# Data Quality Notebook

In [1]:
import pandas as pd
import matplotlib.pyplot as plt

## Load Dataset

In [2]:
file_path = '/Users/mayahbosworth/Desktop/security_breach_dataset.csv'

# on_bad_lines='skip' --> skip over lines that cause errors while parsing
df = pd.read_csv(file_path, on_bad_lines='skip', sep=None, engine='python')

df.head()

Unnamed: 0.1,Unnamed: 0,Number,Name_of_Covered_Entity,State,Business_Associate_Involved,Individuals_Affected,Date_of_Breach,Type_of_Breach,Location_of_Breached_Information,Date_Posted_or_Updated,Summary,breach_start,breach_end,year,Entity,Year.1,Records,Organization type,Method,Sources
0,1,0,Brooke Army Medical Center,TX,MedAssets,10000,10/16/2009,Theft,Paper,30/06/2014,A binder containing the protected health infor...,16/10/2009,01/10/2012,20090,Facebook,2011.0,unknown,web,hacked,[36]
1,2,10,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,9/22/2009,Theft,Network Server,30/05/2014,Five desktop computers containing unencrypted ...,22/09/2009,01/10/2012,20090,Facebook,2011.0,unknown,web,hacked,[36]
2,3,20,Alaska Department of Health and Social Services,AK,MedAssets,5010,10/12/2009,Theft,"Other Portable Electronic Device, Other",23/01/2014,"The covered entity (CE), Long Island Consultat...",12/10/2009,01/10/2012,20090,Facebook,2011.0,unknown,web,hacked,[36]
3,4,30,Health Services for Children with Special Need...,DC,MedAssets,38000,10/9/2009,Loss,Laptop,23/01/2014,A laptop was lost by an employee while in tran...,09/10/2009,01/10/2012,20090,Facebook,2011.0,unknown,web,hacked,[36]
4,5,40,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,9/27/2009,Theft,Desktop Computer,23/01/2014,A shared Computer that was used for backup was...,27/09/2009,01/10/2012,20090,Facebook,2011.0,unknown,web,hacked,[36]


## Drop Unnecessary Columns

In [3]:
columns_to_drop = ['Unnamed: 0', 'Number', 'breach_start', 'breach_end', 'year', 'Year.1', 'Records', 'Sources']
df_cleaned = df.drop(columns=columns_to_drop)
df_cleaned.head()

Unnamed: 0,Name_of_Covered_Entity,State,Business_Associate_Involved,Individuals_Affected,Date_of_Breach,Type_of_Breach,Location_of_Breached_Information,Date_Posted_or_Updated,Summary,Entity,Organization type,Method
0,Brooke Army Medical Center,TX,MedAssets,10000,10/16/2009,Theft,Paper,30/06/2014,A binder containing the protected health infor...,Facebook,web,hacked
1,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,9/22/2009,Theft,Network Server,30/05/2014,Five desktop computers containing unencrypted ...,Facebook,web,hacked
2,Alaska Department of Health and Social Services,AK,MedAssets,5010,10/12/2009,Theft,"Other Portable Electronic Device, Other",23/01/2014,"The covered entity (CE), Long Island Consultat...",Facebook,web,hacked
3,Health Services for Children with Special Need...,DC,MedAssets,38000,10/9/2009,Loss,Laptop,23/01/2014,A laptop was lost by an employee while in tran...,Facebook,web,hacked
4,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,9/27/2009,Theft,Desktop Computer,23/01/2014,A shared Computer that was used for backup was...,Facebook,web,hacked


## Missing Values

In [4]:
missing_values = df_cleaned.isnull().sum()
missing_values

Name_of_Covered_Entity              0
State                               0
Business_Associate_Involved         0
Individuals_Affected                0
Date_of_Breach                      0
Type_of_Breach                      0
Location_of_Breached_Information    0
Date_Posted_or_Updated              0
Summary                             0
Entity                              0
Organization type                   0
Method                              0
dtype: int64

