The client is a well-known insurance provider subject to HIPAA regulations that protect personal health information (PHI). While regulatory compliance requires appropriate physical and electronic safeguards, the client also recognizes that its industry is rife financial and reputation risk arising out of data breaches. In the 2018’s first quarter alone, the Department of Health and Human Services’ Office for Civil Rights (OCR) received 77 healthcare data breach reports. While the pure number of breaches decreased by 10.5% from the fourth quarter of 2017, the severity increased increased by 130.57%.