By Andrew Aiken
So, we’ve reached the end of the road in the life cycle and are preparing to retire a system to the great beyond … or worse yet, an auction site. Before doing so, we need to take appropriate measures to safeguard our data and most certainly that of our patients. While we have standard procedures for workstations and server platter drives, some items may be less obvious in the modern era of memory and storage. In this column, I plan to focus on the current landscape and less so on specific disposal and erasure standards. The implementation of media sanitization standards can vary significantly between organizations and I’ll defer you to your local security and privacy officers for your specific standard operating procedures. That being said, we should be aware that “one-size-fits-all” policies are often not intended for a broad array of media types.
Let’s start with the traditional fare of personal computers (PCs) and servers, many technicians are accustomed to hard drive disposal practices which focus on the aforementioned platter drives. Many people, however, may not be aware of the varied formats that modern storage can take. The second most-common type of hard drives are enclosed solid-state drives (SSDs). These are smaller, lightweight drives that can easily be obscured within a PC enclosure. Even for SSDs that assume the form of the more traditional 2.5-inch HDD enclosure, the practice of drilling a hole through a drive, one which many organizations still rely on, can literally miss the mark (Figure 1).
Another prevalent and commonly overlooked solid-state media type is the NVMe (Non-Volatile Memory Express) variety (Figure 2). Due to its size and shape, it can often be confused with RAM or can blend in with other motherboard components. Usually, these drives are mounted flat on the motherboard, but can also be attached to a riser card (Figure 3) and may be dismissed as a secondary peripheral. Also, don’t forsake removable media types such as optical, tape and flash. It can be easy to overlook these drives for media during the decommissioning process and miss media that could easily contain significant amounts of patient data – always check and eject removable drives prior to disposal (Figure 4). And even though they may seem like a relic destined for the dust bin of history, don’t think that tape drives are dead; they are often still in the mix and can even store up to 45TB of data on a single cartridge (Figure 5 – tape drive with cartridge). Furthermore, while Universal Serial Bus (USB) media can be easy to spot externally, be wary of internal USB media as well. Some servers utilize an internal USB slot that vendors can use to either insert a licensing dongle or for additional storage (Figure 6).
Now that we have discussed the screening procedures for traditional PCs and servers, we must shift our focus to discrete medical devices which often lack the same level of scrutiny and can be just as likely to contain “vital” information. This is particularly true of our wireless devices that run the gamut from glucometers to vital signs to infusion pumps. These can store sensitive patient data on internal storage as well as the security keys to your enterprise mobile networks, which is the juicier target. In a recent case, some of these devices sent to an auction site for resale still contained the organizational identifiers as well as the SSID and WPA2 key for the organization’s wireless network. In fact, the organization’s name was clearly visible on the auction pictures, which can be a major signal to potential bad actors. These devices typically have either onboard flash or compact flash memory, and in some cases contain both. You should check with the manufacturer for memory-erasure procedures and confirm with your local security officers to confirm that these procedures meet your organization’s guidance for reuse and/or destruction. This holds true for devices at every stage of their life cycle, whether they are end-of-life and preparing for disposal or simply out on loan or shipped for repair.
In order to prepare yourself and your organization from potential data loss, it is important to stay informed of the ever-evolving landscape of storage technologies and make use of locally available reference material such as life cycle desk guides and information security policies. If you do not have guides or checklists available in your organization, I highly encourage you to take the steps toward developing these to serve as step-by-step guides covering procurement, implementation, sustainment and decommission of your devices. The retirement of a single system can involve so many tasks from logistical (asset management) to logical (HL7, DICOM, VLAN/ACL) that it is increasingly likely for a small SD card or DVD to be overlooked. Having clearly defined guides of your local procedures will allow you and your organization to remain vigilant. Threat actors prey on opportunity – don’t make it easy for them by A) doing something you aren’t supposed to do or B) failing to do something you were supposed to do.
Andrew Aiken is a VISN 9 Information Systems BESS at VA MidSouth Healthcare Network.
