‹ Back to Act

Risk / detail

ACME Corp

PHI breach (legacy store)

Open Unencrypted data at rest
Annual loss expectancy
$640K
Loss event frequency
0.2 events/yr
Loss magnitude
$1.6M–$3.8M
Confidence
High

FAIR decomposition

Frequency
0.2 events/yr
×
Magnitude
$1.6M–$3.8M
=
ALE
$640K

A direct read of the legacy datastore is an automatic HIPAA + GDPR reportable event. The magnitude band reflects per-record penalties scaling with the ~140k records held.

Top controls

HIPAA §164.312GDPR Art 32

Driven by

critical
Unencrypted patient data in a legacy datastore
Close this to cut the ALE →