If you are not concerned about the sensitive data still on your old office hard drive, you should be.
Hybrid IT Group deals with many HIPAA covered entities and data security is one of our focuses. Finding data on an old hard drives from a PC is generally very easy, even if you think that you have deleted the files and emptied the recycle bin. If you plan on disposing of your computer and simply deleted word documents from the recycle bin, those files still exist on the computer.
The least expensive method for securely wiping a hard drive that Hybrid IT Group suggests is using DBAN open source data wiping software. Contact Hybrid IT Group for our degaussing solutions.
Why data files are recoverable
Although deleting a file in windows and emptying the recycle bin may not display the file in file explorer any longer, the data still exists on the hard drive. Windows uses a system similar to the old library card catalog system. In this system there is an index, the card catalog, and the actual file, the book on the shelf. Imagine removing the index card from the card catalog, but never going out to the shelves and physically removing the book. Anyone can browse the shelves and still find the physical book which still exists. Similar process exists with a Windows file system. When you think you have removed a file from Windows, all that has happened is the index pointer to the file has been removed and the operating system marks the index that this location is free to be used again. Until new data is stored at that exact location on the hard drive those files are recoverable.
To recover data off of a functioning old hard drive, a person only needs a SATA to USB cable costing about $12. Using this cable, connect the old drive to a windows machine and it shows up like a USB thumb drive. Using one of many free deleted file recovery tools, all the files you thought where deleted can be found and recovered.
Sensitive data is everywhere
Your word or excel files are not the only places sensitive data is stored. In the case of MS Office or Office 365, there are temporary files which may contain backup recovery copies of what have been working on. The location of these files varies on how MS Office or Office 365 has been configured. Most people forget about their browser data with saved site username and passwords. Since most people use the same username and password combinations, your on-line sensitive data is now vulnerable too. Since there are too many programs and places sensitive data is stored and recoverable from, Hybrid IT Group always suggests to securely wipe the entire drive.
What is securely wiping a hard drive
See our DBAN instructions on how to securely wipe a drive. These instructions will visually guide you through the actual process.
Since even your deleted data is recoverable, what we want to do is make sure to ‘shred’ you digital data. Hybrid IT Group’s degaussing solution is hardware based, so it is different and is applicable to large volumes of hard drives. For just a few hard drives, a free solution is to use DBAN open source data wipe. Data is stored on a hard drive in binary, which is a series of ones and zeros. Quite literally this software will write to every over the entire drive 1s and then 0 to every single sector. A hard drive ‘sector’ is the technical term for the addressable data storage places on a hard drive. This software will loop through the entire drive based on how many passes you instruct it to do. The more passes, the more the past data is ‘shredded’. This is time consuming since the entire disk must me written to over and over again; the larger the disk, the longer it takes. Industry standards says that seven passes renders data unrecoverable to any recover process. Seven passes of a large drive will take hours, so unless you are protecting launch codes, just a couple of passes will do for general use.
HIPAA covered entities are required to keep a hardware inventory list and verify data integrity. Part of Hybrid IT Group’s HIPAA process is to track hardware through to being decommissioned and wiped. You do not need expensive sophisticated software to track this, a notebook with the required information is better than being negligent and not tracking the information at all. When you securely wipe the drive, at a minimum, record its serial number and the date the drive was wiped. The organization should have a written procedure for this process.
Hard Drives and Solid State Drives are Different
This recommendation is for hard drives with magnetic media. Newer ‘SSD’ solid state drives are completely different. Since the storage method of SSD vs HDD is different, the method to dispose of an SSD is different.