Categories
Blog Data Erasure

Trends in Data Destruction

Advances in technology and the emergence of new data storage devices have led that data destruction has become a more complex issue because there are new aspects to it. This blog summarizes the current trends in data destruction.

The Emergence of New Data Storage Devices

Flash memory-based data storage devices with high capacity, small size, and fast data processing speed are now available. They have different physical properties than traditional magnetic hard drives. Even magnetic hard drives have changed—they have higher capacity and different physical properties than previous ones. Flash memory-based data storage devices exist in various forms, such as USB flash drives, external hard drives, etc. They are also built into laptops, tablets, and smartphones. In addition, large amounts of data are now stored in cloud systems, which sometimes need to be wiped clean as needs are. Data destruction processes need to be adapted to suit the newest data storage models.

New Media Sanitization Standard

As data storage devices diversify and technology advances, it is no longer possible to define a media sanitization method as a standard for all. In the United States, DoD 5220.22-M, which was recommended as the standard for disk-wiping algorithms, is officially no longer valid. NIST SP 800.88 Rev. 1, titled “Guidelines for Media Sanitization”, has taken its place. This document defines three categories of media sanitization: clear, purge, and destroy. It also provides minimum requirements and guidelines for each media sanitization category and each storage device. Every organization should refer to it to establish and implement its own media sanitization policies and procedures.

One-Pass Overwrite Is Sufficient

For the latest magnetic hard drives, the Guttman method (35-pass overwrites) and the DoD method (3- or 7-pass overwrites), which have long been recognized as international de facto standards, are no longer needed. Studies show that one-pass overwrite is sufficient. With the use of much higher density than in the past, the likelihood of recovering the original information using a magnetic force microscope is diminished. Indeed, there have been no reported cases of anyone using this manner to recover overwritten data. Nevertheless, many organizations are still using old overwrite standards, even though it seems like a ‘traditional ritual,’ which is an overkill.

Data Destruction Using Dedicated Sanitize Commands

Flash memory-based data storage devices, such as SSDs, provide dedicated sanitize commands which write and erase significantly faster than overwrite methods in magnetic hard drives. Overwriting flash-memory-based data storage devices dramatically shortens their lifespan. Also, the physical storage area that stores the actual data and the logical storage area that can be accessed by the software are distinct, so even if the software overwrites something on the drive, the old data may remain in a different area. The user needs to know the available commands for each storage device, to make sure every storage area of the device is wiped clean.

Cryptographic Erase (CE) Method

CE encrypts stored data and removes the encryption key, making the data irrecoverable. This process is faster and more efficient than erasing data, and CE is a good method to sanitize partial data in the cloud system as well. However, to use CE one must ensure that all encryption keys have been deleted completely and that all data has been encrypted. In addition, NIST SP 800.88 recommends that users consider the following when deciding whether to use CE: 1) whether encryption keys are generated in a proper manner, 2) whether the encryption the media to protect the data is strong enough, and 3) whether the security level of the encryption key and the wrapping technique are appropriate for the CE. In a nutshell, CE can be very efficient if used correctly, but it is difficult to verify that it has worked.

Limitations of Degaussing

A degausser cannot wipe out all storage devices. Flash-memory-based storage devices, for example, cannot take advantage of a degausser because their data is not damaged by magnetic shock. Some of the latest magnetic hard drives also have high coercivity, so data managers should make sure that their existing degausser actually works on the device they wish to erase.

Physical Destruction

The higher the density of a flash memory chip, the greater the chance of data recovery, unless it is shredded into pieces that are much smaller than the original device. In addition, since the flash memory chip is very hard, it is easy to damage the grinder, which may need a replacement of its parts or of the entire machine. Finally, physical destruction can generate harmful substances that must be handled carefully. Overall, the cost of physical destruction has been increasing.

The Importance of Software Wiping

NIST 800.88 recommends selecting a data erasure method according to three categories (clear, purge, and destroy) depending on the confidentiality of the data and whether the device is reused or controlled in the organization. As a result, organizations need to be selective and capable of different erasure methods, including software wiping, degaussing, and physical destruction.

It is widely recommended to have clearly defined software-wiping policies and procedures in an organization. For maximum security and convenience, organizations should undertake software wiping before reusing storage devices, even for devices that are slated for complete disposal. Outsourcing the entire data destruction process increases the likelihood of data leakage because the storage device must pass through the hands of several people before the data is erased completely. Thus, software wiping, which is less expensive than degaussing or physical destruction, is an essential requirement in an organization.

Secudrive Drive Eraser

Secudrive Drive Eraser provides suitable sanitization and verification methods for a variety of media. It provides ATA commands for SSDs as well as overwriting of magnetic disks. The hexadecimal view verifies the data before and after wiping. Furthermore, after the deletion, logs on computers, storage media, and wiping information are automatically generated. The logs can then be output as tamper-resistant reports and stored in various file formats for easy integration in the organization’s IT asset management system.

Categories
Blog Data Erasure

NIST SP 800-88 Summarized

NIST SP 800-88 Rev. 1, Guidelines for Media Sanitization, can be summarized as follows: 1) the purpose and scope of the document, 2) the new trends in storage media, sanitization technology, and associated issues, 3) three types of media sanitization, and 4) information sanitization and disposal decision making. This blog omits roles and responsibilities relating to media sanitization in an organization, which is contained in Chapter 3 of the document. In order to give you a general understanding of this document, this blog post is a brief summary. It is recommended to read the full guidelines if you want to understand it thoroughly.

