Certified Incident Handler (CIH) Practice Ecam

What web application flaw was identified by Martin related to storing patient details?

• A. Authentication failures
• B. Cryptographic failures
• C. Improper configuration
• D. Access control issues

The correct answer is: Cryptographic failures

The identification of cryptographic failures related to storing patient details highlights a significant concern about how sensitive data is protected in a web application environment. Cryptographic failures can arise when proper encryption methods are not employed to safeguard data at rest or in transit. In the context of patient information, the protection of personal health data is critical due to regulatory requirements, such as HIPAA in the United States, which mandates the secure handling of such information. When patient details are not encrypted or are using weak cryptographic algorithms, it opens the door for unauthorized access and data breaches. This can lead to serious consequences for both individuals and organizations, including legal ramifications, loss of trust, and financial penalties. The choice of cryptographic schemes, key management practices, and implementation of secure protocols are integral to ensuring that patient data is adequately safeguarded. While the other options also represent potential security issues—like authentication failures, improper configuration, and access control problems—they do not specifically address the critical aspect of how sensitive data is encrypted or protected via cryptographic measures. Therefore, recognizing cryptographic failures as a flaw emphasizes the importance of robust encryption practices when dealing with sensitive patient information.