The North Wales NHS Trust has recently found that the Glan Clwyd hospital in the UK has lost one hundred computer disks. Disk encryption software like AlertBoot was not used to secure the contents of these disks, nor was there (the misleadingly-named) password protection in place.
There shouldn’t be any fears of some type of ID theft, however, since the missing computer disks are believed to be effectively destroyed. Plus, they only contained patient discharge summaries, which doesn’t sound like it could be used for anything at all (assuming patient ID numbers and the such were not included).
How do they know the disks have been destroyed? It is believed that the disks were tossed out with the trash, which summarily ended up at a waste disposal company. The latter claims everything was crushed and buried in a landfill.
Of course, the assumption is that the disks with patient data ultimately ended up with the waste disposal company. With so man dumpster-diving enthusiasts around the world, and landfills not inventorying what they bury (it doesn’t make sense…although, it probably would make the jobs of future archeologists much easier), you never know….
Protecting Data On Small (Tiny) Digital Media
While it’s not specifically mentioned by the BBC that the lost disks are floppies (of the 3.5-inch variety), they included a picture of a green, translucent floppy disk in the article.
As I recall, these things hold approximately 1 MB of information, after formatting. With one hundred of these, we’re talking about 100 MB. The other day I saw a micro SD flash drive–also known as a TransFlash–that held 4 GB, which is equal to forty times the information on the lost 100 floppies. The TransFlash was smaller than the size of the fingernail on my pinky.
Wonder if that’ll get lost, ever?
Obviously, the use of encryption software to protect the contents of such devices is imperative, assuming private information is stored on them. An entire USB memory stick can be encrypted, for example, to safeguard the contents that are being copied from one computer to another.
However, you can’t go around using full disk encryption on all of them. Chances are the software required to encrypt and decrypt the information is not included or can’t be run in the device that’s using the memory device.
For example, the TransFlash I was commenting on was the main storage for a camera. I don’t know of any camera manufacturers that include the ability to encrypt images as they’re being taken.
For such storage media, the only thing to do, if you’re security-conscious, is to not save any private or sensitive information to them, since there is no realistic way to protect the data.