"Delete" is not enough

Disposing of redundant or obsolete computers comes with some potential pitfalls as the Dudley Group of Hospitals NHS Trust recently discovered.

The online journal E-Health Insider has reported that the hard drive of a computer owned by the Trust was sold on the auction website eBay with confidential patient data improperly wiped. The trust is now investigating how the computer part was made available online and also reviewing its own system for safely disposing of redundant IT equipment.

Practices looking to dispose of old PCs would be well advised to ensure that all sensitive data has been properly deleted from hard drives. This is not as simple as deleting files or putting them in the recycle bin. Deleting a file does not erase the file itself but only a record of where that file is stored. The file may still be retrieved with know-how.

Chance would have it that the Dudley hard disk was purchased from eBay by researchers from the University of Glamorgan School of Computing working on a BT-sponsored project investigating forensic data recovery methods. The research is intended to raise awareness of how easy it is to recover sensitive data when poor data-wiping processes are used. The researchers obtained 133 disks in the UK and analysed them using techniques accessible to anyone. The team found that 62% of the 75 hard disks still working contained sensitive data including company records, personal information and financial data.

Dr Andrew Blyth, principal lecturer at Glamorgan's School of Computing, was quoted in E-Health Insider as saying: "We are still in a situation where over 50% of the disks contain sensitive corporate and personal data and a significant amount contained names, CVs, addresses and phone numbers. With some, the information was so detailed that they could have had their identities stolen."

Specialist software is required to find uncatalogued pieces of information and overwrite them with random data. This should be done repeatedly to ensure that the original data is unrecoverable. There are also numerous companies that provide secure computer recycling or disposal with data destruction.

The Dudley Trust had an agreement with an outside contractor to wipe data and dispose of IT equipment but it is suspected that the computer from which the hard disk was taken may have been stolen.

ACTION: Practices should have a written policy on the destruction of records to ensure patient confidentiality. Data on computer hard disks cannot be destroyed by simply deleting files or reformatting the drive. Specialist software must be employed to overwrite drives with random data. Alternatively, the disk can be destroyed. Specialist security firms are available to undertake data disposal.