NHS Fined After Computer Holding Patient Records Found On eBay

← Back to Stories (view on slashdot.org)

NHS Fined After Computer Holding Patient Records Found On eBay

Posted by timothy on Saturday July 13, 2013 @09:19PM from the all-these-billing-addresses-are-identical dept.

judgecorp writes "NHS Surrey, part of Britain's health service, has been fined £200,000 when a computer holding more than 3000 patient records was found for sale on eBay. The system was retired, and given to a contractor who promised to dispose of it securely for free, in exchange for any salvage value... but clearly just put the whole system up for sale."

139 of 186 comments (clear)

Min score:

Reason:

Sort:

How does... by Anonymous Coward · 2013-07-13 21:27 · Score: 3, Insightful

The government fine itself?
1. Re:How does... by buchner.johannes · 2013-07-13 21:39 · Score: 1
  
  Ever heard of separation of powers?
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
2. Re:How does... by Joce640k · 2013-07-13 22:12 · Score: 4, Insightful
  
  They shouldn't be fining themselves, they should be jailing the person responsible for handing them to the "unnamed contractor" (who was probably a friend).
  
  --
  No sig today...
3. Re: How does... by Anonymous Coward · 2013-07-13 22:20 · Score: 1
  
  Why not fine the contractor who was paid in salvage value to destroy the data?
4. Re: How does... by Joce640k · 2013-07-13 22:45 · Score: 4, Informative
  
  Because there was no actual "contract" requiring him to destroy them.
  That's the real problem in this case - no contract. It's all all in TFA (if you can be bothered with such trivia).
  
  --
  No sig today...
5. Re:How does... by hairyfeet · 2013-07-13 22:53 · Score: 5, Insightful
  
  Actually as a PC repair guy who often does this very thing I say they should throw the contractor in jail, he is making us all look bad.
  I've done plenty of work for the city in the past and they know any donations they give to me will be wiped clean so they have no problem handing me desktops and laptops that are being replaced. Is there any records on them? probably but I wouldn't know as the first thing they get is a boot 'n nuke from me, the ONLY thing I don't wipe is the factory restore partition if it has one, everything else? Wiped before I ever mess with the system.
  So I'm all for throwing this asshole in jail because its jerks like this that end up causing systems to be disposed of via shotgun. In a dead economy there is plenty of folks hurting out there and these off-lease systems can be used to make sure anybody can have a PC, hell thanks to donations from the city I have a complete desktop system for $50 at the shop. Sure its not the fastest thing in the world but it surfs, burns DVDs, and when somebody needs a PC so their kid can look up info for school reports and they can look for a second job? A system like that can really make a difference. This is why I fricking HATE when assholes like this do dumb shit like just throwing it on eBay, he could have boot n' nuked and been done in no time, throw the lazy ass in jail.
  And if you work in a position that has getting rid of older systems as part of your duties? Don't dispose of via shotgun, talk to the local shop guys, talk to the local churches, there is usually a guy like me that is happy to refurb 'em for the poor folks and unlike this douchebag we're happy to do secure wiping on anything you hand us. There is nothing like the feeling of making a difference, just last week I donated a couple of systems to one of the local churches so they could expand their computer classes, they do a lot of work with abused women and teaching them basic computer and office skills helps them get a job and not be dependent on some wife beating scumbag. I wouldn't have been able to hand those systems over if they hadn't been donated to me, so ask around, those old P4s and Athlons may be junkers to you but it could make a difference to somebody else.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
6. Re:How does... by 3seas · 2013-07-13 22:56 · Score: 1
  
  Raises taxes?
7. Re:How does... by Cornwallis · 2013-07-13 23:15 · Score: 1
  
  Raises taxes?
  Bingo.
8. Re:How does... by Joce640k · 2013-07-13 23:23 · Score: 2
  
  How hard can it be for a government to make a CD stick which you insert in a PC which boots up and wipes the hard drive?
  They could insert one in every PC before they remove it from the person's desk. It would take about ten minutes. If they're doing a roomful of PCs (as they mostly do) then by the time you got around to putting the CD in the last machine, the first one would be finished.
  
  --
  No sig today...
9. Re:How does... by jellomizer · 2013-07-14 00:05 · Score: 3, Informative
  
  Simple, there are a bunch of ministries, departments, and divisions and other units all with a degree of autonomy, their own budgets, and other stuff.
  When you ask nearly any government employee of where do they work. They will not say I work for the Government. They will say I work in the Department of whatever...
  So if you fine a government agency the money leaves their budget and goes away from their department and to an other area. Leaving that department with less money budgeted towards what they need to do. As well it would effect their influence of getting additional funding for the next year.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
10. Re: How does... by NadMutter · 2013-07-14 00:06 · Score: 1
  
  10 mins? Really. The last disk I decommissioned took 24 hours to shred (4 passes, the longest time being for the 2 random writes). OK that was a failing Seagate 2TiB drive but for sensitive data, more passes is standard.
11. Re:How does... by jamesh · 2013-07-14 00:07 · Score: 1
  
  Actually as a PC repair guy who often does this very thing I say they should throw the contractor in jail, he is making us all look bad.
  Making you look bad is not a criminal offense. You'd need to take it up in a civil court, and they don't throw people in jail.
12. Re:How does... by beltsbear · 2013-07-14 00:09 · Score: 4, Insightful
  
  Agreed. I used to do the same, take in free donated systems and wipe them with dban or other zero writing software. It was easy and ensured the buyer got a clean system. The main reason why people destroy perfectly good machines out instead of giving them to someone like me (or charity) is fear of the type of behavior shown.
  And for god sakes, you do not need to DESTROY the hard drive. Zero writing is fine for anything not containing national security level secrets.
13. Re:How does... by Idimmu+Xul · 2013-07-14 00:11 · Score: 1
  
  How hard can it be for a government to make a CD stick which you insert in a PC which boots up and wipes the hard drive?
  http://killdisk.com/downloadfree.htm
  unbelievably easy
  
  --
  The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
14. Re:How does... by jellomizer · 2013-07-14 00:15 · Score: 1
  
  While I agree it is the contractors fault. However when you deal with a contractor you better be sure your contract has him to do what they say they will do. The contractor will probably do more what is in the contract however if failure to not do more that is in the contract could have a negative effect it should be protected.
  Such as delete your drives beforehand, or make sure the contract has him do this work, and perhaps a measure stating he will do what he says he does.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
15. Re: How does... by Joce640k · 2013-07-14 00:21 · Score: 2
  
  Ok, let's agree it more than 10 minutes. Now can you address the actual point...?
  (I should have known better than to put an actual number on slashdot...)
  
  --
  No sig today...
16. Re:How does... by Joce640k · 2013-07-14 00:24 · Score: 1
  
  Sigh.
  OK, let's agree it more than 10 minutes.
  Now can you address the actual point, which was: "It's not difficult to wipe hard drives in a time frame which is consistent with upgrading a room full of PCs."
  
  --
  No sig today...
17. Re: How does... by Joce640k · 2013-07-14 00:30 · Score: 2
  
  ... for sensitive data, more passes is standard.
  Somebody needs to question that standard. There's no credible evidence that data can be recovered after writing a single pass of random data.
  Even if there was any evidence (and let's be clear, there isn't...), if anybody wants to spend that much money trying to recover data from machines bought randomly on eBay they should be encouraged to do so. The sooner they go bankrupt, the better.
  
  --
  No sig today...
18. Re:How does... by _Shad0w_ · 2013-07-14 00:46 · Score: 1
  
  Secure data destruction involves a very large shredder which just turns the disks in to scrap metal. There's even video of it being done to the HDDs that were holding the ID card database before it was scrapped.
  
  --
  Yeah, I had a sig once; I got bored of it.
19. Re:How does... by Joce640k · 2013-07-14 00:53 · Score: 1
  
  But as pointed out this is unnecessary and those PCs/disks could benefit a lot of needy people. Securely re-imaging a hard disk isn't difficult.
  
  --
  No sig today...
20. Re:How does... by Kat+M. · 2013-07-14 00:59 · Score: 3, Informative
  
  First, the Information Commissioner's Office is an independent body, subject to supervision by the courts, not any ministry. It cannot and does not care (modulo human error) whether the responsible entity was a public or private body, except where the law distinguishes between them.
  Second, an NHS trust (which NHS Surrey is) is technically not part of the government, but a public sector corporation with separate auditing requirements and separate liability. Another example is that NHS trusts are also vicariously liable for malpractice by doctors and nurses they employ.
  While it is correct that in the end all the fines do come out of the UK's budget and go back into the UK's budget, separate liability arrangements allow for more fine-grained auditability and accountability. Fines may be budget neutral overall, but they still are highly undesirable for the sanctioned body, creating an incentive to avoid them.
21. Re:How does... by 91degrees · 2013-07-14 01:04 · Score: 1
  
  Of course, in this case the net result is that the public has been fined Â£200,000 worth of health care.
  
