HEALTHCARE CYBERSECURITY INCIDENT RESPONSE CHECKLIST Created by ChecklistGuro (https://checklistguro.com) --- DETECTION & IDENTIFICATION --- [ ] Date of Suspected Incident [ ] Time of Suspected Incident [ ] Initial Detection Method (Antivirus Alert, Intrusion Detection System (IDS), User Report, Network Monitoring, Security Information and Event Management (SIEM)) [ ] Description of Initial Alert/Observation [ ] Affected System(s) - Initial Assessment (Server, Workstation, Network Device, Database, Web Application, Unknown) [ ] Severity Score (if applicable) [ ] Potential Indicators of Compromise (IOCs) (Malware Signature Detected, Unusual Network Traffic, Suspicious User Activity, Unauthorized File Access, Unexpected System Changes) --- CONTAINMENT --- [ ] Affected System Type (Server, Workstation, Network Device, Mobile Device, Application) [ ] Compromised Services (Email, File Server, Database, Web Application, VPN) [ ] Number of Affected Users (Estimate) [ ] Date System Isolated [ ] Time System Isolated [ ] Detailed Description of Isolation Actions [ ] Isolation Method (Network Disconnect, Firewall Rule, System Shutdown) --- ERADICATION --- [ ] Description of Malware/Threat Actor [ ] Number of Affected Systems Initially [ ] Compromised System Roles (e.g., Server, Workstation) (Server, Workstation, Database, Network Device) [ ] Malware Sample (if available) [ ] Detailed Removal Steps Performed [ ] Date Eradication Steps Completed [ ] Time Eradication Steps Completed --- RECOVERY --- [ ] System Restoration Start Date [ ] System Restoration Start Time [ ] Number of Affected Systems Restored [ ] Detailed Description of Restoration Process [ ] Data Integrity Verification Method (Automated Verification, Manual Spot Checks, Full Data Reconciliation) [ ] Date of Full System Validation [ ] Signature of Recovery Team Lead --- POST-INCIDENT ACTIVITY --- [ ] Detailed Incident Narrative [ ] Estimated Financial Impact (USD) [ ] Root Cause Categories (Technical Vulnerability, Human Error, Process Failure, Third-Party Risk) [ ] Date of Incident Report Completion [ ] Proposed Corrective Actions [ ] Action Plan Status (Not Started, In Progress, Completed, Delayed) [ ] Supporting Documentation (Logs, Screenshots) --- COMMUNICATION & REPORTING --- [ ] Incident Severity Level (Low, Medium, High, Critical) [ ] Summary of Communication Actions Taken [ ] Number of Individuals Notified (Internal) [ ] Number of Individuals Notified (External) [ ] Date of Initial Notification [ ] Time of Initial Notification [ ] Primary Communication Channel Used (Email, Phone, Secure Messaging, Other) [ ] Notes on Communication Effectiveness --- LEGAL & REGULATORY COMPLIANCE --- [ ] Breach Notification Triggered? (Yes, No) [ ] Date of Breach Discovery [ ] Estimated Number of Records Affected [ ] Summary of Legal Consultation Performed [ ] State Breach Notification Laws Applicable? (Yes, No) [ ] Documentation of Legal Review [ ] Description of steps taken to comply with HIPAA Breach Notification Rule --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/healthcare/healthcare-cybersecurity-incident-response-checklist (Click "Install Template" to launch your digital inspection tool immediately)