What is NIST SP 800-88?

NIST (National Institute of Standards and Technologies) released its Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization, which was revised from its original edition of 2006. The guideline has been a new standard for media sanitization in organizations ranging from public to private, from the US to other countries. It is also known as ‘NIST SP 800-88,’ or ‘NIST 800-88.’

The objectives of the document: Guidelines, not a standard

Whereas ‘DoD wipe standard’ is a standard method for wiping hard disk drives, NIST 800-88 is simply guidelines for organizations. The guidelines cover media from papers to servers and sanitization methods from overwrite to shredding. The article states that the objective is “to assist with decision making when media require disposal, reuse, or will be leaving the effective control of an organization. Organizations should develop and use local policies and procedures in conjunction with this guide to make effective, risk-based decisions on the ultimate sanitization and/or disposition of media and information.”

New Trends of Media Sanitization

You can shred paper to sanitize it. However, the sanitization of electronic storage media is more complex. In particular, new technological methods are needed for sanitizing emerging storage media.

1) The emergence of flash memory-based storage media: With the advent of flash memory-based storage media with higher capacity than conventional magnetic storage, overwrite is not sufficient for sanitizing them. Thus, the old DoD Standard is no longer valid for all media. This is one of the main reasons why the media sanitization method is becoming more complex as well.

2) Dedicated Sanitize Commands: Flash memory-based storage media are recommended to be sanitized by using dedicated sanitize commands. You should use the correct commands for your particular media (consult your vendor to find the right commands). 

3) The threat to degaussing: New magnetic storage also may have higher coercivity due to technological advances. Existing degaussers may not be suitable for them. Check with your degausser and storage media vendor to see if your current process is adequate.

4) The threat to physical destruction: The higher the density of flash memory, the smaller the size of the shredded particles needed for the physical destruction of it. Additionally, the increased hardness of the media may cause inadvertent damage to the grinder.

5) Cryptographic Erase(CE): New media often supports CE. CE is a very efficient way to prevent data recovery. It only sanitizes the encryption key, leaving the data encrypted in the storage. However, the disadvantage is that it is difficult to verify the sanitization, so it must be applied carefully.

Three categories of Media Sanitization

This document defines three categories of media sanitization:

1) Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).

2) Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques

3) Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.

Appendix A, Minimum Sanitization Recommendations for each media type, states that ‘clear’ can be accomplished by software wiping, ‘purge’ can be done by software wiping and degaussing, and ‘destroy’ can be physical destruction, for most magnetic media and flash memory-based storage devices.

Information Sanitization and Disposal Decision Making

The document offers suggestions for how to choose one of the above technique categories for sanitizing and disposing of media. (See the below flow chart.)

Figure: Sanitization and Disposition Decision Flow(Source: NIST SP 800-88, p.17)

1) Information Decisions in the System Life Cycle: You should consider how to sanitize data at the start of system development. The sanitization method depends on the type of storage device. The document recommends organizations to request a ‘statement of volatility’ of the device from the product vendor.

2) Determination of Security Categorization: Early in the system life cycle, you should determine the level of confidentiality of the information according to FIPS 199, NIST SP 800-60 Rev.1, or CNSSI 1253. This security categorization should be regularly updated and applied throughout the system’s life every three years or any time a significant change occurs in the system.

3) Determination of Reuse of Media: The sanitization method may vary depending on whether the media is reused or recycled.

4) Determination of control of media: The method of sanitization depends on whether the media is still within the organization’s control or whether it has been donated, resold, or disposed of externally.

5) Data protection level: For example, even within an organization, if two departments have different access rights to the information, you might need to sanitize the device that stored the information when it moves from one department to another.

6) Verification: You must verify that the sanitization has been completed properly. You can use both the full verification and the verification of the representative sample. The verification method should be selected carefully according to the technique used for the sanitization method and types of media. Appendix A offers verification methods for some media.

7) Documentation: Detailed information about the sanitized media, the sanitization method, verification method, and worker information should be documented and stored.

The appendices

The appendices of this document are full of practical information as follows: 1) The minimum sanitization recommendations for each media, 2) tools and resources relating to media sanitization, 3) cryptographic erase device guidelines, 4) device-specific characteristics of interest, and 5) a sample “certificate of sanitization” form.

Conclusion

In conclusion, the document is intended to help organizations make decisions to establish policies and procedures on how to sanitize the media. It also provides detailed minimum requirements and checklists on how to achieve three different types of sanitization, such as clear, purge, and destroy, depending on the nature of the media. Therefore, according to the guidelines presented in the document, organizations should create media sanitization policies and procedures to abide by the specific data protection regulations that organizations should follow. However, it is challenging for general users to obtain all the characteristics of all storage media from vendors and to have the verification method as the guidelines suggest.

Sanitization software can automatically adopt suitable wiping methods for specific media as well as provide automatic verification methods. Secudrive Drive Eraser provides suitable sanitization and verification methods for a variety of media. It provides ATA commands for SSDs as well as overwrite for magnetic disks. The hexadecimal view verifies the data before and after wiping. Furthermore, after the deletion, logs such as computers, storage media, and wiping information are automatically generated. The logs can then be output as tamper-resistant reports and stored in various file formats for easy integration with the organization’s IT asset management system. For more, see our blog post on how to use Secudrive Drive Eraser for HIPAA compliance.

Categories
Blog Data Erasure

The DoD 5220.22-M Wipe Method And Its Applications

The DoD 5220.22-M data wipe method has long been widely used by organizations as a standard for data erasure. This blog discusses what DoD 5220.22-M is, recent issues relating to it, and its applications.

