GreySec PHI Scanner — Full Pipeline Report

Source	Type	HIGH	MED	Total
WinServer 2022 (192.168.68.20)	Windows	8	30	48
Win10 Desktop (192.168.68.15)	Windows	4	384	2,454
MSSQL GreySecPHI (localhost:14330)	Database	9	5	14
TOTAL		21	419	2,516

WinServer 2022 (192.168.68.20) — PHI_seed/ (Seeded)

5 files: insurance_claims.json, nurse_notes.log, patient_db_export.json, patient_email.txt (+ 1 duplicate)

Type	Value	File	Line
SSN	573-44-9281	C:\phi_test\PHI_seed\insurance_claims.json	?
SSN	819-77-3341	C:\phi_test\PHI_seed\insurance_claims.json	?
SSN	622-11-0099	C:\phi_test\PHI_seed\insurance_claims.json	?
SSN	441-28-7763	C:\phi_test\PHI_seed\insurance_claims.json	?
MRN	001881	C:\phi_test\PHI_seed\insurance_claims.json	?
MRN	001882	C:\phi_test\PHI_seed\insurance_claims.json	?
MRN	001883	C:\phi_test\PHI_seed\insurance_claims.json	?
MRN	001884	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	772-441-0091	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	1154998722	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	414) 555-0174	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	992-448-1177	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	1154998722	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	513) 555-2288	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	772-441-9914	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	1154998722	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	214) 555-6610	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	992-441-8817	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	1154998722	C:\phi_test\PHI_seed\insurance_claims.json	?
Phone	206) 555-3390	C:\phi_test\PHI_seed\insurance_claims.json	?
SSN	662-41-0039	C:\phi_test\PHI_seed\nurse_notes.log	?
MRN	992241	C:\phi_test\PHI_seed\nurse_notes.log	?
Phone	503) 555-9914	C:\phi_test\PHI_seed\nurse_notes.log	?
Phone	772-441-0091	C:\phi_test\PHI_seed\nurse_notes.log	?
Phone	425) 555-8821	C:\phi_test\PHI_seed\nurse_notes.log	?
Email	beverly.moss@homeemail.net	C:\phi_test\PHI_seed\nurse_notes.log	?
Email	david.szymanski@microsoft.com	C:\phi_test\PHI_seed\nurse_notes.log	?
SSN	573-44-9281	C:\phi_test\PHI_seed\patient_db_export.json	?
SSN	819-77-3341	C:\phi_test\PHI_seed\patient_db_export.json	?
SSN	622-11-0099	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	414) 555-0174	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	513) 555-2288	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	214) 555-6610	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	1154998722	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	1154998722	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	1154998722	C:\phi_test\PHI_seed\patient_db_export.json	?
Email	jwhitfield@email.com	C:\phi_test\PHI_seed\patient_db_export.json	?
Email	jobrien@gmail.com	C:\phi_test\PHI_seed\patient_db_export.json	?
Email	mrodriguez@texashealth.net	C:\phi_test\PHI_seed\patient_db_export.json	?
Phone	503) 555-9914	C:\phi_test\PHI_seed\patient_email.txt	?
Phone	312) 555-9912	C:\phi_test\PHI_seed\patient_email.txt	?
Phone	312) 555-9913	C:\phi_test\PHI_seed\patient_email.txt	?
Email	beverly.moss@homeemail.net	C:\phi_test\PHI_seed\patient_email.txt	?
Email	beverly.moss@homeemail.net	C:\phi_test\PHI_seed\patient_email.txt	?
Email	records@midwestmed.org	C:\phi_test\PHI_seed\patient_email.txt	?
Email	records@midwestmed.org	C:\phi_test\PHI_seed\patient_email.txt	?
Email	beverly.moss@homeemail.net	C:\phi_test\PHI_seed\patient_email.txt	?

Win10 Desktop (192.168.68.15) — Real PHI (Pre-existing)

Type	Value	File	Line
SSN	123-45-6789	C:\Users\vagrant\Desktop\Patient_Records.txt	?
SSN	987-65-4321	C:\Users\vagrant\Desktop\Patient_Records.txt	?
SSN	555-12-3456	C:\Users\vagrant\Desktop\Patient_Records.txt	?
SSN	444-55-6666	C:\Users\vagrant\Desktop\Patient_Records.txt	?

MSSQL GreySecPHI (localhost:14330) — Seeded PHI in DB

Type	Value	Table	Score
SSN	573-44-9281	Patients	0.50
SSN	819-77-3341	Patients	0.50
SSN	622-11-0099	Patients	0.50
SSN	441-28-7763	Patients	0.50
SSN	662-41-0039	Patients	0.50
SSN	573-44-9281	Claims	0.50
SSN	819-77-3341	Claims	0.50
SSN	622-11-0099	Claims	0.50
SSN	441-28-7763	Claims	0.50
EMAIL	jwhitfield@email.com	Patients	1.00
EMAIL	schen@midwestmed.org	Patients	1.00
EMAIL	jobrien@gmail.com	Patients	1.00
EMAIL	mrodriguez@texashealth.net	Patients	1.00
EMAIL	rwashington@email.com	Patients	1.00

Deployment Methods

Method	Target	Credentials	Status
WinRM NTLM	WinServer 2022 (.20)	administrator / vagrant	WORKING
atsvc DCERPC	Win10 Desktop (.15)	labuser / LabPass123!	WORKING
MSSQL + Presidio	localhost:14330	sa / GreySecDBTest1!	WORKING
PowerShell Script	C:\phi_test\	N/A (agentless)	WORKING

GreySec PHI Scanner — Full Pipeline Report

Executive Summary

WinServer 2022 (192.168.68.20) — PHI_seed/ (Seeded)

Win10 Desktop (192.168.68.15) — Real PHI (Pre-existing)

MSSQL GreySecPHI (localhost:14330) — Seeded PHI in DB

Deployment Methods