Many health care facilities will sell or otherwise dispose of used computer hardware. This can result in general release of confidential information on computer hard drives or other media. Computer media must be specifically cleared of information prior to being discarded.
Disposal of used equipment:
(1) given to selected employees
(2) sold to employees (first come, first serve; highest bid)
(3) sold to general public directly or through a reseller (EBAY; highest bid; inventory movers)
(4) donate to church, school or charity
While releasing equipment to an employee may seem relatively safe, access to a performance review or salary data can be disastrous for an organization. Release of a computer that contains pornography to a church or school could destroy any goodwill and would be highly embarrassing to the health facility management.
Manner of computer disposal:
(1) planned and organized release of a few computers
(2) partially controlled release of many computers
(3) massive release with little concern for security (as after layoffs or facility closure)
The more chaotic the disposal the more likely confidential information will be released. A higher price may be obtained if the buyer knows that the disk holds specific software tools.
Misconceptions about computer data:
(1) deleted files are deleted
(2) temporary files are temporary
(3) a disc overwritten once is absolutely safe
(4) media that has been partially destroyed is safe
(5) harm to a person or organization is proportionate to the amount of data released (one password is all it takes)
|
Level |
Data |
Access Requirements |
|
0 |
regular files |
no special tools or training; encrypted files take considerable time and effort to access |
|
1 |
temporary files |
some special training but required information easily available |
|
2 |
deleted files |
accessible with inexpensive software providing "undelete" commands |
|
3 |
retained data blocks |
requires advanced data recovery tools and special training |
|
4 |
vendor-hidden data |
requires knowledge of vendor-specific commands |
|
5 |
overwritten data |
requires highly specialized training and equipment; multiple overwritings can thwart |
Methods of sanitizing media:
(1) degauss with a Type I or Type II degausser (the disk may need to be reformatted with specialized commands or software, since all data on the disk will be removed)
(2) physically destroy (disintegrate, incinerate, pulverize, shred or melt)
(3) overwrite all addressable locations with a random character, overwrite again with the character's complement (reverse pattern of 1's and 0's), and then verify.
The same rules apply to any rewritable media. Nonmodifiable data such as write-once CDs must be physically destroyed to be absolutely safe.
