Incident response
A cyber security incident is an adverse event in the computer system or network that poses a security threat to the computer or network.
Examples are:
- Unauthorised use of user accounts, system resources, or privileges
- Leakage of patients' electronic health records (eHRs)
- Massive malware attacks
A well-defined procedure in your organisation will help you respond to an incident promptly and properly, minimise business losses and subsequent liabilities, and prevent further attacks and damages.
Tips
- Keep calm! Disconnect your computer from the Internet (e.g. disconnect the network cable or switch-off the modem / router).
- Try to determine the cause of the problem and the extent of the impact to your system; and perform appropriate action(s) to limit the extent of the incident before it causes further damages.
- Log down all events and actions taken.
- Seek advice from appropriate organisations (e.g. Hong Kong Computer Emergency Response Team Coordination Centre and Hong Kong Police Force) and report the incident to the eHR Registration Office - 24-hour healthcare staff hotline at (852) 3467 6230 immediately.
Security Incident Handling