Certified Ethical Hacker (CEH v13) — Question 187
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob’s boss is very worried because of regulations that protect those data.
Which of the following regulations is mostly violated?
Answer options
- A. PCI DSS
- B. PII
- C. ISO 2002
- D. HIPPA/PHI
Correct answer: D
Explanation
The correct answer is D, as HIPAA (Health Insurance Portability and Accountability Act) protects patient health information, and exposure of medical records violates this regulation. Options A and C are not applicable as PCI DSS pertains to payment card information, and ISO 2002 is not a relevant regulation for personal medical data. Option B, PII (Personally Identifiable Information), while related, does not specifically address the medical records context as HIPAA does.