14.3.1.5 Lab – Investigate Breaches of PII PHI PCI Answers Full 100% 2023 2024

• Recommend

Lab – Investigate Breaches of PII, PHI, and PCI (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the Answers copy only.

Objectives

In this lab, you will investigate breaches of PII, PHI, and PCI by searching the Internet and then recording your findings.

Background / Scenario

Personal information, including health and financial data, is compromised by both human carelessness and sophisticated computer attacks.This compromised data can impact millions and often the attacks go undetected for some time.

As an IT professional working with devices and personal data, it is important to be aware of the wide range of attacks and vulnerabilities that have occurred and what may have helped prevent them.

Required Resources

• PC or mobile device with Internet access.

Instructions

In this part of the lab, you will research and describe three breaches that have occurred recently. Include at least one PCI and one PHI. Use the following steps:

1. Launch your favorite web browser and go to your favorite search engine, such as Google.com.

What key terms will you use to search for recent breaches?

2. Go through the results and find the most interesting breaches that have occurred within the last 5 years.
3. Choose three different breaches to document in this lab.
4. Describe the breaches in detail. Make sure you answer the following questions:

1)What was the name of the company or organization?

2)What was targeted?

3)Who was affected?

4)How did the attack occur? Describe the details of what happened.

5)What is the source of your information? Include the URL.

6)What steps could have been taken to prevent the breach?

Breach #1: PII – Microsoft Data Breach

1. Company/Organization: Microsoft
2. Targeted Data: 38 million records containing PII
3. Affected Entities: 47 organizations, including governmental public health agencies
4. Attack Details: Discovered on May 24, 2021, by UpGuard, it involved the exposure of PII through a Microsoft Power Apps design mishap, including COVID-19 contact tracing information, vaccination appointments, SSNs, employee IDs, and email addresses.
5. Source: Health IT Security
6. Preventive Measures: Microsoft enabled table permissions by default and provided a tool for customers to self-diagnose their portals​​​​​​.

Breach #2: PHI – Mulkay Cardiology Consultants

1. Company/Organization: Mulkay Cardiology Consultants at Holy Name Medical Center
2. Targeted Data: Personal and protected health information
3. Affected Entities: Potentially 79,582 individuals
4. Attack Details: Ransomware attack detected on September 5, 2023, encrypting files and exfiltrating data including names, addresses, DOBs, SSNs, driver’s license numbers, medical and insurance information. Likely conducted by the NoEscape group.
5. Source: HIPAA Journal
6. Preventive Measures: Enhanced technical safeguards, notified affected individuals, and provided complimentary credit monitoring services​​.

Breach #3: PCI – Air Europa Data Breach

1. Company/Organization: Air Europa
2. Targeted Data: Credit card information
3. Affected Entities: Air Europa customers
4. Attack Details: Hackers accessed financial information including card numbers, expiration dates, and CVV numbers.
5. Source: Tech.co
6. Preventive Measures: Customers were advised to cancel their credit cards, and the airline notified relevant authorities and banks. They also stated that their systems are fully operational again​​.

These breaches highlight the importance of robust cybersecurity measures in protecting sensitive data across various sectors.

• Recommend