  I'm sure there has to be a better way of penalising government institutions.
22. Re:How does... by sociocapitalist · 2013-07-14 01:14 · Score: 1
  
  Actually as a PC repair guy who often does this very thing I say they should throw the contractor in jail, he is making us all look bad.
  I've done plenty of work for the city in the past and they know any donations they give to me will be wiped clean so they have no problem handing me desktops and laptops that are being replaced. Is there any records on them? probably but I wouldn't know as the first thing they get is a boot 'n nuke from me, the ONLY thing I don't wipe is the factory restore partition if it has one, everything else? Wiped before I ever mess with the system.
  So I'm all for throwing this asshole in jail because its jerks like this that end up causing systems to be disposed of via shotgun. In a dead economy there is plenty of folks hurting out there and these off-lease systems can be used to make sure anybody can have a PC, hell thanks to donations from the city I have a complete desktop system for $50 at the shop. Sure its not the fastest thing in the world but it surfs, burns DVDs, and when somebody needs a PC so their kid can look up info for school reports and they can look for a second job? A system like that can really make a difference. This is why I fricking HATE when assholes like this do dumb shit like just throwing it on eBay, he could have boot n' nuked and been done in no time, throw the lazy ass in jail.
  And if you work in a position that has getting rid of older systems as part of your duties? Don't dispose of via shotgun, talk to the local shop guys, talk to the local churches, there is usually a guy like me that is happy to refurb 'em for the poor folks and unlike this douchebag we're happy to do secure wiping on anything you hand us. There is nothing like the feeling of making a difference, just last week I donated a couple of systems to one of the local churches so they could expand their computer classes, they do a lot of work with abused women and teaching them basic computer and office skills helps them get a job and not be dependent on some wife beating scumbag. I wouldn't have been able to hand those systems over if they hadn't been donated to me, so ask around, those old P4s and Athlons may be junkers to you but it could make a difference to somebody else.
  It depends. It's easy enough to blame the contractor but there are factors that have to be taken into account.
  Is there a written security policy that states that the drives have to be wiped (and with what method or methods)?
  Was the contractor presented with said policy and asked to sign each page to indicate that they've seen it?
  Was it written into the contract with the contractor that they read and will follow said security policy?
  Yes the contractor (if there was one - I didn't read TFA) fucked up but they may not have been the only ones.
  
  --
  blindly antisocialist = antisocial
23. Re: How does... by BrokenHalo · 2013-07-14 02:08 · Score: 1
  
  The last disk I decommissioned took 24 hours to shred
  You're doing it wrong. I used to be a professional blacksmith in an earlier life, and I still have all my tools, which include a 1500lb pneumatic power-hammer. That mother can deliver 1.5 blows per second at full power, and if I stick any hard drive under that, it'll be thinner than a bee's dick in a couple of seconds.
  
  However, I do like to take out those cool lanthanide magnets first... :-)
24. Re: How does... by sjames · 2013-07-14 02:13 · Score: 1
  
  For that matter, simple zeroing is quite sufficient for data that is merely confidential (though government standards may insist on more). Nobody is going to buy a machine off of ebay and scan the disk platters with a force microscope.
  Most of the concerns are based on outdated information relevant to much older MFM drives where the recording density was much lower and tracking errors much larger.
25. Re:How does... by Shikaku · 2013-07-14 02:19 · Score: 1
  
  http://www.dban.org/
  Such a project already exists.
26. Re:How does... by sjames · 2013-07-14 02:28 · Score: 1
  
  No, but it is a motive for him to want to see criminal offenses prosecuted.
27. Re: How does... by julesh · 2013-07-14 02:41 · Score: 1
  
  That's the real problem in this case - no contract. It's all all in TFA (if you can be bothered with such trivia).
  Of course there's a contract: there's one described in the summary above. The contractor agreed to wipe the machines in exchange for getting them for free. There, that's a contract. Now, it may be difficult to sue him for breach on the basis that there doesn't appear to have been a *written* contract, but that's an entirely different matter from there being no contract at all.
28. Re:How does... by julesh · 2013-07-14 02:44 · Score: 2
  
  No, but it is a motive for him to want to see criminal offenses prosecuted.
  But as nobody has suggested a criminal offence of which the contractor may be guilty, it hardly seems relevant.
29. Re:How does... by julesh · 2013-07-14 02:46 · Score: 1
  
