워드프레스에 오신 것을 환영합니다. 이것은 첫 게시물입니다. 수정하거나 삭제하고 글쓰기를 시작하세요!

Blog Data Erasure

Trends in Data Destruction

Advances in technology and the emergence of new data storage devices have led that data destruction has become a more complex issue because there are new aspects to it. This blog summarizes the current trends in data destruction.

The Emergence of New Data Storage Devices

Flash memory-based data storage devices with high capacity, small size, and fast data processing speed are now available. They have different physical properties than traditional magnetic hard drives. Even magnetic hard drives have changed—they have higher capacity and different physical properties than previous ones. Flash memory-based data storage devices exist in various forms, such as USB flash drives, external hard drives, etc. They are also built into laptops, tablets, and smartphones. In addition, large amounts of data are now stored in cloud systems, which sometimes need to be wiped clean as needs are. Data destruction processes need to be adapted to suit the newest data storage models.

New Media Sanitization Standard

As data storage devices diversify and technology advances, it is no longer possible to define a media sanitization method as a standard for all. In the United States, DoD 5220.22-M, which was recommended as the standard for disk-wiping algorithms, is officially no longer valid. NIST SP 800.88 Rev. 1, titled “Guidelines for Media Sanitization”, has taken its place. This document defines three categories of media sanitization: clear, purge, and destroy. It also provides minimum requirements and guidelines for each media sanitization category and each storage device. Every organization should refer to it to establish and implement its own media sanitization policies and procedures.

One-Pass Overwrite Is Sufficient

For the latest magnetic hard drives, the Guttman method (35-pass overwrites) and the DoD method (3- or 7-pass overwrites), which have long been recognized as international de facto standards, are no longer needed. Studies show that one-pass overwrite is sufficient. With the use of much higher density than in the past, the likelihood of recovering the original information using a magnetic force microscope is diminished. Indeed, there have been no reported cases of anyone using this manner to recover overwritten data. Nevertheless, many organizations are still using old overwrite standards, even though it seems like a ‘traditional ritual,’ which is an overkill.

Data Destruction Using Dedicated Sanitize Commands

Flash memory-based data storage devices, such as SSDs, provide dedicated sanitize commands which write and erase significantly faster than overwrite methods in magnetic hard drives. Overwriting flash-memory-based data storage devices dramatically shortens their lifespan. Also, the physical storage area that stores the actual data and the logical storage area that can be accessed by the software are distinct, so even if the software overwrites something on the drive, the old data may remain in a different area. The user needs to know the available commands for each storage device, to make sure every storage area of the device is wiped clean.

Cryptographic Erase (CE) Method

CE encrypts stored data and removes the encryption key, making the data irrecoverable. This process is faster and more efficient than erasing data, and CE is a good method to sanitize partial data in the cloud system as well. However, to use CE one must ensure that all encryption keys have been deleted completely and that all data has been encrypted. In addition, NIST SP 800.88 recommends that users consider the following when deciding whether to use CE: 1) whether encryption keys are generated in a proper manner, 2) whether the encryption the media to protect the data is strong enough, and 3) whether the security level of the encryption key and the wrapping technique are appropriate for the CE. In a nutshell, CE can be very efficient if used correctly, but it is difficult to verify that it has worked.

Limitations of Degaussing

A degausser cannot wipe out all storage devices. Flash-memory-based storage devices, for example, cannot take advantage of a degausser because their data is not damaged by magnetic shock. Some of the latest magnetic hard drives also have high coercivity, so data managers should make sure that their existing degausser actually works on the device they wish to erase.

Physical Destruction

The higher the density of a flash memory chip, the greater the chance of data recovery, unless it is shredded into pieces that are much smaller than the original device. In addition, since the flash memory chip is very hard, it is easy to damage the grinder, which may need a replacement of its parts or of the entire machine. Finally, physical destruction can generate harmful substances that must be handled carefully. Overall, the cost of physical destruction has been increasing.

The Importance of Software Wiping

NIST 800.88 recommends selecting a data erasure method according to three categories (clear, purge, and destroy) depending on the confidentiality of the data and whether the device is reused or controlled in the organization. As a result, organizations need to be selective and capable of different erasure methods, including software wiping, degaussing, and physical destruction.

It is widely recommended to have clearly defined software-wiping policies and procedures in an organization. For maximum security and convenience, organizations should undertake software wiping before reusing storage devices, even for devices that are slated for complete disposal. Outsourcing the entire data destruction process increases the likelihood of data leakage because the storage device must pass through the hands of several people before the data is erased completely. Thus, software wiping, which is less expensive than degaussing or physical destruction, is an essential requirement in an organization.

Secudrive Drive Eraser

Secudrive Drive Eraser provides suitable sanitization and verification methods for a variety of media. It provides ATA commands for SSDs as well as overwriting of magnetic disks. The hexadecimal view verifies the data before and after wiping. Furthermore, after the deletion, logs on computers, storage media, and wiping information are automatically generated. The logs can then be output as tamper-resistant reports and stored in various file formats for easy integration in the organization’s IT asset management system.

Blog Data Erasure

NIST SP 800-88 Summarized

NIST SP 800-88 Rev. 1, Guidelines for Media Sanitization, can be summarized as follows: 1) the purpose and scope of the document, 2) the new trends in storage media, sanitization technology, and associated issues, 3) three types of media sanitization, and 4) information sanitization and disposal decision making. This blog omits roles and responsibilities relating to media sanitization in an organization, which is contained in Chapter 3 of the document. In order to give you a general understanding of this document, this blog post is a brief summary. It is recommended to read the full guidelines if you want to understand it thoroughly.

What is NIST SP 800-88?

NIST (National Institute of Standards and Technologies) released its Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization, which was revised from its original edition of 2006. The guideline has been a new standard for media sanitization in organizations ranging from public to private, from the US to other countries. It is also known as ‘NIST SP 800-88,’ or ‘NIST 800-88.’

The objectives of the document: Guidelines, not a standard

Whereas ‘DoD wipe standard’ is a standard method for wiping hard disk drives, NIST 800-88 is simply guidelines for organizations. The guidelines cover media from papers to servers and sanitization methods from overwrite to shredding. The article states that the objective is “to assist with decision making when media require disposal, reuse, or will be leaving the effective control of an organization. Organizations should develop and use local policies and procedures in conjunction with this guide to make effective, risk-based decisions on the ultimate sanitization and/or disposition of media and information.”

New Trends of Media Sanitization

You can shred paper to sanitize it. However, the sanitization of electronic storage media is more complex. In particular, new technological methods are needed for sanitizing emerging storage media.

1) The emergence of flash memory-based storage media: With the advent of flash memory-based storage media with higher capacity than conventional magnetic storage, overwrite is not sufficient for sanitizing them. Thus, the old DoD Standard is no longer valid for all media. This is one of the main reasons why the media sanitization method is becoming more complex as well.

2) Dedicated Sanitize Commands: Flash memory-based storage media are recommended to be sanitized by using dedicated sanitize commands. You should use the correct commands for your particular media (consult your vendor to find the right commands). 

3) The threat to degaussing: New magnetic storage also may have higher coercivity due to technological advances. Existing degaussers may not be suitable for them. Check with your degausser and storage media vendor to see if your current process is adequate.

4) The threat to physical destruction: The higher the density of flash memory, the smaller the size of the shredded particles needed for the physical destruction of it. Additionally, the increased hardness of the media may cause inadvertent damage to the grinder.

5) Cryptographic Erase(CE): New media often supports CE. CE is a very efficient way to prevent data recovery. It only sanitizes the encryption key, leaving the data encrypted in the storage. However, the disadvantage is that it is difficult to verify the sanitization, so it must be applied carefully.

Three categories of Media Sanitization

This document defines three categories of media sanitization:

1) Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).

2) Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques

3) Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.

Appendix A, Minimum Sanitization Recommendations for each media type, states that ‘clear’ can be accomplished by software wiping, ‘purge’ can be done by software wiping and degaussing, and ‘destroy’ can be physical destruction, for most magnetic media and flash memory-based storage devices.

Information Sanitization and Disposal Decision Making

The document offers suggestions for how to choose one of the above technique categories for sanitizing and disposing of media. (See the below flow chart.)

Figure: Sanitization and Disposition Decision Flow(Source: NIST SP 800-88, p.17)

1) Information Decisions in the System Life Cycle: You should consider how to sanitize data at the start of system development. The sanitization method depends on the type of storage device. The document recommends organizations to request a ‘statement of volatility’ of the device from the product vendor.

2) Determination of Security Categorization: Early in the system life cycle, you should determine the level of confidentiality of the information according to FIPS 199, NIST SP 800-60 Rev.1, or CNSSI 1253. This security categorization should be regularly updated and applied throughout the system’s life every three years or any time a significant change occurs in the system.

3) Determination of Reuse of Media: The sanitization method may vary depending on whether the media is reused or recycled.

4) Determination of control of media: The method of sanitization depends on whether the media is still within the organization’s control or whether it has been donated, resold, or disposed of externally.

5) Data protection level: For example, even within an organization, if two departments have different access rights to the information, you might need to sanitize the device that stored the information when it moves from one department to another.

6) Verification: You must verify that the sanitization has been completed properly. You can use both the full verification and the verification of the representative sample. The verification method should be selected carefully according to the technique used for the sanitization method and types of media. Appendix A offers verification methods for some media.

7) Documentation: Detailed information about the sanitized media, the sanitization method, verification method, and worker information should be documented and stored.

The appendices

The appendices of this document are full of practical information as follows: 1) The minimum sanitization recommendations for each media, 2) tools and resources relating to media sanitization, 3) cryptographic erase device guidelines, 4) device-specific characteristics of interest, and 5) a sample “certificate of sanitization” form.


In conclusion, the document is intended to help organizations make decisions to establish policies and procedures on how to sanitize the media. It also provides detailed minimum requirements and checklists on how to achieve three different types of sanitization, such as clear, purge, and destroy, depending on the nature of the media. Therefore, according to the guidelines presented in the document, organizations should create media sanitization policies and procedures to abide by the specific data protection regulations that organizations should follow. However, it is challenging for general users to obtain all the characteristics of all storage media from vendors and to have the verification method as the guidelines suggest.

Sanitization software can automatically adopt suitable wiping methods for specific media as well as provide automatic verification methods. Secudrive Drive Eraser provides suitable sanitization and verification methods for a variety of media. It provides ATA commands for SSDs as well as overwrite for magnetic disks. The hexadecimal view verifies the data before and after wiping. Furthermore, after the deletion, logs such as computers, storage media, and wiping information are automatically generated. The logs can then be output as tamper-resistant reports and stored in various file formats for easy integration with the organization’s IT asset management system. For more, see our blog post on how to use Secudrive Drive Eraser for HIPAA compliance.

Blog Data Erasure

The DoD 5220.22-M Wipe Method And Its Applications

The DoD 5220.22-M data wipe method has long been widely used by organizations as a standard for data erasure. This blog discusses what DoD 5220.22-M is, recent issues relating to it, and its applications.

What is DoD 5220.22-M? 

The DoD 5220.22-M data wipe method is a software-based process to overwrite existing information on a hard drive or other storage with patterns of ones and zeros to make the original data irrecoverable. 

This method is typically implemented in the following manner:

  • Pass 1: Writes all addressable segments of the hard disk drive (HDD) with a zero
  •  Pass 2: Writes all addressable segments of the HDD with a one
  • Pass 3: Writes all addressable segments of the HDD with a random character
  • Verify the final pass

History of DoD 5220.22-M

In 1995, the above DoD 3-pass method for data erasure was first published in US Department of Defense document #5220.22-M. In 2001, a 7-pass method, DoD 5220.22-M ECE, was added in a DoD memo. The most recent version, released in 2006, no longer specified the standard data erasure method. Thus, in other words, both the usual 3- and enhanced 7-pass methods are not accepted by the US Department of Defense anymore. 

However, ‘the DoD wipe method’ is still the most common method of erasing data that many public institutions and companies around the world trust and use.

Why DoD 5220.22-M no longer specifies the standard

The emergence of new media

Conventional magnetic hard disks have matching physical-logical addresses. That is, the logical address specified when writing data to an HDD corresponds to the physical location on the disk platter of the HDD. However, this is no longer true for flash memory-based storage devices. Such a device typically has at least 20 percent or more physical capacity than its logical one. Further, the device’s firmware opaquely determines where data are written physically, for the technical characteristics of flash-memory. As a result, remnant data may be available to a sophisticated attacker even after overwriting on the entire storage has been performed. Therefore, many Solid State Drive (SSD)-based storage media support dedicated wipe commands, whereas the software-based overwrite method can only be used for magnetic type hard drives.

A single overwriting is very likely sufficient

some researchers have demonstrated that a single overwriting is enough to prevent data from being recovered (Gordon Hughes and Tom Coughlin, Craig Wright et al). Due to technological advances, the one-pass method is recognized as being sufficient, improving the efficiency of sanitizing operation by saving time. Finally, in 2014, NIST SP 800-88 Rev. 1 states that “for storage device containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” Not everyone agrees on this approach, and many still prefer to overwrite several times. However, it is also true that the consciousness of having to overwrite three or seven times has disappeared.

Guidelines for Media Sanitization

NIST special publication 800-88 revision 1, Guidelines for media sanitization’ was released in 2014. The guidelines reflect more up-to-date media and sanitization technologies and also provide more detailed consideration of all sanitization methods such as wiping, degaussing, and physical destruction according to each media as well. Since 2014, regulations have cited the guidelines rather than the DoD standard. 

Guidelines for Media Sanitization by NIST

The guidelines have become a comprehensive standard for data erasure in the US since their publication. They define three categories of media sanitization as follows: 

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage devices. (wiping)

– Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques. (wiping, degaussing)

– Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data. (physical destruction)

The guidelines provide detailed media sanitization methods that meet the characteristics of each storage media for each category. According to the confidentiality level of stored data, organizations should prepare and implement policies and procedures by combining wiping, degaussing, and physical destruction for media sanitization, when they reuse or dispose of the media.

How to wipe all

The DoD 5022.22-M data wipe method is still the most widely used approach. It can often still be required by an organization’s policy or regulations. The method still works for HDDs, although it may be overkill. Sometimes, however, the method, as well as any other data wipe method based on overwrite, has an apparent limit for flash memory-based storage devices, including SSDs. SSDs must be erased using dedicated firmware command, according to the NIST guideline. 

Secudrive Drive Eraser supports ATA (Advanced Technology Attachment) command for SSD sanitization as well as more than 20 international erasure standard algorithms including the DoD standard for magnetic hard disk wiping. It also provides logs and reports, which may be used later to confirm that a storage device has indeed been sanitized by a specific method. The logs and reports can be easily integrated with IT asset management systems. As a result, Secudrive Drive Eraser helps you easily to abide by the Guidelines for Media Sanitization in the system life cycle.

Blog Data Erasure

Data Destruction for HIPAA compliance

The HIPAA (The Health Insurance Portability and Accountability Act) strictly regulates covered entities not to disclose PHI (Protected Health Information) to the unauthorized public, in the process of the creation, storage, transmission of PHI.

PHI includes almost all information on a patient:

1)     any identifying information about a patient as an individual, including his or her name, phone number, email address, social number, health insurance subscriber number, credit card information, photographs, etc.

2)     a patient’s medical information, including medical conditions, prescriptions, x-ray image, blood test report, etc.

Noncompliance may result in fines that range between $100 and $50,000 per violation “of the same provision” per the calendar year. Many OCR (The Office of Civil Rights) HIPAA settlements have resulted in fines of over $1 million. The largest settlement as of September 2016 was for $5.5 million, levied against Advocate Health Care, stemming from several breaches that affected a total of 4 million individuals.

Many cite ‘Improper Disposal of PHI’ as one of the top 10 most common HIPAA violations.

Employees inadvertently throw away documents in the trash, or dispose of USB drives, external hard drives, or computers, causing frequent PHI leaks.

PHI printed on paper can be easily disposed of by shredding in a document shredder. However, complete deleting ePHI (electronic Protected Health Information), PHI stored in a computer, is not simple: Even if you run ‘delete’ or ‘format’ command to erase the information on Windows, the information can be easily recovered.  Besides, the storage device stores the most information just before disposal, so if you dispose of the device without data destruction, you will encounter a tremendous amount of information leakage accident.

Standard §164.310(d)(1) Device and Media Controls, in HHS HIPAA Security Series 3: Security Standards – Physical Safeguards, regulates that covered entity must “implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored,” and “implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use.” It also gives three methods of ePHI data destruction, as examples, for the data to be unusable and/or inaccessible: erasure software, degaussing, and physical destruction.

Secudrive Drive Eraser can completely erase data stored on computer hard drives, USB flash drives, external hard drives, and SSDs, as one of the erasure software solutions. The solution supports about 23 international standard algorithms. The software comes in a USB flash drive, plugging the USB flash drive into the computer and clicking the executable file makes the data deletion process very easy. It’s easy enough for non-IT professionals to run it on Windows. The results of data wiping are saved back to USB in the form of logs and reports. You can use tamper-proof reports as evidence of HIPAA compliance.

Data destruction service providers often perform degaussing and physical destruction methods because of physical tasks such as removing the hard disk from the computer. If you outsource the service, there is a risk of loss or theft during shipping or storage. It cost relatively expensive as well. Secudrive Drive Eraser could be one of the best options due to cost-effectiveness as well as security.

Blog Data Erasure

Disk Wiping Vs. Physical Destruction

Data wiping with Secudrive Drive Eraser makes it logically unrecoverable by repeatedly overwriting zeros, ones, or random numbers on the disk where the original data resided. It uses internationally recognized standard data erasure algorithms so that it can be recognized as completely deleted, just like physical destruction. Therefore, it allows you to comply with various data protection regulations with that companies and organizations must comply.

Data wiping with Secudrive Drive Eraser is 1) more cost-effective, 2) more secure, and 3) more convenient for management than physical destruction.

Secudrive Drive Eraser

Physical Destruction





Reusable, Resellable



Temper-Proof Report



On User’s Desks


Where to erase

Move After Erase

Move and Destruction

Data Breach Risk


Relatively High During 

Integrated with
IT Asset Management

Easy Integration with


  • Secudrive Drive Eraser can wipe drives separately stored in a warehouse, too. However, Secudrive recommends wiping before moving machines to a warehouse to improve security.

More cost-effective: wiped drives can be resold, reused, or donated.

You can resell, reuse, or donate wiped hard drives, while physical destruction makes the hard drive industrial waste. It is also common that the price of erasure software is generally significantly lower than the cost of physical destruction services. Besides, It is eco-friendly because it does not cause industrial waste, including toxic substances.

More secure: fewer handlers, fewer locations, and tamper-proof reports enhance security

Companies use data destruction service providers for physical destruction. IT department collects disposed computers that still have the unwiped date and store them in an inhouse warehouse or somewhere. Then a data destruction service provider moves the machines into a workplace with physical destruction equipment like a shredder. Then workers at data destruction service companies punch or shred the disks or computers. Since physical destruction is cumbersome to be done in the company’s office, the data is inevitably destroyed after carrying by various hands through various places. Possibility of theft or loss, in other words, data leakage risk, increases.

Recently, more and more companies have introduced data wiping instead of physical destruction for data destruction. Secudrive Drive Eraser is easy enough for the companies to be done in the office. Even general users can wipe their own disks by themselves on their desks, or IT personnel can wipe computers gathered to an in-house IT department. Security vulnerabilities are much reduced by minimizing the number of transfers, storage, and related parties.

Finally, it is convenient to record data destruction operations. It is essential to record data destruction to prepare for post audits under various security regulations. Pictures or videos are the only way to record physical destruction work. There is also the possibility of forgery and alteration. However, the wiping software automatically collects information on computer, disk, and erasure operation. It also creates tamper-proof reports.

Integrated management

IT managers can manage disk wiping operations remotely with the logs and reports. The logs and reports can also be easily integrated with the company’s asset management solution.


A New Secure Data Erasure Solution for Businesses, Secudrive Drive Eraser

We launched Secudrive Drive Eraser, a new USB-type secure data erasure solution for businesses, into the market on July 21.

Secudrive Drive Eraser is an improvement and a replacement of existing Secudrive Sanitizer Portable. The new solution provides a more convenient user interface and user-friendly functions for various applications from small businesses to large enterprises or data destruction service companies.

Easy Operation. Secudrive Drive Eraser makes it possible to completely erase all data, including the operating system by running the .exe file in Windows login state. This feature enables even general users, not IT specialists, to completely wipe their computer themselves. After wiping the computers, businesses can freely dispose of, reuse, or resell them without having to worry about data leakage. Not many vendors provide this feature.

One for all. Secudrive Drive Eraser can also wipe computers piled up in storage without a network connection. It provides USB booting and CLI (Command Line Interface) mode to erase Windows, Linux, Mac in various situations. USB flash drives, external hard drives, and SSD (Solid State Drive) connected to the PC can be wiped as well. For wiping SSDs, it supports the ‘Secure Erasure’ function to protect the life of SSDs. We provide this feature as a default.

High-speed erasure operation. You can erase multiple PCs at the same time: You insert the USB flash drive into the target PC to run the erase program. After starting the program, you can unplug it from the PC and plug it into another PC to perform another erasing operation. Once you have set up your company’s standard erase operation for the first time, you will be able to do it without any additional setup. Also, if multiple drives are connected to one PC, they can be wiped in parallel to maximize the erase speed.

Convenient add-ons. Before erasing, it shows estimated operation time according to the selected drive and algorithm.  It provides a %-type S.M.A.R.T. index to check if the drive can be reused and a hexadecimal view to verify the operation.

Logs and Reports. Finally, once the erase operation is completed, the log is saved to USB and managed collectively. It is possible to trace the operation history according to each operator. Secudrive Drive Eraser also provides tamper-proof reports on computer information, drive information, and erase operation information. You can export reports as HTML, CSV, or pdf files to integrate with enterprise asset management systems and prepare for post-audits.

NEWS Press Release

SECUDRIVE to exhibit at GISEC 2019 in Partnership with Ras Infotech

One of the biggest cyber security vendors in South Korea, Secudrive is participating in GISEC 2019 from April 1 to 3 in Dubai, UAE. Secudrive once again will be teaming up with RAS Infotech, its biggest partner and cyber security marketplace in the MENA region. GISEC 2019 will be Secudrive’s first international appearance this year, kicking off its series of participation in global cyber security events. Secudrive is visiting Dubai for the sixth time—previous five have been to GITEX Technology Week. This is Secudrive’s first time participating in GISEC, an event that is more oriented to cyber security. Ras Infotech and Secudrive are looking forward to meeting many professionals and executives from diverse industries at GISEC 2019.

Secudrive and Ras Infotech will promote Secudrive’s mainstay solutions for File Server Security with DRM and USB Drive Security & Remote Management. These two solutions have been received positively by various customers in the MENA region. Visitors will be able to learn more about them with live demo and thorough explanations provided by experts from Secudrive and Ras Infotech,

Secudrive joins RAS Infotech at the stand A10, located at Hall 8 of Dubai World Trade Centre. All visitors are welcome to experience Secudrive solutions first hand with live demo by Secudrive experts. Moreover, Secudrive sales team will also be present to discuss more about customers’ needs and requirements, and how Ras Infotech and Secudrive can help to establish solid data security architecture throughout the data life cycle.


5 Technological Measures to Prevent HIPAA Violations Caused by Insiders

HIPAA compliance to protect patient health information (PHI) on physical or electronic media is essential for healthcare organizations. Failing to comply with HIPAA threatens organizations’ financials due to potentially heavy fines—ranging from $100,000 to $16,000,000 in total fine per entity, depending on its nature and gravity—and the reputation due to broken trust of patients who feel that their information may be in danger.

Failure to comply with HIPAA can be classified as typical data breach incidents since it involves confidential data being exposed accidentally or maliciously by internal or external factors. However, HIPAA violations show distinct characteristic when discussing their causes: insider breaches are a major problem in healthcare, yet many insider breaches go undetected. According to Protected Health Information Data Breach Report by Verizon, 58% of incidents involved insiders—healthcare is the only industry in which internal actors are the biggest threat to an organization.

Insiders in healthcare can be labeled as individuals with authorization to access healthcare resources that include electronic medical records, networks, email accounts, or documents containing PHI. Unfortunately, some healthcare insiders are known to be unaware of the HIPAA rules and the repercussions for breaching the rules. A healthcare survey by Veriphyr, HIPAA compliance solution developer, found that 35% of healthcare “insiders” had snooped into medical records of fellow employees, and 27% had accessed the medical records of family and friends. Here are some of the eye-opening, insider-involved HIPAA violation that caused organizations considerable damage.

  1. A health organization was fined $3,000,000 for making ePHI-containing files accessible over the internet without the need for a username or password after it accidentally removed the protection on servers. ePHI of 62,500 patients were exposed.
  2. A private dermatology clinic group was fined $150,000 and required to install a corrective action plan for losing an unencrypted USB drive that contained protected ePHI.
  3. A cardiology group paid $100,000 settlement for disclosing surgical and clinical appointments for patients on the cloud-based, internet-accessible calendar.
  4. A surgeon at UCLA School of Medicine was sentenced to 4 months in prison and fined $2,000 after he illegally accessed medical records system over 300 times, viewing ePHI of his colleagues and high-profile celebrities.

These cases show that HIPAA violations caused by insiders happen without the organizations suspecting, under their noses. In a review of 306 data breaches in healthcare, shown to be caused by insiders, 48% were financially motivated, and 31% were motivated by fun or curiosity, according to the Verizon report. Interestingly, another 10% were motivated by convenience. When insiders do something that will make it easier for them to get their work done, it also carries a possibility of putting confidential ePHI at risk.

To prevent these insider-caused violations, organizations follow the three safeguards—administrative, physical, and technological—of the HIPAA Security Rule. Among the three, technological safeguards are considered to be most difficult, thus making organizations focus on the administrative and physical safeguards instead for these reasons below.

  1. For healthcare staff, protection of ePHI and other HIPAA-related issues are not as important as their daily routine; they may make unethical or careless choices that lead to HIPAA violations.
  2. IT security gaps in healthcare are difficult to reduce, due to the complex combination of past and future—large volume of accumulated data, legacy medical or information processing systems, and implementation of the modern technologies.
  3. Following all three safeguards is expensive, and not all organizations can cover the costs, especially the smaller, local clinics or other health care businesses. Therefore, organizations may opt to prioritize in educating and training the staff about HIPAA and ePHI protection.

Common administrative and physical safeguards include organizations conducting thorough background checks when hiring new staff or contractors, holding periodic training programs to educate their employees about HIPAA and to instruct them to report suspicious activities, or limiting physical access to data points (PCs, mobile devices, medical equipment, and more).

However, there are instances for which these two safeguards cannot fully prepare—employees forgetting the rules, human mistakes, outside influences, and more. Therefore, organizations must look to technological safeguards and implement appropriate measures that will be added to aforementioned administrative and physical safeguards. Identifying the right measures is not easy for all organizations, especially for the smaller ones. Then what are the appropriate measures that will help healthcare organizations of all sizes prevent insider-caused HIPAA violations?

  1. Access control to sensitive ePHI – Giving minimum privileges for employees is the best way to ensure that none of ePHI gets into the hands of irrelevant individuals. One of the most well-known data security principles, ‘the principle of least privilege’ or PoLP in short, should be the key focus. PoLP involves implementing encryption on folders and files that contain ePHI, meaning that only the people with correct encryption keys can access those confidential files.
  2. Limiting the usage of sensitive ePHI – In addition to careful control of access to ePHI, organizations must look to integrate the second layer of defense that will ‘stop’ insiders from illegally deleting, copying, or stealing the ePHI while using it. The core data security solution is digital rights management (DRM), a commonly used solution in various organizations and industries. DRM is a response to a potentially critical scenario where trusted employees with access to ePHI turn rogue, whether driven by financial or personal motivation.
  3. Password and authentication management – Organizations must have a solid password policy that dictates specific requirements regarding password difficulty and update frequency. High password difficulty protects ePHI from not only hackers but also the employees who might be snooping around. With the added security of two-factor authentication, organizations can enforce enhanced password policy.
  4. Monitoring and auditing of employee activities – When employees access and use ePHI, it is difficult to differentiate whether they are doing so with legitimate reasons or malicious intent. HIPAA demands organizations to collect system and event logs regarding the actions taken on computer systems like operating systems, office computers, electronic health record (EHR) systems, printers, routers, and more. With the logs in check, organizations can preemptively detect anomalies to prevent insiders from causing HIPAA violations. Furthermore, audits can be performed to maintain the HIPAA-compliant security level and to identify wrongdoers if HIPAA violations have occurred.
  5. Data minimization through destruction  Essentially, less data means less possibility of HIPAA violation. Organizations can achieve data minimization by enforcing responsible data destruction policy—if certain ePHI is no longer required, or is requested to be deleted by patients, it must be completely deleted. For PHI on electronic media, HIPAA requires more than simple deletion commands or disk formatting: certified data overwriting, and disk degaussing or physical destruction are the three major data destruction methods.

Insider-caused HIPAA violations are a clear and present danger for healthcare organizations, and the common approach to tackle such danger have been only about educating the employees or practicing policies through legal documents. However, when insiders access or use ePHI, their actions are unpredictable and even worse, wrongdoings may not go undetected, under the nose of the organizations. Therefore, it is highly recommended that technological measures, which will actually ‘stop’ insiders from causing HIPAA violations, are enforced.

With so many data security solutions available in the market, organizations can find it hard to implement technological measures that fit their needs and requirements. With the five appropriate measures listed above, organizations can set HIPAA-compliant data security architecture that can respond to insider threats that may be undetectable and unpredictable.


HIPAA Security and Compliance: Three Safeguards

The Health Insurance Portability and Accountability Act, or HIPAA, is a legislation which provides security provisions and data privacy, to keep patients’ medical information safe. It came into effect in 1996, but 2005 was when the notion of electronic patient health information, or ePHI, and the protection thereof was introduced. In 2005, HIPPA security rules were laid down in the form of three security safeguards – administrative, physical, and technical – which must be observed for HIPAA compliance. With the data volume and monetary value of ePHI growing exponentially, and cybersecurity issues looming large on a global scale, understanding these safeguards has become mandatory for all companies in medical and healthcare industries.

What is HIPAA Security Rule?

U.S. Department of Health and Human Services defines the Security Rule as “national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity.”

