Incident response

A cyber security incident is an adverse event in the computer system or network that poses a security threat to the computer or network.

Examples are:

  • Unauthorised use of user accounts, system resources, or privileges
  • Leakage of patients' electronic health records (eHRs)
  • Massive malware attacks

A well-defined procedure in your organisation will help you respond to an incident promptly and properly, minimise business losses and subsequent liabilities, and prevent further attacks and damages.



  1. Keep calm! Disconnect your computer from the Internet (e.g. disconnect the network cable or switch-off the modem / router).
  2. Try to determine the cause of the problem and the extent of the impact to your system; and perform appropriate action(s) to limit the extent of the incident before it causes further damages.
  3. Log down all events and actions taken.
  4. Seek advice from appropriate organisations (e.g. Hong Kong Computer Emergency Response Team Coordination Centre and Hong Kong Police Force) and report the incident to the eHR Registration Office - 24-hour healthcare staff hotline at 3467 6230 immediately.
Security Incident Handling