  Of course, in this case the net result is that the public has been fined Â£200,000 worth of health care.
  I'm sure there has to be a better way of penalising government institutions.
  Maybe they should consider firing the person who made the decision to pass on confidential data to an uncertificated contractor without performing any due diligence, or is that perhaps a little too radical?
30. Re: How does... by ChumpusRex2003 · 2013-07-14 02:50 · Score: 1
  
  In a previous case where a certifed contractor was hired to destroy the data, but sold theequipment on ebay, the NHS hospital was fined, not the contractor. The reason given by the information commissioner's office, was that the NHS staff should have supervised the contractor and independently verified the destruction.
  It was left for the NHS hospital to sue the contractor for breach of contract.
31. Re:How does... by ChumpusRex2003 · 2013-07-14 02:56 · Score: 1
  
  There is commercial software available and certified by the government for destruction of sensitive data and "confidential" classified data.
  The use of free software is not an approved method of data destruction for bulk personal data in the UK, and its use could technically lead to legal problems. In practice, if it was used correctly, then no one would ever know.
  The problem is that the legal onus is on the person in possession of the data to provide documentary proof that the data has been destroyed in an approved manner. If you can't provide proof of the use of an authorized method and validation of success, then you could be prosecuted. For this reason, normal practice is to hire an independent contractor who will provide a certificate stating the method used.
32. Re: How does... by nogginthenog · 2013-07-14 03:02 · Score: 1
  
  Or you could take the easy route and hammer a 6 inch nail through it...
33. Re:How does... by TheCarp · 2013-07-14 03:18 · Score: 1
  
  Yup, I have heard of that BS excuse to not need to impose jail time for people in government. It clearly doesn't work and needs to be rethought for that purpose.
  Frankly, government corruption and incompetence is the only category of crime I support the death penalty for. Even a serial killer can only have so many victims. Maybe we can learn something from them over time...but... government employees? No, their org keeps on going, examples need to be made of them, they can hurt hundreds of thousands of people with a simple missstep like this. They need to be held to a higher standard than anyone else.
  If a few people swung when this sort of fuckup came about so many people are put in harms way, I have no problem with publicly hanging the people involved.
  It would set a perfect precedent for once people realize what damage other polices have done.
  
  --
  "I opened my eyes, and everything went dark again"
34. Re:How does... by HappyPsycho · 2013-07-14 03:19 · Score: 1
  
  Indeed, even if the hard drive contains state secrets could they just keep the hard drive but give you everything else? The donor can decide if to destroy or how they want the data erased (hopefully they can be convinced to just scrub it a whole lot and then give it to you anyway).
  Much less wastage that way, eBay has 80GB velociraptors going for $20-30 bucks (yes I know this is overkill), will increase the price of your $50 PC to $80 but I think that's still reasonable.
  As a side note to all of this, wouldn't / shouldn't such data be held on a central server and not on the local hard drives of the various office users? I would completely understand treating the server's hard drives differently (at least there should be far fewer of them), but I'm sure the normal user's hard drive isn't protected by raid or something similar (next power fluctuation = bye bye secret documents).
35. Re: How does... by Antique+Geekmeister · 2013-07-14 03:27 · Score: 1
  
  I have to deal with this a great deal with systems being passed from company to company or releasing hardware between departments inside a company.
  The "scrub" utility, built into most Linux distributions and available on the Knoppix CD and DVD images, works very well. The time taken really depends on the level of scrubbing. The "nnsa" and "dod" standard scrub options do take many hours, because they use patterns like all zeros, all ones, 10101010, 01010101, and then randomized data of various sorts. That's at least 5 passes over the entire disk, and disks are getting cheaper and larger. Given the size of modern systems with, that can easily take 6 hours to zero a Terabyte drive with reasonable hardware writing 80 MBytes/second.
  Many people consider these standerds to be excessive, and settle for a simple zeroing of the entire drive as sufficient protection to save time. (Generating sudo random data for overwriting really slows down the process.) Even then, the big expense is connecting the systems up somewhere with the shelf space and engineer time to do it, and to verify that it's been done. Since so few people are willing to give up control of their old system until the new system is in place, you usually can't scrub them before the new hardware is in, and replacing an entire department means an entire department of machines to scrub. And some of them may be seriously screwed up and require engineering time to get the disks into a system that can actually read and write to them.
36. Re:How does... by TheCarp · 2013-07-14 03:38 · Score: 1
  
