Two articles that I came across today highlight the serious risk of poor data destruction procedures.
The National Health Service in Surrey (UK) has been fined £200,000 (about US$300,000) for failing to completely remove patient data from recycled PCs – some of which ended up on an online auction site. The problem was spotted when a member of the public purchased one of these PCs via the auction site and discovered that it contained sensitive patient data relating to 900 adults and 2000 children.
The problem seems to have occurred when the NHS Surrey’s IT team decided to use a contractor offering to delete the data for free in return for the rights to re-sell the salvaged equipment, rather than their usual, approved contractor. The officer responsible for information governance wasn’t consulted, and the IT team didn’t obtain a written contract for the work, or oversee the actual data destruction. All-in-all, a complete breakdown of security procedures.
Then, a couple of days ago, the Texas Health Harris Methodist Hospital Fort Worth said that it would be notifying hundreds of thousands of former patients whose personal information turned up in a Dallas park instead of being destroyed by a contractor. The breach involved about 277,000 records stored on microfiche and covering the period from 1980 to 1990. The data included names, addresses, birth dates, health information and, in some cases, Social Security numbers. Although the data is about 30 years old, there’s still enough in there to be of concern to the affected parties. And there’s also the additional challenge of contacting people when you only have a 30-year old mailing address.
Once again, it appears that the breach resulted from problems with a contractor employed to destroy the data (although details are still sketchy).
These two examples are from different ends of the technology spectrum – hard disk drives and 30-year old microfiche. As information security professionals, we spend a lot of time ensuring that currently-used data and systems are kept confidential, and working at all times. But destruction of data when no longer needed is just as critical, and the increasingly wide range of technologies used to store the data will only serve to make things more difficult in years to come.
For more information about these data breaches, see: