It seems that news of another data security breach has taken place. Hardware security is one of the most important measures a company can take to prevent a breach. Hackers can breach a website, but some find it better to steal the hardware that so many vital files are stored on. These are some of the recent breaches and how you can stop it from happening to you.
The Veteran’s Administration Case
One of the largest data breaches related to hardware happened back in 2006. An employee of the Veteran’s Administration had a laptop and external hard drive stolen from the employee’s residence. On those devices were more than 26 million military and veteran records. As a result of this data breach, the VA had to pay $20 million to those whose information was stolen.
Questions arose as to why the employee took the information home. The electronic devices should have been kept in secure offices or closest within the VA and not easy to pick up and take home. Paperwork should have been stored in locked files or shredded when no longer needed. As devices become outdated, you need to hire an electronics recycling company that wipes data from devices prior to resale or who shreds the device in a secure facility.
University of Texas MD Anderson Cancer Center
Back in 2018, the University of Texas MD Anderson Cancer Center was fined $4.3 million for violating HIPAA. Three database breaches occurred over a two-year period. One of those breaches came from a stolen laptop that had never been encrypted. The other two breaches involved another form of hardware that also was not encrypted. The hospital had never encrypted their USBs. In all, it led to the theft of more than 33,500 people’s medical records and personal information.
Unused USBs should be wiped and shredded. If you have obsolete computers, if they still have resale value, you need to have the data erased before selling or donating. If the computers have no life left, they must be recycled with a company that shreds and recycles the different components.
New York City Fire Department Case
One employee kept patient information on a personal hard drive. When that hard drive was stolen, so were the records of more than 10,000 people who’d been in an FDNY ambulance for a seven-year period. Encryption hadn’t been used. A spokesperson for the fire department admits the employee did not follow data security procedures.
Credit monitoring services have been offered to everyone on that list who’s SSNs were included in the information. The fire department is holding new training programs and disciplining the employee. It’s another case where hardware should be held in a more secure setting and files should always be encrypted. When it’s time for the external hard drive to be recycled, the data should be wiped and the device shredded to prevent data theft.
Be Selective When It Comes to Data Destruction
Data destruction is a key component to safely disposing of outdated hardware. There are four levels of data destruction available at ERI Direct. They are:
Standard – Meets the NIST 800-88 Rev1 guidelines that require clearing, purging, or destroying data. This is the compliance level that most clients need.
Enhanced – The data destruction follows a chain of command that uses lockboxes, TSA certified drivers, and on-site or off-site at one of ERI’s secure facilities data destruction. If needed, business owners can watch the data destruction on video from their home or office.
High Security – Data destruction is handled by a trained person who is U.S. citizens. The client must approve the recycling specifications with shredded pieces of as little as 2 millimeters.
Demilitarized – This is the highest level of data destruction and covers data destruction of top-secret materials. Only essential personnel are allowed in the area where the data destruction takes place. Only the demilitarized recycling project can take place in that area. Materials go into the facility under the watchful eye of the client contractor and a government representative. Those two people will also sign that they witnessed the destruction.
Don’t recycle your hardware with just any company. Do your research and avoid breaches and data theft. Make sure you’ve chosen a hardware destruction company that is certified by e-Stewards, NAID, and R2. That ensures that the electronics recycling firm’s focus is on safely recycling electronics to prevent theft and damage to the environment. ERI Direct holds certifications in all three and is also ISO 9001, ISO 14001, and OSHAS 18001 certified.
We have eight locations across the U.S. and offer several security measures and checks that ensure you know exactly where your hardware is at any given moment. You can even watch us shred your hardware thanks to our secure live cams. Call 1-800-ERI-DIRECT to talk to an expert.