: [DESCRIBE]
OFFICE USE ONLY
Report received by: [NAME] Date: [DATE]
Follow-up action taken: [DESCRIBE]