Many companies have sensitive information to worry about, and as such should be vigilant about hard drive destruction. However, hospitals and other health care companies have special legal obligations when it comes to the safety of their data. Unfortunately, many health care companies are unaware that destroying data is not a simple matter of physically destroying a hard drive and throwing it into the trash.
What’s on a hard drive?
Any given computer in your hospital contains a mountain of sensitive customer data. This includes names, dates of birth, addresses, phone numbers, financial information, insurance information, and medical records, the latter of which is protected under the Health Insurance Portability and Accountability Act (HIPAA). This information doesn’t just live in computers; it can be found in surprising places. Some of it could be stored in the memories of fax machines, copy machines, and even medical or lab equipment. It is more valuable than most hospitals assume.
How can criminals exploit hospital hard drives that have not been professionally wiped?
The obvious answer is identity theft. Any given hard drive on your hospital gives a criminal access to thousands of new identities which thieves can sell on the black market or use directly. On a hospital computer, this data is even juicier; these thieves gets access to everything needed to commit health insurance fraud.
Criminals can also use this data in blackmailing schemes. Even if you are convinced your hospital is secure, you should be concerned about your employees and patients’ privacy. Criminals can often use data found in one location to “unlock” data in other locations, opening a window into an individual’s personal life.
How much can a data breach cost your hospital?
In 2014, two health care organizations wound up paying $4.8 million for HIPAA violations. They failed to protect customer data and were held accountable for that fact. In this case, physicians made a different kind of data mistake; the physician involved attempted to deactivate a personally owned computer server without the technical safeguards required. This allowed patients’ personal information to be viewed online. If you fail to destroy your hard drives properly, you could face a law suit that’s just as costly. Breach reports are incredibly common, so don’t let your hospital become the next horror story.
Why isn’t it enough to physically destroy the hard drive?
Physically destroying the hard drive only renders some of the data inaccessible. There are plenty of readers capable of recovering information from damaged hard drives. In fact, there are entire businesses devoted to this. In most cases, they exist to help people who damage their equipment by mistake, but in the wrong hands, the technology can be used for criminal gain. Even drilling holes in the hard drive is not adequate.
“Deleted” data is never truly gone. Operating systems like Microsoft Windows keep track of file location through pointers, which are present in every file and folder. These pointers tell Windows the beginning and end of the data. The pointer is removed when the file or folder is deleted, and the sectors that contained the data is marked as available. At that point, it is considered to be free space by the operating system. Until the available space is overwritten however, the data can still be recovered.
What’s the best way to prevent a data breach?
The best way to prevent a data breach is to go to a qualified data destruction company like ours. Our company has the technology and the expertise to make sure your data is gone for good. We also provide you with documentation that proves you have done everything in your power to meet HIPAA obligations, documentation which could be invaluable in the event of a law suit. We strive to offer the best hard drive destruction services available, so give us a call today!
“Destroying information on a hard drive isn’t easy“; Published on December 4, 2015 by Elizabeth Weise for USA Today. Obtained June 11, 2016.
“HTG Explains: Why Deleted Files Can Be Recovered and How You Can Prevent It“; Published on September 29, 2015 by Chris Hoffman for How-To Geek. Obtained June 11, 2016.
“Data breach results in $4.8 million HIPAA settlements“; Published by the U.S. Department of Health & Human Services on May 7, 2014. Obtained June 11, 2016.