Skip to content

Sensitive Data: High number of PHI

Identifier: high_number_of_phi

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

When access control is not properly implemented, protected health information (PHI) can leak to the public, potentially leading to data breaches, financial loss, legal penalties, and HIPAA violations.

How we test: We scan responses to detect PHI such as medical record numbers, health insurance information, and other health-related identifiers. We count the number of PHI instances found and alert if the count exceeds the configured threshold, indicating potential access control failures.

Configuration

Example

Example configuration:

---
security_tests:
  high_number_of_phi:
    detection_threshold: 3
    skip: false

Reference

detection_threshold

Type : integer

Threshold to trigger alert if the number of values found.

skip

Type : boolean

Skip the test if true.