A systems administrator at a medical imaging company discovers protected health information (PHI) on a general

purpose file server. Which of the following steps should the administrator take NEXT?

A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2

B. Immediately encrypt all PHI with AES 256

C. Delete all PHI from the network until the lega

l department is consulted

D. Consult the legal department to determine legal requirements