  Yup, exactly, and that is exactly why my own company has a specific policy on the decommissioning of....hard drives. We don't toss servers out whole, we pull the damned drives, then who gives a fuck what you do with the chassis? I mean, of course we have a policy on how that is handled too, but its the hard drive one that matters.
  For that matter.... should so many medical records have been on an unencrypted volume? Shit, store the encryption key backups centrally and put the key on a USB stick. Separate stick from drive, and you may as well have wiped it. Wipe the stick/backup and the drive *IS* wiped for all purposes.
  Now, our policy is not so nuanced as to make that distinction....it all gets sent to a facility that physically shreds them. However, again, if its done properly, it would have prevented the leak whether it met policy or not....and the bigger, unwritten policy is.... don't end up in the news.
  However, by that same token, it does protect from other things like stolen machines and hard drives. Years back, when I was a PC Tech at the hospital I got called to an Alzheimerâ(TM)s drug research lab, they had had a break-in and it was clear whoever came in was all over their computers. My guess was they did the physical damage to make it look like vandalism.... but it was clear they actually logged on to the machines, and the account they used to do it was an internal IS role account. I would bet money that these labs were not encrypting anything back then.
  
  --
  "I opened my eyes, and everything went dark again"
37. Re: How does... by Anonymous Coward · 2013-07-14 04:48 · Score: 1
  
  no you should have realized not to use a FAKE number to justify your argument. Using an actual number like 8+ hours would have given you the answer to your question.
38. Re:How does... by Rich0 · 2013-07-14 05:43 · Score: 1
  
  Even for that it should be fine. There is no proof that there is any way to read drives that are overwritten.
  Risk/reward. If failure to destroy a $15 hard drive (its value after years of use) could cause a $5B fighter plane to be useless, it is probably worth the $15 just to be sure (especially since wiping isn't exactly free in terms of labor either).
  When risk tolerance is low the burden of proof is really on those who want to promote the risky behavior. There is no proof that it is impossible to read a zeroed drive (and it is unlikely there every will be until we reach the point where the uncertainty principle kicks in).
39. Re:How does... by Rich0 · 2013-07-14 05:46 · Score: 1
  
  So if you fine a government agency the money leaves their budget and goes away from their department and to an other area. Leaving that department with less money budgeted towards what they need to do. As well it would effect their influence of getting additional funding for the next year.
  Great, so the NHS has less money to spend on making patients healthier, and so patient health suffers.
  Trust me - the money won't come out of office furnishings or donuts for the doctors.
  If money is being misspent the solution is to correctly spend it - not just to cut off the supply. When people make bad decisions you need to punish the people, not the organization.
40. Re:How does... by greenbird · 2013-07-14 06:46 · Score: 1
  
  They shouldn't be fining themselves, they should be jailing the person responsible for handing them to the "unnamed contractor"
  They should be firing the idiots that aren't encrypting their drives.
  I'm amazed no one is addressing the obvious. The simple solution is encrypted drives. Encryption eliminates this issue along with protecting against a whole host of other problems.
  
  --
  Who is John Galt?
41. Re:How does... by __aaltlg1547 · 2013-07-14 06:59 · Score: 1
  
  Reduce agency budget.
42. Re:How does... by __aaltlg1547 · 2013-07-14 07:04 · Score: 1
  
  Yup, I have heard of that BS excuse to not need to impose jail time for people in government. It clearly doesn't work and needs to be rethought for that purpose.
  Frankly, government corruption and incompetence is the only category of crime I support the death penalty for. Even a serial killer can only have so many victims. Maybe we can learn something from them over time...but... government employees? No, their org keeps on going, examples need to be made of them, they can hurt hundreds of thousands of people with a simple missstep like this. They need to be held to a higher standard than anyone else.
  If a few people swung when this sort of fuckup came about so many people are put in harms way, I have no problem with publicly hanging the people involved.
  It would set a perfect precedent for once people realize what damage other polices have done.
  That would make it pretty hard to hire people with skills.
43. Re: How does... by __aaltlg1547 · 2013-07-14 07:05 · Score: 1
  
  There's also knowing the law. If the contractor didn't know the law, it was his duty to find out.
44. Re: How does... by 91degrees · 2013-07-14 07:37 · Score: 1
  
  There's knowledge of the law though, and knowledge of the facts. The contractor may not have been informed that the computers had sensitive information. Also the contractor may not be legally responsible for ensuring the destruction of the data depending on the wording of the law.
45. Re: How does... by hairyfeet · 2013-07-14 08:50 · Score: 1
  
  Dude you are buying into old wive's tales, you haven't needed to do more than a single zero pass in like 15 years. Hell there is a guy offering something like 10 grand if you can recover anything from a drive he does a zero pass on and so far not a single taker, not even the recovery companies. You see friend in the bad old days the RFM drives could easily slip the track, that would leave data behind, hence the multipass, but with modern drives that just can't happen anymore, the grooves are too tight and the tracking too precise.
  But don't take my word for it, try it yourself, just slap some old 40Gb with a bunch of files on it on a USB adapter, do a full zero pass, and then try to recover the files. you won't get shit, I've tried. and a single zero pass doesn't take long as all, I've found it takes maybe an hour for a 500GB and that is with a wipe and full pass check.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
46. Re: How does... by Hognoxious · 2013-07-14 09:00 · Score: 1
  
  If he was told to wipe them, he should have wiped them. End of discussion.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
47. Re: How does... by Hognoxious · 2013-07-14 09:03 · Score: 2
  
  The reason given by the information commissioner's office, was that the NHS staff should have supervised the contractor and independently verified the destruction.
  Garbage. Is every air passenger expected to be an aeronautical engineer and supervise the construction of the plane so that the wings don't fall off?
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
48. Re:How does... by petermgreen · 2013-07-14 09:04 · Score: 2
  
  Afaict there are basically two real problems with overwriting.
  1: drives remap sectors that are detected as troublesome (often before they go completely unreadable). This makes it very hard to ensure that you really hit every sector with your overwrite pass. Some drives have a built in secure erase feature that should solve this but then you are relying on the drive vendor to have implemented it correctly.
  2: Even if you have decided that the risk from remapped sectors is tolerable you have to be EXTREMELY careful to make sure only successfully wiped drives get released and that drives which cannot be cleanly wiped get diverted to physical destruction.
  Even assming wiping carefully costs the same as physical destruction if a failure to wipe costs you $200000 and the value of a wiped hard drive is $20 then one leak in TEN THOUSAND drives processed is potentially enough to destory the benefits.
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
49. Re: How does... by hairyfeet · 2013-07-14 09:04 · Score: 2
  
  As a guy that has been doing this since the Shat sold Vics on TV I can tell you where that old wives tale came from and why it no longer applies. the very first drives used either RFM or MFM coding (been awhile) and the drives weren't very precise so it could slip a track and miss data, hence the multiwipe. that hasn't been true in 20 years though, with grooves so tiny and motors so precise no way a drive that isn't already dying is gonna miss a track,no way.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
50. Re: How does... by 91degrees · 2013-07-14 09:30 · Score: 1
  
  Right. So the hospital can sue him for breach of contract.
  
  But he had no obligation under the law the hospital was fined under unless the law explicitly states that he was. It's unlikely that it does. It's up to the hospital to ensure the legal requirements are followed.
51. Re:How does... by volmtech · 2013-07-14 12:51 · Score: 1
  
  It's doesn't matter if a new drive is cheap, the original drive has the operating system and drivers. It's a PITB to load an operating system and find drivers.
52. Re:How does... by stoploss · 2013-07-14 15:37 · Score: 1
  
  When risk tolerance is low the burden of proof is really on those who want to promote the risky behavior. There is no proof that it is impossible to read a zeroed drive (and it is unlikely there every will be until we reach the point where the uncertainty principle kicks in).
  Oh, please. I concur with your point about weighing the relative cost of risk, but this is borderline magical thinking.
  Try this similarly absurd argument: "There is no proof that it is impossible to trivially crack all known cryptographic algorithms." Furthermore, there's no proof it is impossible to recover data from hard drives that have been multiply wiped, shredded, and melted (hey, perhaps physics will discover an exception to the Curie temperature effect).
  The risk tolerance may be low, but one needs to retain a sense of proportionality. There is no known way to read a zeroed disk. There is no known way to trivially crack AES. Magnetic domains heated past the Curie temperature will randomize/lose their data as far as we know.
  There is no guarantee that using a water heater won't cause a BLEVE, but the risk has been mitigated. I think I will just embrace that risk in order to have hot water. Much the same with zeroing disks before releasing them.
  Besides, as Schneier frequently points out, security is only as strong as your weakest link. It's much easier to compromise a human than to attempt to invent some new nanodomain technique to steal some fighter design. And that's before we lower the standard of confidentiality to the level that applies to a random person's medical history.
53. Re: How does... by CaptQuark · 2013-07-14 18:43 · Score: 1
  
  Sudo random data? {grin}
  
  Why not "Sudo randomize my data"
  
  ~-~-~
54. Re:How does... by L4t3r4lu5 · 2013-07-14 20:53 · Score: 1
  
  I partly agree, but this doesn't solve the problem experienced in the article. What the NHS bod should have done is ask for an audit log of each machine to ensure that the drives were in fact wiped. I've yet to find a contractor who wouldn't offer the service, though it is chargeable because obviously software-wiping a drive and verifying the contents takes a lot longer than throwing it in an industrial shredder. I'd like to know how you'd handle such a situation, as DBAN doesn't offer auditing.
  