What is DoD 5220.22-M? 

The DoD 5220.22-M data wipe method is a software-based process to overwrite existing information on a hard drive or other storage with patterns of ones and zeros to make the original data irrecoverable. 

This method is typically implemented in the following manner:

  • Pass 1: Writes all addressable segments of the hard disk drive (HDD) with a zero
  •  Pass 2: Writes all addressable segments of the HDD with a one
  • Pass 3: Writes all addressable segments of the HDD with a random character
  • Verify the final pass

History of DoD 5220.22-M

In 1995, the above DoD 3-pass method for data erasure was first published in US Department of Defense document #5220.22-M. In 2001, a 7-pass method, DoD 5220.22-M ECE, was added in a DoD memo. The most recent version, released in 2006, no longer specified the standard data erasure method. Thus, in other words, both the usual 3- and enhanced 7-pass methods are not accepted by the US Department of Defense anymore. 

However, ‘the DoD wipe method’ is still the most common method of erasing data that many public institutions and companies around the world trust and use.

Why DoD 5220.22-M no longer specifies the standard

The emergence of new media

Conventional magnetic hard disks have matching physical-logical addresses. That is, the logical address specified when writing data to an HDD corresponds to the physical location on the disk platter of the HDD. However, this is no longer true for flash memory-based storage devices. Such a device typically has at least 20 percent or more physical capacity than its logical one. Further, the device’s firmware opaquely determines where data are written physically, for the technical characteristics of flash-memory. As a result, remnant data may be available to a sophisticated attacker even after overwriting on the entire storage has been performed. Therefore, many Solid State Drive (SSD)-based storage media support dedicated wipe commands, whereas the software-based overwrite method can only be used for magnetic type hard drives.

A single overwriting is very likely sufficient

some researchers have demonstrated that a single overwriting is enough to prevent data from being recovered (Gordon Hughes and Tom Coughlin, Craig Wright et al). Due to technological advances, the one-pass method is recognized as being sufficient, improving the efficiency of sanitizing operation by saving time. Finally, in 2014, NIST SP 800-88 Rev. 1 states that “for storage device containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” Not everyone agrees on this approach, and many still prefer to overwrite several times. However, it is also true that the consciousness of having to overwrite three or seven times has disappeared.

Guidelines for Media Sanitization

NIST special publication 800-88 revision 1, Guidelines for media sanitization’ was released in 2014. The guidelines reflect more up-to-date media and sanitization technologies and also provide more detailed consideration of all sanitization methods such as wiping, degaussing, and physical destruction according to each media as well. Since 2014, regulations have cited the guidelines rather than the DoD standard. 

Guidelines for Media Sanitization by NIST

The guidelines have become a comprehensive standard for data erasure in the US since their publication. They define three categories of media sanitization as follows: 

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage devices. (wiping)

– Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques. (wiping, degaussing)

– Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data. (physical destruction)

The guidelines provide detailed media sanitization methods that meet the characteristics of each storage media for each category. According to the confidentiality level of stored data, organizations should prepare and implement policies and procedures by combining wiping, degaussing, and physical destruction for media sanitization, when they reuse or dispose of the media.

How to wipe all

The DoD 5022.22-M data wipe method is still the most widely used approach. It can often still be required by an organization’s policy or regulations. The method still works for HDDs, although it may be overkill. Sometimes, however, the method, as well as any other data wipe method based on overwrite, has an apparent limit for flash memory-based storage devices, including SSDs. SSDs must be erased using dedicated firmware command, according to the NIST guideline. 

Secudrive Drive Eraser supports ATA (Advanced Technology Attachment) command for SSD sanitization as well as more than 20 international erasure standard algorithms including the DoD standard for magnetic hard disk wiping. It also provides logs and reports, which may be used later to confirm that a storage device has indeed been sanitized by a specific method. The logs and reports can be easily integrated with IT asset management systems. As a result, Secudrive Drive Eraser helps you easily to abide by the Guidelines for Media Sanitization in the system life cycle.

Categories
Blog Data Erasure

Data Destruction for HIPAA compliance

The HIPAA (The Health Insurance Portability and Accountability Act) strictly regulates covered entities not to disclose PHI (Protected Health Information) to the unauthorized public, in the process of the creation, storage, transmission of PHI.

PHI includes almost all information on a patient:

1)     any identifying information about a patient as an individual, including his or her name, phone number, email address, social number, health insurance subscriber number, credit card information, photographs, etc.

2)     a patient’s medical information, including medical conditions, prescriptions, x-ray image, blood test report, etc.

Noncompliance may result in fines that range between $100 and $50,000 per violation “of the same provision” per the calendar year. Many OCR (The Office of Civil Rights) HIPAA settlements have resulted in fines of over $1 million. The largest settlement as of September 2016 was for $5.5 million, levied against Advocate Health Care, stemming from several breaches that affected a total of 4 million individuals.

Many cite ‘Improper Disposal of PHI’ as one of the top 10 most common HIPAA violations.

Employees inadvertently throw away documents in the trash, or dispose of USB drives, external hard drives, or computers, causing frequent PHI leaks.

PHI printed on paper can be easily disposed of by shredding in a document shredder. However, complete deleting ePHI (electronic Protected Health Information), PHI stored in a computer, is not simple: Even if you run ‘delete’ or ‘format’ command to erase the information on Windows, the information can be easily recovered.  Besides, the storage device stores the most information just before disposal, so if you dispose of the device without data destruction, you will encounter a tremendous amount of information leakage accident.

Standard §164.310(d)(1) Device and Media Controls, in HHS HIPAA Security Series 3: Security Standards – Physical Safeguards, regulates that covered entity must “implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored,” and “implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use.” It also gives three methods of ePHI data destruction, as examples, for the data to be unusable and/or inaccessible: erasure software, degaussing, and physical destruction.

Secudrive Drive Eraser can completely erase data stored on computer hard drives, USB flash drives, external hard drives, and SSDs, as one of the erasure software solutions. The solution supports about 23 international standard algorithms. The software comes in a USB flash drive, plugging the USB flash drive into the computer and clicking the executable file makes the data deletion process very easy. It’s easy enough for non-IT professionals to run it on Windows. The results of data wiping are saved back to USB in the form of logs and reports. You can use tamper-proof reports as evidence of HIPAA compliance.

Data destruction service providers often perform degaussing and physical destruction methods because of physical tasks such as removing the hard disk from the computer. If you outsource the service, there is a risk of loss or theft during shipping or storage. It cost relatively expensive as well. Secudrive Drive Eraser could be one of the best options due to cost-effectiveness as well as security.

Categories
Blog Data Erasure

Disk Wiping Vs. Physical Destruction

Data wiping with Secudrive Drive Eraser makes it logically unrecoverable by repeatedly overwriting zeros, ones, or random numbers on the disk where the original data resided. It uses internationally recognized standard data erasure algorithms so that it can be recognized as completely deleted, just like physical destruction. Therefore, it allows you to comply with various data protection regulations with that companies and organizations must comply.

Data wiping with Secudrive Drive Eraser is 1) more cost-effective, 2) more secure, and 3) more convenient for management than physical destruction.

Secudrive Drive Eraser

Physical Destruction

Data

Unrecoverable

Unrecoverable

Device

Reusable, Resellable

Trash

Record

Temper-Proof Report

Photo/Video

Workplace*

On User’s Desks

Warehouse

Where to erase

Move After Erase

Move and Destruction

Data Breach Risk

Minimum

Relatively High During 
Moving/Storage

Integrated with
IT Asset Management

Easy Integration with
logs

None

  • Secudrive Drive Eraser can wipe drives separately stored in a warehouse, too. However, Secudrive recommends wiping before moving machines to a warehouse to improve security.

More cost-effective: wiped drives can be resold, reused, or donated.

You can resell, reuse, or donate wiped hard drives, while physical destruction makes the hard drive industrial waste. It is also common that the price of erasure software is generally significantly lower than the cost of physical destruction services. Besides, It is eco-friendly because it does not cause industrial waste, including toxic substances.

More secure: fewer handlers, fewer locations, and tamper-proof reports enhance security

Companies use data destruction service providers for physical destruction. IT department collects disposed computers that still have the unwiped date and store them in an inhouse warehouse or somewhere. Then a data destruction service provider moves the machines into a workplace with physical destruction equipment like a shredder. Then workers at data destruction service companies punch or shred the disks or computers. Since physical destruction is cumbersome to be done in the company’s office, the data is inevitably destroyed after carrying by various hands through various places. Possibility of theft or loss, in other words, data leakage risk, increases.

Recently, more and more companies have introduced data wiping instead of physical destruction for data destruction. Secudrive Drive Eraser is easy enough for the companies to be done in the office. Even general users can wipe their own disks by themselves on their desks, or IT personnel can wipe computers gathered to an in-house IT department. Security vulnerabilities are much reduced by minimizing the number of transfers, storage, and related parties.

Finally, it is convenient to record data destruction operations. It is essential to record data destruction to prepare for post audits under various security regulations. Pictures or videos are the only way to record physical destruction work. There is also the possibility of forgery and alteration. However, the wiping software automatically collects information on computer, disk, and erasure operation. It also creates tamper-proof reports.

Integrated management

IT managers can manage disk wiping operations remotely with the logs and reports. The logs and reports can also be easily integrated with the company’s asset management solution.

Categories
Blog

5 Technological Measures to Prevent HIPAA Violations Caused by Insiders

HIPAA compliance to protect patient health information (PHI) on physical or electronic media is essential for healthcare organizations. Failing to comply with HIPAA threatens organizations’ financials due to potentially heavy fines—ranging from $100,000 to $16,000,000 in total fine per entity, depending on its nature and gravity—and the reputation due to broken trust of patients who feel that their information may be in danger.

Failure to comply with HIPAA can be classified as typical data breach incidents since it involves confidential data being exposed accidentally or maliciously by internal or external factors. However, HIPAA violations show distinct characteristic when discussing their causes: insider breaches are a major problem in healthcare, yet many insider breaches go undetected. According to Protected Health Information Data Breach Report by Verizon, 58% of incidents involved insiders—healthcare is the only industry in which internal actors are the biggest threat to an organization.

Insiders in healthcare can be labeled as individuals with authorization to access healthcare resources that include electronic medical records, networks, email accounts, or documents containing PHI. Unfortunately, some healthcare insiders are known to be unaware of the HIPAA rules and the repercussions for breaching the rules. A healthcare survey by Veriphyr, HIPAA compliance solution developer, found that 35% of healthcare “insiders” had snooped into medical records of fellow employees, and 27% had accessed the medical records of family and friends. Here are some of the eye-opening, insider-involved HIPAA violation that caused organizations considerable damage.

  1. A health organization was fined $3,000,000 for making ePHI-containing files accessible over the internet without the need for a username or password after it accidentally removed the protection on servers. ePHI of 62,500 patients were exposed.
  2. A private dermatology clinic group was fined $150,000 and required to install a corrective action plan for losing an unencrypted USB drive that contained protected ePHI.
  3. A cardiology group paid $100,000 settlement for disclosing surgical and clinical appointments for patients on the cloud-based, internet-accessible calendar.
  4. A surgeon at UCLA School of Medicine was sentenced to 4 months in prison and fined $2,000 after he illegally accessed medical records system over 300 times, viewing ePHI of his colleagues and high-profile celebrities.

These cases show that HIPAA violations caused by insiders happen without the organizations suspecting, under their noses. In a review of 306 data breaches in healthcare, shown to be caused by insiders, 48% were financially motivated, and 31% were motivated by fun or curiosity, according to the Verizon report. Interestingly, another 10% were motivated by convenience. When insiders do something that will make it easier for them to get their work done, it also carries a possibility of putting confidential ePHI at risk.

To prevent these insider-caused violations, organizations follow the three safeguards—administrative, physical, and technological—of the HIPAA Security Rule. Among the three, technological safeguards are considered to be most difficult, thus making organizations focus on the administrative and physical safeguards instead for these reasons below.

  1. For healthcare staff, protection of ePHI and other HIPAA-related issues are not as important as their daily routine; they may make unethical or careless choices that lead to HIPAA violations.
  2. IT security gaps in healthcare are difficult to reduce, due to the complex combination of past and future—large volume of accumulated data, legacy medical or information processing systems, and implementation of the modern technologies.
  3. Following all three safeguards is expensive, and not all organizations can cover the costs, especially the smaller, local clinics or other health care businesses. Therefore, organizations may opt to prioritize in educating and training the staff about HIPAA and ePHI protection.

Common administrative and physical safeguards include organizations conducting thorough background checks when hiring new staff or contractors, holding periodic training programs to educate their employees about HIPAA and to instruct them to report suspicious activities, or limiting physical access to data points (PCs, mobile devices, medical equipment, and more).

However, there are instances for which these two safeguards cannot fully prepare—employees forgetting the rules, human mistakes, outside influences, and more. Therefore, organizations must look to technological safeguards and implement appropriate measures that will be added to aforementioned administrative and physical safeguards. Identifying the right measures is not easy for all organizations, especially for the smaller ones. Then what are the appropriate measures that will help healthcare organizations of all sizes prevent insider-caused HIPAA violations?

  1. Access control to sensitive ePHI – Giving minimum privileges for employees is the best way to ensure that none of ePHI gets into the hands of irrelevant individuals. One of the most well-known data security principles, ‘the principle of least privilege’ or PoLP in short, should be the key focus. PoLP involves implementing encryption on folders and files that contain ePHI, meaning that only the people with correct encryption keys can access those confidential files.
  2. Limiting the usage of sensitive ePHI – In addition to careful control of access to ePHI, organizations must look to integrate the second layer of defense that will ‘stop’ insiders from illegally deleting, copying, or stealing the ePHI while using it. The core data security solution is digital rights management (DRM), a commonly used solution in various organizations and industries. DRM is a response to a potentially critical scenario where trusted employees with access to ePHI turn rogue, whether driven by financial or personal motivation.
  3. Password and authentication management – Organizations must have a solid password policy that dictates specific requirements regarding password difficulty and update frequency. High password difficulty protects ePHI from not only hackers but also the employees who might be snooping around. With the added security of two-factor authentication, organizations can enforce enhanced password policy.
  4. Monitoring and auditing of employee activities – When employees access and use ePHI, it is difficult to differentiate whether they are doing so with legitimate reasons or malicious intent. HIPAA demands organizations to collect system and event logs regarding the actions taken on computer systems like operating systems, office computers, electronic health record (EHR) systems, printers, routers, and more. With the logs in check, organizations can preemptively detect anomalies to prevent insiders from causing HIPAA violations. Furthermore, audits can be performed to maintain the HIPAA-compliant security level and to identify wrongdoers if HIPAA violations have occurred.
  5. Data minimization through destruction  Essentially, less data means less possibility of HIPAA violation. Organizations can achieve data minimization by enforcing responsible data destruction policy—if certain ePHI is no longer required, or is requested to be deleted by patients, it must be completely deleted. For PHI on electronic media, HIPAA requires more than simple deletion commands or disk formatting: certified data overwriting, and disk degaussing or physical destruction are the three major data destruction methods.

Insider-caused HIPAA violations are a clear and present danger for healthcare organizations, and the common approach to tackle such danger have been only about educating the employees or practicing policies through legal documents. However, when insiders access or use ePHI, their actions are unpredictable and even worse, wrongdoings may not go undetected, under the nose of the organizations. Therefore, it is highly recommended that technological measures, which will actually ‘stop’ insiders from causing HIPAA violations, are enforced.

With so many data security solutions available in the market, organizations can find it hard to implement technological measures that fit their needs and requirements. With the five appropriate measures listed above, organizations can set HIPAA-compliant data security architecture that can respond to insider threats that may be undetectable and unpredictable.

Categories
Blog

HIPAA Security and Compliance: Three Safeguards

The Health Insurance Portability and Accountability Act, or HIPAA, is a legislation which provides security provisions and data privacy, to keep patients’ medical information safe. It came into effect in 1996, but 2005 was when the notion of electronic patient health information, or ePHI, and the protection thereof was introduced. In 2005, HIPPA security rules were laid down in the form of three security safeguards – administrative, physical, and technical – which must be observed for HIPAA compliance. With the data volume and monetary value of ePHI growing exponentially, and cybersecurity issues looming large on a global scale, understanding these safeguards has become mandatory for all companies in medical and healthcare industries.

What is HIPAA Security Rule?

U.S. Department of Health and Human Services defines the Security Rule as “national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity.”

As medical and healthcare industries – just as any other industries – go electronic in handling PHI for higher efficiency and productivity, the security risks involving the ePHI grow multiply. Therefore, HIPAA Security Rule was imposed as an extension to the Privacy Rule of the equivalent legislation, stating that all ePHI must be properly secured from unauthrozied access, whether the data is at rest or in motion. Furthermore, the fundamentals of Security Rule are based on the flexibility, scalability, and technology neutrality to encourage as many companies as possible to improve ePHI protection against various threats from inside and out. Thus the companies are allowed the adequate time to identify the needs and to adopt new technologiesfor the betterment of patient care and the safety of ePHI. To comply with the HIPAA Security Rule, companies are required to implement the three distinct, yet closely related types of safeguards that may sound ambiguous at first: administrative, physical, and technical.

Administrative Safeguards

“…administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”

The administrative safeguards cover over half of the HIPAA security requirements, focusing on the execution of security practices for the protection of ePHI. The administrative safeguards implement policies that prevent, detect, contain, and correct security violations. Moreover, they should be understood as the foundation of the Security Rule, as the companies are better off to tailor their HIPAA security measures by working around these five following safeguards.

  1. Security management process – identification and analysis of potential risks to ePHI, and subsequent implementation of security measures to reduce or, even better, eliminate those risks to a reasonable and appropriate level.
  2. Security personnel – designation of qualified individual for responsibilities regarding development and implementation of security policies for ePHI security.
  3. Information access management – enforcement of policies and procedures that limit the uses and disclosures of ePHI to a level of “minimum necessary.”
  4. Workforce training and management – provision of training for and management of workforce responsible for handling of ePHI, and appropriate sanctions against violation of the policy and procedures.
  5. Evaluation – periodic assessment on the companies’ ability to meet the HIPAA requirements through the security policies and procedures

By laying down a solid administrative groundwork for ePHI security and HIPAA compliance, companies can establish an organization-wide policies and procedures that dictate data security and the action plan to follow should the unexpected breaches occur.

Physical Safeguards

“…physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”

From physician’s home PC to designated data centers for university hospitals, ePHI resides in various electronic assets and media. Physical safeguards are the implementation standards to physical access to information systems, equipment, and facilities:

  1. Facility access and control – limitation of physical access to facilities that contain ePHI, with the exception of authorized access.
  2. Workstation and device security – implementation of policies and procedures regarding workstations and electronic media, in addition to the transfer, removal, disposal, and re-use of them for the appropriate protection of ePHI.

These physical safeguards, combined with the administrative and technical safeguards, work to ensure that ePHI are neither tempered on nor leaked through thousands of devices and assets.

Technical Safeguards

“…the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”

Perhaps the most talked-about of all, the technical safeguards are the final pieces of HIPAA Security Rule. One of the fundamental concepts of the HIPAA Security Rule is technology neutrality, which means that the rule does not require companies to adopt specific technologies. Thus the companies independently identify and satisfy their specific ePHI security needs based on these specific safeguards:

  1. Access control – implementation of technical policies and procedures for access only by authorized personnel.
  2. Audit controls – implementation of technical mechanisms to record and examine access and other activities in systems that contain or use ePHI.
  3. Integrity controls – implementation of policies and procedures, as well as technical measures, to ensure that ePHI is not improperly altered or destroyed.
  4. Transmission security – implementation of technical measures that restrict unauthorized access to ePHI in motion over electronic network.

Applied to all ePHI, the technology safeguards help companies to regulate ePHI access, use, and transmission – in other words, technical safeguards aim to protect ePHI at times where it is at most vulnerable state. Not limited to mandatory measures specified by governing authorities, companies can implement their own measures suitable for the companies’ size, industry, ePHI data volume, and etc. With growing concerns for cybersecurity threats, it is no surprise that technical safeguards are extremely crucial for medical and healthcare organizations, as well as cybersecurity companies.

Modern technologies provide efficiency and productivity when handling patient information electronically and that naturally lead to better care for patients; however, it is a double-edged sword. ePHI keeps growing in volume and value, and it attracts interests from not only companies but also cybercriminals. Thus HIPAA Security Rule was enforced to protect sensitive patient information from inherent security risks of the digital world. However, it is no easy task to meet the requirements of safeguards, and noncompliance of HIPAA ranges between $100 and $50,000 per violation. Therefore, companies must make ePHI security as a part of their daily routine and continuously monitor the situation to avoid any legal circumstances.

Categories
Blog Data Erasure

When to Completely Erase PCs

When it comes to robust data security, erasing PCs completely before reusing or disposing of them is critical, even though it is considered difficult and time-consuming. Questions may be raised as to why it is critical, and the answer to those questions is that PCs contain the highest volume of enterprise data, which if leaked or breached, can cause vital data security lapse that may be neither detected nor controlled.

Right now, there are three major methods to erase PCs completely, also widely known as disk erasure: physical disk destruction, degaussing, and overwriting. These methods are equally competent and effective, but overwriting stands out against the other two, in regards to cost-efficiency—it does not make the PC disks unusable, whereas the other two do the opposite. It uses internationally certified algorithms that remove the PC data by overwriting it with randomized data; therefore, it allows the enterprises to reuse the disks, provided they are still in good condition. Furthermore, overwriting reduces e-waste, helping companies do their part for eco-friendly, corporate social responsibility.

Overwriting is the most common disk erasure method; however, if hundreds and thousands of PCs need to be erased, it becomes problematic due to its time-consuming and complicated process, as depicted below.

  1. Collect the PCs that are subject to be replaced for reuse or disposal.
  2. Transport and store the PCs in separate spaces or facilities.
  3. Assign personnel to manually run overwriting programs on each PC to erase stored data.
  4. Reuse or dispose of the PCs that completed the overwriting process.

To save time on such a problematic process, enterprises often employ external services. However, such a decision can be a worrying one for enterprises and the responsible parties—all data stored on the PCs in the hands of external services are in their most vulnerable state, where they can be exposed or leaked. Even worse, enterprises will not know whether their PCs have been exposed. To help enterprises lessen their worries, these services provide extra security measures such as video surveillance, RFID tracking barcodes, live streaming of the full process, and heavily secured trucks, which attempt to ensure the safety of PCs and the stored data while they are being transported to and kept in the external facilities. However, a higher level of security leads to increased cost and prolonged processes for the enterprises to endure—this is why disk erasure by overwriting, despite its undoubted necessity and advantages, can become a headache.

Erase PCs in the comfort of your desk for sustained data security and enterprise efficiency

What if enterprises could erase their PCs within their secure office premises from start to finish? After all, issues of vulnerable data security and enterprise inefficiency are rooted in the complications that arise from transporting and storing PCs in external facilities. By entirely removing this negative variable, enterprises no longer have to worry about data security and increased costs because extra security measures like armored trucks or video surveillance cameras are no longer necessary. Thus, Secudrive encourages enterprises to erase all PCs in their secure office premises. With the innovative disk erasure solution Secudrive Drive Eraser, enterprises can facilitate on-site disk erasure by overwriting—enforced by administrators or self-service format—in addition to comprehensive management of multiple disk erasure processes.

Check out our next blog to discover more about Secudrive Drive Eraser and why it is an essential disk erasure solution for all enterprises!

Categories
Blog Data Erasure Device Control File Server Security USB Sescurity

How to Prevent Potential Data Leaks before and after Employees Depart

Four Secudrive data security solutions to help prevent potential data leaks before and after employees depart

When employees join and leave enterprises, the primary concern is to find replacements or re-shuffle the organization structure. However, one crucial, or the riskiest concern that enterprises may overlook is that the departing employees can accidentally or intentionally leak confidential data on their way out, or even after their departure.

Acknowledging that confidential data leakage upon employee departure is more than plausible and that consequences can be damaging, Secudrive recommends its four solutions – Secudrive File Server, Device Control, USB Office, and Sanitizer – that synergize to stop employees from accidentally or intentionally leaking confidential data, before and after their departure.

1) Secudrive File Server helps enterprises to set up a secure file sharing environment where confidential files can be consolidated and protected in a centralized system of file servers. Firstly, Secudrive File Server ensures that consolidated files are isolated from the employee PCs’ local environment, making them only accessible and usable directly on shared folders. Then digital rights management (DRM) is enforced for each folder to stop employees from leaking confidential data.
Digital rights management is the key to Secudrive File Server, restricting specific functions of files and data. With DRM in place, employees can use enterprise files as normally; however, they will be strictly restricted from specific actions that potentially lead to file leakages, like file copying, screen-capturing, printing, and more. With data leakage blocked by DRM, employees will not be able to export confidential data to their PCs’ local environment or outside environment via offline (storage devices) or online (e-mail or messaging apps) methods.

2) Secudrive USB Office and USB Management Server is a solution suite that provides enterprises a secure media to safely store and transport confidential data outside the office environment. Secudrive USB Office is a hardware encrypted USB with DRM, ensuring data security when employees need to take out confidential files for certain situations like business trips, which may seem to be opportune for data leaks. It brings hardware-encryption with AES-256 crypto chip and DRM (identical to that in Secudrive File Server) to ensure that data stored in Secudrive USB Office are safe from not only outsiders’ unauthorized access but also potential leakage that may occur ‘after encryption.’
In addition to the security measures integrated with the USB drives, Secudrive provides a supplementary Secudrive USB Management Server (UMS) that establishes a remote, centralized platform to manage multiple USB drives and their security policies at once. The more USB drives enterprises use, the harder it is to control, and UMS was developed to eliminate such difficulty by allowing enterprises to keep track and change security policies of multiple USB drives at once, real-time. One critical advantage of real-time management is the ability to instantly respond to unexpected events like USB drive thefts or losses. As enterprises ordinarily use regular USB drives with no security measures implemented, and the data stored is exposed to leakage risks by both outsiders and insiders. Therefore, Secudrive’s USB drive security and management solution will prevent data leakage threats by not only outsiders but also insiders.
Even though the enterprises have secure USB drives, backed by a robust management tool at their disposal, they must make sure that only those USB drives are used by employees. Simply encouraging employees or enforcing some policies is not safe enough, since departing employees willing to steal confidential data can easily use their USB drives. Then how can enterprises limit their employees to use only the safe, security-equipped USB drives?

3) Secudrive Device Control regulates and monitors all or specific devices that are used on the endpoint PCs, through ports like USB, Wi-Fi, LAN, and IEEE 1394. As removable storage devices have become IT commodity for everyone, they have naturally become an integral part of enterprises as well. However, enterprises must first control the use of USB drives to eliminate any possibility of data leaving the enterprise premises.
Secudrive Device Control helps enterprises establish and implement various security policies on multiple groups effectively, by initially drawing the information on how all the PCs and employees (users) are structured together from Windows Active Directory (AD). Moreover, when an employee needs to use certain devices for specific tasks, Secudrive Device Control can temporarily ‘unblock’ specific ports, keeping the work productivity flowing. In this case, it is imperative that USB drives be integrated with reliable security measures.

4) Secudrive Drive Eraser is a disk wiping solution that stops potential data leaks from old PCs used by departing employees. When employees leave, their PCs either change ownership or are destroyed, and before doing so, enterprises often format the PCs. However, PC formatting is never enough as it merely removes the path to the data, not the data itself, which actually can be recovered and even worse, be leaked out.
By using Secudrive Sanitizer can the enterprises completely ‘wipe’ multiple PCs simultaneously, and even execute multiple wiping processes remotely from a centralized console. It ensures that PCs are free of remnant data after being wiped with internationally recognized wiping algorithms. Then the enterprises can re-assign or destroy the old PCs used by departing employees, knowing that all data has been rendered unrecoverable. Moreover, remote PC wiping allows bigger enterprises with multiple locations to wipe their PCs with just a few clicks and to monitor the process from start to finish.

All in all, the four Secudrive solutions – Secudrive File Server, Device Control, USB Office, and Drive Eraser – form a holistic data security architecture that stops departing employees from leaking confidential data before and after their departure.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

3 Technological Security Measures to Prevent Data Leaks When Employees Depart

To help employees fulfill their professional initiatives, enterprises must provide a variety of physical and digital tools that enable the employees to take full advantage of enterprise data and resources. When the employees move on to different jobs, however, rolling back on all the capabilities that the enterprises once gave to their employees is another important duty. After all, departing employees can be either direct or indirect causes of data leaks, whether accidental or malicious.

To prevent departing employees from leaking confidential data, enterprises have been implementing several conventional measures like establishing policies, preparing legal documentation like a non-disclosure agreement, training/education sessions, and deactivating accounts used by ex-employees (PC, devices, cloud and more). Perhaps these can be considered to be enough to prevent leakage of confidential data; however, they are only focused on “discouraging” employees from leaking data when they depart. Instead, enterprises need to implement technological measures to actually “stop” data leaks from occurring.

1) Consolidate all files into a data repository equipped with data leakage controls and real-time monitoring

Preventing data leaks by departing employees begins with consolidation and isolation of confidential enterprise files in data repositories and away from individual employee PCs, which can become exit points from which confidential data can be wrongfully leaked, deleted, or edited.

However, this security measure is just the basic foundation of security architecture to prevent data leaks by departing employees. Therefore, by integrating data leakage controls to restrict copying, screen-capturing, printing, and network-transferring the files out of file servers, can enterprises form multi-layered and tighter protection of confidential data.

If the employees need to bring confidential data out to their local storage for certain tasks, enterprises must ensure that all relevant activities regarding the files and users are tracked with logs. Logs are important for both preventative and corrective action as a response to data leaks by departing or departed employees since enterprises can not only detect wrongdoing beforehand but also identify the wrongdoers even after they have quit.

2) Control and manage portable storage device usage on endpoint PCs

Employees now have more kinds of portable storage devices, like USB drives and smartphones, at their disposal for better and improved work performance. However, these devices must be used under the organization-wide enforcement of strict control and thorough management to ensure that those devices do not leave the office premises with confidential data inside.

Together with enterprise policies and culture that discourage the use of storage devices for purposes other than those work-related, a series of technological measures must be implemented to deter employees from doing so. Firstly, enterprises must block the ports (USB, IEEE 1394, and so on) on the PCs used by the employees. By doing so, not only existing but also soon-to-depart employees cannot use portable storage devices to take confidential data from enterprise premises, whether such action was done by mistake or with malice. However, blocking all ports may not be the best option, if the enterprises require permitting specific ports for specific tasks or employees. For this case, it is imperative to implement a management tool that oversees all ports and connected devices on all employee PCs, and that is capable of enforcing and lifting restrictions for specific circumstances.

3) Wiping used hard disks before disposing or recycling used PCs after employee departures

When employees depart, it is common for enterprises first to format the used PCs, and then re-assign or destroy (if outdated) them. Unfortunately, this practice may trigger unexpected data leaks, as the remnant files that contain or are relevant to enterprise confidential data can be recovered, even though the PCs have been formatted beforehand.

Therefore, to prevent data leaks by recovery, enterprises must wipe remnant data on old PCs by using data erasure solutions like degaussing, overwriting with randomized data, or even the physical destruction of PCs. These three solutions achieve the same goal of data erasure, but only one provides enterprises with an extra advantage: overwriting wipes remnant data completely and maintains the disks as usable, while the other two methods do not. Thus the disks overwritten with randomized data can be recycled to be assigned to new employees, and the enterprises will not have to worry about possible rediscovery and leakage of remnant data.

When employees depart, enterprises must think beyond handling more paperwork and recruitment, as their confidential data can, or even worse, could have been at risk of being leaked. The biggest issue with data leaks by departing employees is the increased difficulty of identifying who the wrongdoers are, and of taking a course of corrective actions. The three key measures mentioned above address the importance of data leakage prevention before and after departing employees, whether their involvement direct or indirect. Check our next blog to see how Secudrive solutions bring these measures into practice for enterprises, whether big or small, to ensure that confidential data do not leave along with the departing employees.