The Risk You Take

Highly sensitive personal data belonging to tens of thousands of people, including some relating to HIV and Genito Urinary Medicine patients, was discovered on hard drives sold on eBay. 

The Brighton, UK hospital was fined £325,000 by The Information Commissioner’s Office (ICO). The ICO said the fine, for Brighton and Sussex University Hospitals NHS Trust, was the highest it had ever imposed, according to the BBC. 

How Could This Happen?

“The data breach occurred when an individual working for the trust’s IT service provider, Sussex Health Informatics Service (HIS), was told to destroy approximately 1,000 hard drives at Brighton General Hospital,” the article said.

“A data recovery company bought four hard drives from a seller on eBay, who had purchased them from the individual (working for the service provider). The ICO said the trust was unable to explain how the individual removed at least 252 of the hard drives that were supposed to be destroyed from the hospital.”

The hospital took steps to destroy the data. It hired a service to destroy approximately 1,000 drives. But that didn’t stop the theft. One of the service company’s employees took 252 of the drives and sold them to a person who then sold the drives on eBay.  All of the data was left intact on the hard drives.  Even though the hospital hired a service to destroy the drives, the hospital was still fined 325,000 pounds.  

Sadly, this situation is all too familiar in the UK and in the US. A recent Ponemon study by IBM Security found that: 

  • The US is the most expensive country for fines of $8.19 million per breach
  • The average total cost of a data breach $3.9 million
  • Healthcare is the costliest industry with fines of $6.45 million
  • Cost per record lost is $150
  • The average size of a data breach 25,575 records

What’s the solution?

The Brighton and Sussex University Hospitals NHS Trust resolved never to let this happen again and purchased Garner’s SpaceSaver degaussing system with IRONCLAD, Garner’s exclusive integrated Erasure and Destruction Verification system. The SpaceSaver destroys all data on hard drives and tapes; physically destroys hard drives and solid-state media; and uses IRONCLAD to generate a proof of erasure and  destruction report. The moral of this story is degauss before the media leaves your facility. 

To learn more about Garner, visit https://garnerproducts.com/.