  Saying all this, I have an old server with stacks of drive bays a DBAN liveCD in the drive for just these situations. I slot in all of the drives I need to wipe, and I set DBAN up overnight on a single zero-pass. it's typically done by morning, regardless of capacity. I then send the drives off for recycling. I'm sure the NHS IT dept can afford to not throw out a 2004 Opteron server and use it for just this situation. You could wipe a hundred drives a week easily with this solution, far more than any one authority should get through.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
55. Re: How does... by Antique+Geekmeister · 2013-07-14 22:30 · Score: 1
  
  Or the obligatory xkcd reference, "sudo make me a sandwich".
  https://xkcd.com/149/
56. Re:How does... by TheCarp · 2013-07-15 01:26 · Score: 1
  
  Nah you make sure the buck always stops in the political/management level where there are no skills worth retaining.
  
  --
  "I opened my eyes, and everything went dark again"
57. Re:How does... by Rich0 · 2013-07-15 07:38 · Score: 1
  
  Sure, you can't prove a negative. However, there is at least a plausible argument that you could recover data from a zeroed drive.
  For all I know the NSA even has a history of successfully doing it. They're not going to publish that if they do, but they'll certainly not rely on zeroing their own drives.
  Bottom line is that anybody with classified information has a documented procedure that they'll follow when disposing of hard drives. Simple zeroing is plenty good for those who don't expect state agents to be snooping. Anybody who is actively and successfully evading the CIA/NSA probably has a lot more insight into just what is required to do so then either of us.
58. Re:How does... by gzuckier · 2013-07-15 08:22 · Score: 1
  
  meanwhile, back at the farm:
  " In an almost cartoonish response to a relatively minor problem, employees at the obscure Economic Development Administration took a hammer to their computers, keyboards and mice in an effort to destroy all of the agency’s tech-related hardware after incorrectly believing their network had been hacked. "
  http://www.foxnews.com/politics/2013/07/10/us-agency-destroys-computers/#ixzz2Z9DF6GdH
  
  --
  Star Trek transporters are just 3d printers.
59. Re:How does... by __aaltlg1547 · 2013-07-15 12:17 · Score: 1
  
  If I'm the political guy who has no skills and my head is on the line if my subordinates do anything wrong, my number one priority is going to be that my subordinates don't do anything at all.
60. Re:How does... by stoploss · 2013-07-15 12:18 · Score: 1
  
  Anybody who is actively and successfully evading the CIA/NSA probably has a lot more insight into just what is required to do so then either of us.
  Yes, but remember, the courier is the weak link (haha).
61. Re: How does... by Anonymous Coward · 2013-07-15 20:53 · Score: 1
  
  Hard drives used to write deeply into the magnetic layer on the surface of the disk, and the magnetic surface was much bigger and thicker and more luscious because it was made of purified rust. You could eat it to gain its iron, though not its data storage powers.
  Now, hard drives use atoms-thick layers of exotic magnetic materials constructed at the atomic level by laying down layer-by-atom-thick-layer in a chemical vapor deposition oven, and the read-write heads project strong, tiny magnetic fields capable of shifting the magnetization of domains so small they're well into dancing-angels territory. You can't even eat the disks anymore because they're made of glass or glass-ceramic to get the flat surface you need to operate a mechanical system under tolerances and conditions that even 10 years ago would get you laughed out of a design room for mentioning as a requirement.
  With older drive technology you could screw with the head preamps and retrieve faint impressions of the original data from the bottom and sides of the data track in the magnetic layer, albeit with low SNR. Nowadays when rewriting data, there's no space untouched at the bottom of the almost two-dimensional crystalline magnetic nanolayer holding your data for any previous data to remain.
  Write one pass of zeroes. Then eat the drive. Older drives have a stronger flavor and tend to be more stringy. Young drives can be fried, grilled, or roasted. Older drives require braising; follow regional cooking traditions. A common, inexpensive method is to stew the drive in capacitor electrolyte with seasonal root vegetables. Do not reduce the electrolyte before adding to the casserole; lots of moisture is required to break down the tough parts. Remove the fine wires before cooking or cut them into small pieces as they tend to tangle into an inedible ball when chewed.
62. Re:How does... by TheCarp · 2013-07-16 04:49 · Score: 1
  
  Hadn't thought of it that way....so this is an even better solution than I originally thought, because it solves multiple problems.
  