In [5]:
rows_with_missing_values = df_cleaned[df_cleaned.isnull().any(axis=1)]
rows_with_missing_values

Unnamed: 0,Name_of_Covered_Entity,State,Business_Associate_Involved,Individuals_Affected,Date_of_Breach,Type_of_Breach,Location_of_Breached_Information,Date_Posted_or_Updated,Summary,Entity,Organization type,Method


In [6]:
df_cleaned = df_cleaned.dropna()

## Normalized Columns

In [7]:
df_cleaned.columns = df_cleaned.columns.str.strip().str.lower().str.replace(' ', '_')

In [8]:
df_cleaned.reset_index(inplace=True)
df_cleaned.rename(columns={'index': 'incident_id'}, inplace=True)

In [9]:
df_cleaned.head()

Unnamed: 0,incident_id,name_of_covered_entity,state,business_associate_involved,individuals_affected,date_of_breach,type_of_breach,location_of_breached_information,date_posted_or_updated,summary,entity,organization_type,method
0,0,Brooke Army Medical Center,TX,MedAssets,10000,10/16/2009,Theft,Paper,30/06/2014,A binder containing the protected health infor...,Facebook,web,hacked
1,1,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,9/22/2009,Theft,Network Server,30/05/2014,Five desktop computers containing unencrypted ...,Facebook,web,hacked
2,2,Alaska Department of Health and Social Services,AK,MedAssets,5010,10/12/2009,Theft,"Other Portable Electronic Device, Other",23/01/2014,"The covered entity (CE), Long Island Consultat...",Facebook,web,hacked
3,3,Health Services for Children with Special Need...,DC,MedAssets,38000,10/9/2009,Loss,Laptop,23/01/2014,A laptop was lost by an employee while in tran...,Facebook,web,hacked
4,4,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,9/27/2009,Theft,Desktop Computer,23/01/2014,A shared Computer that was used for backup was...,Facebook,web,hacked


## Convert to Date Time

In [10]:
df_cleaned['date_of_breach'] = pd.to_datetime(df_cleaned['date_of_breach'], errors='coerce', format='%m/%d/%Y')

df_cleaned['date_posted_or_updated'] = pd.to_datetime(df_cleaned['date_posted_or_updated'], errors='coerce', format='%d/%m/%Y')

In [11]:
df_cleaned

Unnamed: 0,incident_id,name_of_covered_entity,state,business_associate_involved,individuals_affected,date_of_breach,type_of_breach,location_of_breached_information,date_posted_or_updated,summary,entity,organization_type,method
0,0,Brooke Army Medical Center,TX,MedAssets,10000,2009-10-16,Theft,Paper,2014-06-30,A binder containing the protected health infor...,Facebook,web,hacked
1,1,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,2009-09-22,Theft,Network Server,2014-05-30,Five desktop computers containing unencrypted ...,Facebook,web,hacked
2,2,Alaska Department of Health and Social Services,AK,MedAssets,5010,2009-10-12,Theft,"Other Portable Electronic Device, Other",2014-01-23,"The covered entity (CE), Long Island Consultat...",Facebook,web,hacked
3,3,Health Services for Children with Special Need...,DC,MedAssets,38000,2009-10-09,Loss,Laptop,2014-01-23,A laptop was lost by an employee while in tran...,Facebook,web,hacked
4,4,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,2009-09-27,Theft,Desktop Computer,2014-01-23,A shared Computer that was used for backup was...,Facebook,web,hacked
...,...,...,...,...,...,...,...,...,...,...,...,...,...
1402,1402,UnitedHealth Group health plan single affiliat...,CA,MedAssets,10000,2012-01-11,Theft,Paper,2014-01-23,"The covered entity (CE), Long Island Consultat...",Zynga,social network,hacked
1403,1403,UnitedHealth Group health plan single affiliat...,CA,MedAssets,10000,2012-01-11,Theft,Paper,2014-01-23,"The covered entity (CE), Long Island Consultat...",Unknown agency(believed to be tied to United S...,financial,accidentally published
1404,1404,UnitedHealth Group health plan single affiliat...,CA,MedAssets,10000,2012-01-11,Theft,Paper,2014-01-23,"The covered entity (CE), Long Island Consultat...",National Health Information Center (NCZI) of S...,healthcare,poor security
1405,1405,UnitedHealth Group health plan single affiliat...,CA,MedAssets,10000,2012-01-11,Theft,Paper,2014-01-23,"The covered entity (CE), Long Island Consultat...",50 companies and government institutions,various,poor security


## Count Duplicates

In [12]:
duplicates = df_cleaned.duplicated().sum()
duplicates

0

## Summary Parsing

In [13]:
def classify_summary(text):
    categories = []
    text = text.lower()

    if any(keyword in text for keyword in ["name", "address", "phone number", "social security number", "ssn", "contact information"]):
        categories.append("Personal Information")
    if any(keyword in text for keyword in ["protected health information", "phi", "ephi", "medical record", "diagnosis", "treatment", "clinical information", "medication", "health information", "medical condition"]):
        categories.append("Health Information")
    if any(keyword in text for keyword in ["financial information", "credit card", "bank account", "payment", "insurance information", "medicare", "medicaid"]):
        categories.append("Financial Information")
    if any(keyword in text for keyword in ["password", "username", "login", "account", "credential"]):
        categories.append("Login Credentials")
    if any(keyword in text for keyword in ["email", "phone number", "contact information"]):
        categories.append("Contact Information")
    if any(keyword in text for keyword in ["encryption", "security", "alarm", "motion sensors", "safeguards", "passwords", "locked", "firewall"]):
        categories.append("Technical Safeguards")
    if any(keyword in text for keyword in ["training", "policy", "procedure", "retraining", "sanctioned", "corrective action"]):
        categories.append("Administrative Actions")

    return ", ".join(categories) if categories else "unclassified"

df_cleaned['summary'] = df_cleaned['summary'].apply(classify_summary)

df_cleaned.rename(columns={'summary': 'information_breached'}, inplace=True)

df_cleaned.head()

Unnamed: 0,incident_id,name_of_covered_entity,state,business_associate_involved,individuals_affected,date_of_breach,type_of_breach,location_of_breached_information,date_posted_or_updated,information_breached,entity,organization_type,method
0,0,Brooke Army Medical Center,TX,MedAssets,10000,2009-10-16,Theft,Paper,2014-06-30,"Personal Information, Health Information, Cont...",Facebook,web,hacked
1,1,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,2009-09-22,Theft,Network Server,2014-05-30,"Health Information, Financial Information, Log...",Facebook,web,hacked
2,2,Alaska Department of Health and Social Services,AK,MedAssets,5010,2009-10-12,Theft,"Other Portable Electronic Device, Other",2014-01-23,"Personal Information, Health Information, Tech...",Facebook,web,hacked
3,3,Health Services for Children with Special Need...,DC,MedAssets,38000,2009-10-09,Loss,Laptop,2014-01-23,"Personal Information, Health Information, Fina...",Facebook,web,hacked
4,4,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,2009-09-27,Theft,Desktop Computer,2014-01-23,"Personal Information, Health Information, Fina...",Facebook,web,hacked


## Display Dataframe

In [14]:
df_cleaned.head()

Unnamed: 0,incident_id,name_of_covered_entity,state,business_associate_involved,individuals_affected,date_of_breach,type_of_breach,location_of_breached_information,date_posted_or_updated,information_breached,entity,organization_type,method
0,0,Brooke Army Medical Center,TX,MedAssets,10000,2009-10-16,Theft,Paper,2014-06-30,"Personal Information, Health Information, Cont...",Facebook,web,hacked
1,1,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,2009-09-22,Theft,Network Server,2014-05-30,"Health Information, Financial Information, Log...",Facebook,web,hacked
2,2,Alaska Department of Health and Social Services,AK,MedAssets,5010,2009-10-12,Theft,"Other Portable Electronic Device, Other",2014-01-23,"Personal Information, Health Information, Tech...",Facebook,web,hacked
3,3,Health Services for Children with Special Need...,DC,MedAssets,38000,2009-10-09,Loss,Laptop,2014-01-23,"Personal Information, Health Information, Fina...",Facebook,web,hacked
4,4,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,2009-09-27,Theft,Desktop Computer,2014-01-23,"Personal Information, Health Information, Fina...",Facebook,web,hacked


