nerdexam
EC-Council

312-50V13 · Question #279

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and

The correct answer is A. HIPPA/PHl. HIPAA/PHI Violation Explained Why A is Correct: HIPAA (Health Insurance Portability and Accountability Act) combined with PHI (Protected Health Information) is specifically designed to safeguard patients' private medical records. When a medical company exposes patient health data

Submitted by saadiq_pk· Mar 6, 2026Introduction to Ethical Hacking

Question

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

Options

  • AHIPPA/PHl
  • BPll
  • CPCIDSS
  • DISO 2002

How the community answered

(37 responses)
  • A
    89% (33)
  • B
    3% (1)
  • C
    5% (2)
  • D
    3% (1)

Explanation

HIPAA/PHI Violation Explained

Why A is Correct: HIPAA (Health Insurance Portability and Accountability Act) combined with PHI (Protected Health Information) is specifically designed to safeguard patients' private medical records. When a medical company exposes patient health data publicly on the Internet, this is a direct violation of HIPAA regulations, which mandate strict controls over the storage, transmission, and accessibility of healthcare information.

Why the Distractors Are Wrong:

  • B (PII - Personally Identifiable Information) is a broader privacy concept, not a specific healthcare regulation; while medical records contain PII, the specific regulatory framework violated in a healthcare context is HIPAA
  • C (PCI DSS) governs credit card and payment data security, not medical records
  • D (ISO 2002) is not a recognized cybersecurity standard (likely a distractor referencing ISO 27002, which is a general information security framework, not healthcare-specific)

Memory Tip: Think "H for Hospital = HIPAA" - whenever you see a scenario involving medical records, patient data, or healthcare companies, HIPAA/PHI is almost always the answer. Also note the question spells it "HIPPA," which is a common misspelling of HIPAA - don't let that trick you on exams!

Topics

#Data Privacy#Regulations#Healthcare Data#HIPAA

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice