Brent Amyette over at ShredDisk wanted to perform an experiment to determine just how well data was being protected by those selling used equipment, so he purchased a used server off of the online site, Craigslist.
He then brought the server to us and we examined it. The three hard drives had previously been in a RAID array, but had been formatted and broken apart into three separate drives. Then an operating system (Windows XP) had been loaded onto one of the three drives.
Using a file recovery application, we then ran it on the three individual drives and managed to recover approximately 100,000 files from the previous installation.
This particular server was from a medical system in Texas, so were under the assumption that either the data would be totally unrecoverable due to some sort of “secure wipe” or “DoD” erase taking place before disposal, however, that was not the case at all. The data was easily retrieved and what we found was simply frightening!
We opened a few log files, attempting to determine versions of software applications, and it turns out those log files were transaction logs, possibly from their patient management system, and though it was easy to see the names of patients, social security numbers, dates of birth, street addresses and phone numbers. These logs contained the typical information one would be asked during the intake procedure at a hospital. Nature of the visit, what led up to the issue, medical history, etc.
Without giving details, there were people who had visited for physical and sexual abuse, sexual infections, digestive problems, etc. Extremely personal information about these people’s lives….
Brent had contacted WYFF and they did a segment on the news about this… You can find it HERE.
The moral of this story is – if you are charged with disposing of an old computer, server, hard drive, or backup media, consider having it professionally destroyed… And by destroyed, I mean, physically destroyed! ShredDisk can provide those services at very reasonable rates and can do it at your facility!
For the record, the hard drives contained in the medical system’s server have been shredded now. So fortunately, that information did not fall into the wrong hands.
Maybe you should ask your medical and legal providers how THEY dispose of their old drives and equipment. It could be your records at risk!
Comments 1
Pingback: Hard drive stolen from Miami's Upper Valley Medical Center #encryption #dataloss #privacy