As medical and healthcare industries – just as any other industries – go electronic in handling PHI for higher efficiency and productivity, the security risks involving the ePHI grow multiply. Therefore, HIPAA Security Rule was imposed as an extension to the Privacy Rule of the equivalent legislation, stating that all ePHI must be properly secured from unauthrozied access, whether the data is at rest or in motion. Furthermore, the fundamentals of Security Rule are based on the flexibility, scalability, and technology neutrality to encourage as many companies as possible to improve ePHI protection against various threats from inside and out. Thus the companies are allowed the adequate time to identify the needs and to adopt new technologiesfor the betterment of patient care and the safety of ePHI. To comply with the HIPAA Security Rule, companies are required to implement the three distinct, yet closely related types of safeguards that may sound ambiguous at first: administrative, physical, and technical.

Administrative Safeguards

“…administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”

The administrative safeguards cover over half of the HIPAA security requirements, focusing on the execution of security practices for the protection of ePHI. The administrative safeguards implement policies that prevent, detect, contain, and correct security violations. Moreover, they should be understood as the foundation of the Security Rule, as the companies are better off to tailor their HIPAA security measures by working around these five following safeguards.

  1. Security management process – identification and analysis of potential risks to ePHI, and subsequent implementation of security measures to reduce or, even better, eliminate those risks to a reasonable and appropriate level.
  2. Security personnel – designation of qualified individual for responsibilities regarding development and implementation of security policies for ePHI security.
  3. Information access management – enforcement of policies and procedures that limit the uses and disclosures of ePHI to a level of “minimum necessary.”
  4. Workforce training and management – provision of training for and management of workforce responsible for handling of ePHI, and appropriate sanctions against violation of the policy and procedures.
  5. Evaluation – periodic assessment on the companies’ ability to meet the HIPAA requirements through the security policies and procedures

By laying down a solid administrative groundwork for ePHI security and HIPAA compliance, companies can establish an organization-wide policies and procedures that dictate data security and the action plan to follow should the unexpected breaches occur.

Physical Safeguards

“…physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”

From physician’s home PC to designated data centers for university hospitals, ePHI resides in various electronic assets and media. Physical safeguards are the implementation standards to physical access to information systems, equipment, and facilities:

  1. Facility access and control – limitation of physical access to facilities that contain ePHI, with the exception of authorized access.
  2. Workstation and device security – implementation of policies and procedures regarding workstations and electronic media, in addition to the transfer, removal, disposal, and re-use of them for the appropriate protection of ePHI.

These physical safeguards, combined with the administrative and technical safeguards, work to ensure that ePHI are neither tempered on nor leaked through thousands of devices and assets.

Technical Safeguards

“…the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”

Perhaps the most talked-about of all, the technical safeguards are the final pieces of HIPAA Security Rule. One of the fundamental concepts of the HIPAA Security Rule is technology neutrality, which means that the rule does not require companies to adopt specific technologies. Thus the companies independently identify and satisfy their specific ePHI security needs based on these specific safeguards:

  1. Access control – implementation of technical policies and procedures for access only by authorized personnel.
  2. Audit controls – implementation of technical mechanisms to record and examine access and other activities in systems that contain or use ePHI.
  3. Integrity controls – implementation of policies and procedures, as well as technical measures, to ensure that ePHI is not improperly altered or destroyed.
  4. Transmission security – implementation of technical measures that restrict unauthorized access to ePHI in motion over electronic network.

Applied to all ePHI, the technology safeguards help companies to regulate ePHI access, use, and transmission – in other words, technical safeguards aim to protect ePHI at times where it is at most vulnerable state. Not limited to mandatory measures specified by governing authorities, companies can implement their own measures suitable for the companies’ size, industry, ePHI data volume, and etc. With growing concerns for cybersecurity threats, it is no surprise that technical safeguards are extremely crucial for medical and healthcare organizations, as well as cybersecurity companies.

Modern technologies provide efficiency and productivity when handling patient information electronically and that naturally lead to better care for patients; however, it is a double-edged sword. ePHI keeps growing in volume and value, and it attracts interests from not only companies but also cybercriminals. Thus HIPAA Security Rule was enforced to protect sensitive patient information from inherent security risks of the digital world. However, it is no easy task to meet the requirements of safeguards, and noncompliance of HIPAA ranges between $100 and $50,000 per violation. Therefore, companies must make ePHI security as a part of their daily routine and continuously monitor the situation to avoid any legal circumstances.