Is PHI Lurking In Your Photocopier?
While attention has been focused on the security risks posed by laptops, smartphones, flashdrives and more sophisticated electronic devices, humble office photocopiers have been quietly accumulating personal data on hard drives most of us didn't know were there. A CBS News investigation reveals the ease with which clever identity thieves can access reams of data for the price of a used copier.
For the report, CBS's team purchased four used copiers for about $300 each from a New Jersey warehouse. With the help of John Juntunen of Digital Copier Security, which markets scrubbing software called "INFOSWEEP," each copier's hard drive was removed in 30 minutes, then scanned using free forensic software downloaded online. Within 12 hours, the hard drives yielded highly sensitive documents including criminal investigations, financial and payroll records, real estate development documents, and 300 pages of individual medical records from Affinity Health Plan, including prescriptions, blood test results and diagnoses.
Modern copiers use digital scanning technology that is stored to hard drives. Most businesses would not sell or dispose of used computers without taking steps to render any remaining data inaccessible (at least we hope so). The same caution should be taken with copiers.
CBS reports that all the major manufacturers offer security or encryption packages on their products. For example, Sharp's product, which automatically erases an image from the hard drive, costs $500. Aftermarket products like INFOSWEEP claim more thorough results. Whatever you decide to do about your copier's stored data, doing nothing is not the solution.
The newer photocopiers do contain encryption and data removal but the older photocopiers only allow reformat of the hard drive as form of data erase. This may not be sufficient for companies wishing to comply with DoD. Its an interesting question as to if the Manufacturer share some responsibility in ensuring the company remains compliant with the Data Protection Act
One of the most damaging problems hospitals are facing is used medical equipment. We all know what a copier looks like but there are several different models of used medical equipment containing PHI, and been sold online for $300-500 and not looking nothing like a computer.
Here at Level6 we protect hospitals by screening, sanitizing and destroying obsolete medical equipment