Certified Ethical Hacker (CEH v11) — Question 103

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data.
Which of the following regulations is mostly violated?

Answer options

• A. PCI DSS
• B. PII
• C. ISO 2002
• D. HIPPA/PHI

Correct answer: D

Explanation

The correct answer is D, HIPPA/PHI, as it pertains specifically to the protection of patient health information. PCI DSS focuses on payment card information, PII relates to personally identifiable information in general, and ISO 2002 does not directly address health data regulations.