## Statistics

In [15]:
df_cleaned.describe()

Unnamed: 0,incident_id,individuals_affected,date_of_breach,date_posted_or_updated
count,1407.0,1407.0,1261,1407
mean,703.0,229413.1,2011-12-09 01:37:03.949246720,2014-02-15 11:25:42.857143040
min,0.0,5000.0,1997-01-01 00:00:00,2014-01-23 00:00:00
25%,351.5,10000.0,2011-03-24 00:00:00,2014-01-23 00:00:00
50%,703.0,12980.0,2012-01-11 00:00:00,2014-01-23 00:00:00
75%,1054.5,45300.0,2012-09-13 00:00:00,2014-02-11 00:00:00
max,1406.0,49000000.0,2014-06-02 00:00:00,2014-06-30 00:00:00
std,406.310226,1976926.0,,


## Convert to CSV

In [17]:
df_cleaned.to_csv('cleaned_security_breach_dataset.csv', index=False)

In [19]:
df_cleaned.head()

Unnamed: 0,incident_id,name_of_covered_entity,state,business_associate_involved,individuals_affected,date_of_breach,type_of_breach,location_of_breached_information,date_posted_or_updated,information_breached,entity,organization_type,method
0,0,Brooke Army Medical Center,TX,MedAssets,10000,2009-10-16,Theft,Paper,2014-06-30,"Personal Information, Health Information, Cont...",Facebook,web,hacked
1,1,"Mid America Kidney Stone Association, LLC",MO,MedAssets,10000,2009-09-22,Theft,Network Server,2014-05-30,"Health Information, Financial Information, Log...",Facebook,web,hacked
2,2,Alaska Department of Health and Social Services,AK,MedAssets,5010,2009-10-12,Theft,"Other Portable Electronic Device, Other",2014-01-23,"Personal Information, Health Information, Tech...",Facebook,web,hacked
3,3,Health Services for Children with Special Need...,DC,MedAssets,38000,2009-10-09,Loss,Laptop,2014-01-23,"Personal Information, Health Information, Fina...",Facebook,web,hacked
4,4,"L. Douglas Carlson, M.D.",CA,MedAssets,52570,2009-09-27,Theft,Desktop Computer,2014-01-23,"Personal Information, Health Information, Fina...",Facebook,web,hacked


date_posted_or_updated out

method per entities
- join lost / stolen media, lost / stolen computer as physical stolen property
- join inside job, intentionally lost, inside job, hacked, rouge contracter, poor security / inside job as inside job
- join poor security, misconfiguration / poor security, poor security / hacked, improper setting / hacked, publically accessible Amazon Web Services (AWS) server, unprotected api, unsecured S3 bucket as poor security
- join accidentally published, accidentally exposed, accidentally uploaded, social engineering as human error
- join hacked, ransomware hacked as hacked

25

In [20]:
df_cleaned['method'].value_counts()

method
hacked                                                  1248
poor security                                             43
lost / stolen media                                       33
accidentally published                                    21
inside job                                                19
lost / stolen computer                                    16
unknown                                                    7
improper setting, hacked                                   2
poor security/inside job                                   2
intentionally lost                                         1
accidentally exposed                                       1
publicly accessible Amazon Web Services (AWS) server       1
hacked/misconfiguration                                    1
rogue contractor                                           1
ransomware hacked                                          1
misconfiguration/poor security                             1
unprotected api  