Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 137

A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the
CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time. What is the first step the analyst should take to address this incident?

Answer options

• A. Evaluate visibility tools to determine if external access resulted in tampering
• B. Contact the third-party handling provider to respond to the incident as critical
• C. Turn off all access to the patient portal to secure patient records
• D. Review system and application logs to identify errors in the portal code

Correct answer: C

Explanation

The correct answer is C because immediately disabling access to the patient portal helps prevent any further exposure of PII while the incident is being investigated. Options A and D focus on diagnostic measures that could take time and might not prevent ongoing data breaches. Option B would involve external communication but does not address the immediate risk of PII disclosure.