Skip to main content

Overview

  • What it Does: PII/PHI Scanning automatically detects and identifies Personally Identifiable Information (PII) and Protected Health Information (PHI) in your codebase. It scans source code, configuration files, and documentation to find sensitive data patterns like credit card numbers, social security numbers, email addresses, medical records, and other personal information that could pose privacy and compliance risks.
  • Who it’s For: This feature is designed for security teams, compliance officers, developers, and organizations that handle sensitive personal data. It’s particularly valuable for healthcare organizations, financial institutions, e-commerce platforms, and any business that must comply with privacy regulations like GDPR, HIPAA, CCPA, or PCI DSS.

Key Features and Benefits

  • Comprehensive Data Detection: Identifies over 50 types of sensitive information including:
    • Personal identifiers (SSN, passport numbers, driver’s license)
    • Financial data (credit card numbers, bank account numbers, IBAN)
    • Contact information (email addresses, phone numbers, addresses)
    • Medical information (patient IDs, medical record numbers, diagnosis codes)
    • Government identifiers (tax IDs, national IDs, military IDs)
    • Biometric data (fingerprints, facial recognition data)
    • Authentication credentials (passwords, API keys, tokens)
  • Multi-Language Support: Scans both code and text files across a wide range of supported languages and file types.
  • False Positive Detection: After detecting PII in the codebase, we run the results through our AI-powered false positive detection system to minimize the number of inaccurate findings.

How to Access

Prerequisites

  • Project must contain source code files to scan
  • Appropriate permissions to run security scans
  • Access to the scanning service

Usage Guide

Key Workflows

  1. Automated Scanning: The system automatically scans new code commits and pull requests
  2. Manual Scanning: Initiate on-demand scans for specific files or directories
  3. Batch Processing: Scan entire codebases for comprehensive privacy audits
  4. Continuous Monitoring: Set up scheduled scans to catch new sensitive data as it’s added
  5. Issue Tracking: Automatically create and track remediation tasks for detected issues

Supported Data Types

The PII/PHI scanner detects the following categories of sensitive information:
  • Personal Identifiers: SSN, passport numbers, driver’s license, national ID
  • Financial Information: Credit card numbers, bank accounts, routing numbers, IBAN
  • Contact Details: Email addresses, phone numbers, physical addresses
  • Medical Data: Patient IDs, medical record numbers, diagnosis codes, prescription data
  • Government Data: Tax IDs, military IDs, government employee numbers
  • Authentication: Passwords, API keys, access tokens, private keys
  • Biometric Data: Fingerprints, facial recognition data, voice patterns
  • Location Data: GPS coordinates, device identifiers

Multi-Project Example

Healthcare Application:
├── patient-portal/
│   ├── src/
│   │   ├── patient-data.js      ✓ Patient records
│   │   ├── billing-api.py       ✓ Payment information
│   │   └── auth-service.go      ✓ Authentication tokens
│   ├── config/
│   │   └── database.yml         ✓ Connection strings
│   └── docs/
│       └── api-spec.md          ✓ API documentation
├── admin-dashboard/
│   └── src/
│       └── user-management.js   ✓ Admin credentials
└── mobile-app/
    └── src/
        └── location-service.js  ✓ GPS coordinates

Severity Classification

  • Critical: Highly sensitive data (SSN, credit cards, medical records) exposed in production code
  • High: Personal identifiers or financial data in development/test environments
  • Medium: Contact information or location data that could be aggregated
  • Low: Public information or properly anonymized data

Examples

Example 1: Credit Card Detection

// ❌ High Risk - Credit card number in code
const paymentData = {
  cardNumber: "4111-1111-1111-1111",
  expiryDate: "12/25",
  cvv: "123"
};

// ✅ Safe - Masked or tokenized data
const paymentData = {
  cardToken: "tok_1234567890",
  lastFour: "1111"
};

Example 2: Email Address Handling

# ❌ Medium Risk - Email in configuration
DATABASE_CONFIG = {
    "host": "db.example.com",
    "user": "admin@company.com",
    "password": "secret123"
}

# ✅ Safe - Environment variables
DATABASE_CONFIG = {
    "host": os.getenv("DB_HOST"),
    "user": os.getenv("DB_USER"),
    "password": os.getenv("DB_PASSWORD")
}

Example 3: Medical Data Protection

// ❌ Critical Risk - Patient data in code
public class PatientRecord {
    private String patientId = "P12345";
    private String diagnosis = "Diabetes Type 2";
    private String ssn = "123-45-6789";
}

// ✅ Safe - Proper data handling
public class PatientRecord {
    private String patientToken = generateSecureToken();
    private String diagnosisCode = "E11.9"; // ICD-10 code
    private String maskedSsn = "***-**-6789";
}

Additional Resources