nerdexam
EC-Council

312-50V10 · Question #869

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and

The correct answer is B. Pll. Exposed patient medical records found via a simple internet search constitute a violation of regulations protecting Personally Identifiable Information (PII), as medical data contains directly identifiable personal details.

Information Security and Ethical Hacking Fundamentals

Question

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

Options

  • AHIPPA/PHl
  • BPll
  • CPCIDSS
  • DISO 2002

How the community answered

(19 responses)
  • B
    84% (16)
  • C
    11% (2)
  • D
    5% (1)

Why each option

Exposed patient medical records found via a simple internet search constitute a violation of regulations protecting Personally Identifiable Information (PII), as medical data contains directly identifiable personal details.

AHIPPA/PHl

HIPAA (misspelled as HIPPA in the question) and its PHI provisions specifically regulate how covered healthcare entities handle Protected Health Information - while closely related, the question identifies PII as the broader regulatory category most directly violated by publicly exposed identifiable records.

BPllCorrect

PII (Personally Identifiable Information) encompasses any data that can identify a specific individual, and medical records contain highly sensitive PII including names, dates of birth, addresses, and health conditions. Regulations governing PII require organizations to implement appropriate safeguards to prevent unauthorized public disclosure, and publicly indexable medical records represent a direct and serious violation of these protections.

CPCIDSS

PCI DSS (Payment Card Industry Data Security Standard) is a security framework governing the storage, processing, and transmission of payment card data - it does not cover personal medical records.

DISO 2002

ISO 2002 is not a recognized international standard; the relevant framework would be ISO/IEC 27002, which provides information security control guidelines but is not a legally enforceable regulation specifically governing medical record exposure.

Concept tested: Regulatory compliance violations for exposed medical PII

Source: https://csrc.nist.gov/glossary/term/personally_identifiable_information

Topics

#HIPAA#PII#data protection regulation#compliance

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice