eForms Logo

Cybersecurity (IT) Incident Report Template

A cybersecurity incident report includes information about a breach and its impact on services or data. The form assesses how the attacker entered the system and its effect afterward. If personal information was stolen through an attack, the impacted organization may be required to inform its users and government bureaus by law.
4.6 Stars | 102 Ratings
Downloads: 3,335

Includes PHI

If medical records were stolen in a breach, the incident must be reported by a covered entity to the U.S. Dept. of Health and Human Services (HSS).[1] The reporting types are divided into 2 categories:

  • Less than 500 records – Must report the incident within 60 days from the end of the calendar year the breach occurred.
  • 500 or more records – Must report the incident within 60 days of discovery of the incident.

Doesn’t Include PHI

The victim of the attack is not required to report the incident and has the option to report it to the FBI. The FBI has 2 classifications for cyber attacks:

  • Threat Response – When attacks are made to disrupt the day-to-day activities of an organization with malicious intent.
  • Asset Response – Includes the stealing of personal data, intellectual property, or outright theft.

By Type (3)


American Health Information Management Association (AHIMA) Report Form

Download: PDF

 

 

 


HIPAA Report Form

Download: PDF, MS Word, OpenDocument

 

 

 


Standard Report Form

Download: PDF, MS Word, OpenDocument

 

 

 

Sample

CYBERSECURITY (IT) INCIDENT REPORT FORM

Use this form to report any cybersecurity issues, breaches, hacks, malware, or any other incidents involving a 3rd party.

Date of Report: [DATE]

 I. CONTACT PERSON.

Full Name: [NAME] Address: [ADDRESS]

Job Title: [TITLE]

Phone: [PHONE] E-Mail: [E-MAIL]

II. THE INCIDENT.

Date of Incident: [DATE] Time: [TIME] AM PM

Type of Incident: Malware Data Breach Other: [OTHER]

How was the incident detected / discovered? [DESCRIBE]

III. NOTIFICATION. 

Were other personnel notified? Yes No

If yes, enter: [DESCRIBE]

IV. CONTAINMENT

Were any containment measures made? Yes No

If yes, describe: [DESCRIBE]

V. IMPACTED SERVICES.

Was anything permanently impacted by the incident? Yes No

If yes, describe: [DESCRIBE]

VI. ATTACK VECTOR.

Do you know how the attack was made? Yes No

If yes, describe: [DESCRIBE]

VII. INFORMATION IMPACT.

Was there any data, records, or information breached? Yes No

If yes, describe: [DESCRIBE]

VIII. OTHER.

Is there any other information you would like to include in this report? Yes No

If yes, describe: [DESCRIBE]


OFFICE USE ONLY

Report received by: [NAME] Date: [DATE]

Follow-up action taken: [DESCRIBE]