Security operations
Documented detection, containment, and recovery — auditor-grade timelines on every event.
Open
1
Affecting PHI
1
Resolved (90d)
2
Anyone on staff can report. The intake form auto-creates a timeline, classifies severity, and notifies the compliance officer.
Conditional Access flagged a sign-in attempt for u-8 from outside the U.S. MFA prompt was not satisfied.
Discovered Apr 19, 2026
Reported 24 hours ago
Microsoft Entra · Apr 19, 2026, 06:23 AM
Risk-based sign-in alert triggered.
Jordan Reyes · Apr 19, 2026, 06:38 AM
Forced password reset, revoked all sessions, contacted user.
Spear phishing email impersonating clinic owner requesting wire transfer. No compromise — staff escalated immediately.
Discovered Apr 16, 2026
Reported 4 days ago
Resolved 3 days ago
Hannah Chen · Apr 16, 2026, 06:53 AM
Forwarded suspicious email to security@.
Sam Liu · Apr 16, 2026, 07:53 AM
Quarantined message, blocked sender domain at firewall and M365.
Staff member reported a managed laptop stolen overnight. Device was BitLocker-encrypted and remotely wiped via Intune within 2 hours of report.
Discovered Apr 11, 2026
Reported 9 days ago
Resolved 7 days ago
Sam Liu · Apr 11, 2026, 08:53 AM
Incident reported via AuditPilot intake form.
Jordan Reyes · Apr 11, 2026, 09:53 AM
Confirmed BitLocker active on lost device. Initiated Intune remote wipe.
Jordan Reyes · Apr 11, 2026, 10:53 AM
Wipe confirmed. Device unrecoverable. Marked as contained.
Maya Patel · Apr 13, 2026, 05:53 AM
Risk assessment completed — encryption + remote wipe means low probability PHI was compromised. No breach notification required.