In this exercise, I documented a ransomware attack against a small healthcare clinic using the incident handler’s journal template. I captured the key facts, logged the five W’s, and noted next steps to guide our response and recovery.
On a Tuesday at 9:00 AM, staff at a primary-care clinic found their patient records encrypted by ransomware delivered via a phishing email. A demand note requested payment in exchange for a decryption key. My job was to record the full incident in the journal for later analysis and action.
| Field | My Details |
|---|---|
| Date & Entry # | I made this entry on June 8, 2025 and labeled it as Entry #1. |
| Description | I summarized the ransomware incident: patient files were encrypted and operations halted until the ransom demand was displayed. |
| Tool(s) used | I used the Google Docs journal template and reviewed the security console logs for timestamps and user alerts. |
| The 5 W’s |
|
| Additional notes | I noted that emergency systems were offline and first responders were alerted. Next, I plan to coordinate decryption trials and notify compliance officers. |
By structuring my observations in this journal entry, I ensured all critical details were captured for the incident response team. This record will guide our remediation steps and support post-incident review.