It is incredibly important to create measures to reduce risk in data security. In this article, I will share how highly sensitive data belonging to tens of thousands of people was discovered on hard drives sold on eBay.
The Brighton, UK hospital was fined £325,000 by The Information Commissioner’s Office (ICO). The ICO said the fine for Brighton and Sussex University Hospitals NHS Trust, was the highest it had ever imposed, according to the BBC.
How Could This Data Security Risk Happen?
“The data breach occurred when an individual working for the trust’s IT service provider, Sussex Health Informatics Service (HIS), was told to destroy approximately 1,000 hard drives at Brighton General Hospital,” the article said.
“A data recovery company bought four hard drives from a seller on eBay, who had purchased them from the individual (working for the service provider). The ICO said the trust was unable to explain how the individual removed at least 252 of the hard drives that were supposed to be destroyed from the hospital.”
The hospital took steps to secure the data. It hired a data security service to destroy approximately 1,000 drives. That didn’t stop the theft. One of the service company’s employees took 252 of the drives and sold them on eBay. All of the data still existed on the hard drives. Even though the hospital hired a service to destroy the drives, the hospital was fined 325,000 pounds.
The risk cost found in the US poses a similar financial threat. A recent Ponemon study by IBM Security found that:
- The US is the most expensive country for fines of $8.19 million per breach
- The average total cost of a data breach $3.9 million
- Healthcare is the costliest industry with fines of $6.45 million
- Cost per record lost is $150
- The average size of a data breach 25,575 records
What’s the solution?
The Brighton and Sussex University Hospitals NHS Trust resolved never to let this happen again. They purchased Garner’s SpaceSaver with IRONCLAD. The SpaceSaver is an all in one degauss, destroy and verify system for securing data. The system destroys all data, physically destroys the media, and generates an audit worthy report with JPG images of the media. The moral of this story is degauss, destroy and verify before the media leaves your facility.
To learn more about Garner, visit https://garnerproducts.com/.