Document an incident with an incident handler's journal

In this activity, I reviewed the details of a security incident and documented the incident using an incident handler's journal.

A small healthcare clinic specializing in delivering primary-care services experienced a security incident on 23 July 2023 at approximately 9:00 a.m. Several employees reported that they were unable to use their computers to access files like medical records. Business operations shut down because employees were unable to access the files and software needed to do their jobs.

Additionally, employees also reported that a ransom note was displayed on their computers. The ransom note stated that all the company's files were encrypted by an organized group of unethical hackers. In exchange for restoring access to the encrypted files, the ransom note demanded a large sum of money in exchange for the decryption key. 

The attackers were able to gain access to the company's network by using targeted phishing emails, which were sent to several employees of the company. The phishing emails contained a malicious attachment that installed malware on the employee's computer once it was downloaded.

Once the attackers gained access, they deployed their ransomware, which encrypted critical files. The company was unable to access critical patient data, causing major disruptions in its business operations. The company was forced to shut down their computer systems and contact several organizations to report the incident and receive technical assistance.

Please find below the incident journal entry.