  --
  "I opened my eyes, and everything went dark again"
63. Re:How does... by __aaltlg1547 · 2013-07-16 15:23 · Score: 1
  
  As long as you don't want the roads paved or the police to show up when needed.
64. Re:How does... by TheCarp · 2013-07-17 05:32 · Score: 1
  
  As long as the indefinite detentions, torture, warmonger and surveillance stop, I am ok with rebuilding from there. Thanks for your concern though. Wasn't too worried about the easily solved problems.
  
  --
  "I opened my eyes, and everything went dark again"
65. Re: How does... by Hognoxious · 2013-07-20 11:15 · Score: 1
  
  Bollocks. If I employ someone who presents himself as a professional or tradesman in any field it's a reasonable expectation that they're competent in it, which includes knowledge of any relevant laws.
  You don't hire an electrician and stand behind him telling him which wires to connect. And he should be fully conversant with the relevant codes and standards.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
No encryption by flyingfsck · 2013-07-13 21:29 · Score: 1

The NHS fine should be doubled for stupidity.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
1. Re:No encryption by malkavian · 2013-07-14 03:12 · Score: 1
  
  Bear in mind that most NHS places barely fund an IT department, let alone one that'll support the costs of encryption to every disk on every machine in a trust.
  General policy is usually that you don't save patient identifiable information to a non-server disk. And when you hire a contractor to do a job, you expect it to be done. The fault here isn't with the NHS, it's with a contractor who's supposed to be vetted as secure, offering a service, and then doing something completely stupid.
  Would be great if every machine everywhere was 100% secure, but alas, there's not the money or time available in most places.
2. Re:No encryption by Charliemopps · 2013-07-14 03:34 · Score: 1
  
  Having been involved in these sorts of contracts (in the USA) I can tell you that your excuse is bullshit. I've pointed out some rather glaring evidence that contractors were likely not fulfilling their end of the contracts in the past... for example, per a contract data was supposed to be encrypted at rest. However, I could connect to it via ODBC and download plain text passwords. If your passwords are stored in plain text, it's hard to believe any of the rest of the data is protected any better.
  Anyway, reaction from the contract people was "We're protected by the contract. If they are not fulfilling the contract, they are liable, not us."
  They were not concerned with actually complying with legal requirements, they were interested in shifting blame if anything were to go wrong to someone else. So the cheapest 3rd party they could find fit the bill. That third party was very likely in breach of contract the entire time, but as long as nothing ever went wrong then they make money. If something did go wrong, I'd assume they'd just file bankruptcy to avoid the fines.
  Fines don't work. Jail time does.
I wonder by ozduo4 · 2013-07-13 21:37 · Score: 5, Funny

If prism will be selling their old computers too?
1. Re:I wonder by cold+fjord · 2013-07-13 21:56 · Score: 1
  
  It is possible that they might, but since the data they process is Top Secret, the hard drives will be destroyed, and probably the ram as well.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
2. Re:I wonder by ozduo4 · 2013-07-13 22:12 · Score: 1
  
  I destroyed a hard drive recently, it took several blows with a large hammer before I was satisfied. Will governments trust third parties to destroy something that they could sell instead?
3. Re:I wonder by cold+fjord · 2013-07-13 22:42 · Score: 1
  
  For systems that have held Top Secret data the media won't be sold, it will be destroyed. The consequences of possible loss are considered too severe. I believe I've read that they have facilities for destruction themselves. It looks like one of the ways they do it is the use of High Security Disentegrators which reduce everything to no more then 3/32" size. Examples here.
  I suppose it is possible that they might outsource it, but there would obviously have to be tight controls in place to assure destruction.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
4. Re:I wonder by Gription · 2013-07-13 22:47 · Score: 1
  
  Secure destruction happens onsite. If you don't have a verifiable chain of custody then you don't have secure disposal.
  http://www.youtube.com/watch?v=yd_O7-rqcHc
5. Re:I wonder by Joce640k · 2013-07-13 23:27 · Score: 1
  
  Formatting works perfectly well for data destruction.
  (cue line of geeks with theories about why it isn't despite the fact that they can't come up with a single example of data recovery after formatting...)
  
  --
  No sig today...
6. Re:I wonder by gl4ss · 2013-07-13 23:50 · Score: 1
  
  It is possible that they might, but since the data they process is Top Secret, the hard drives will be destroyed, and probably the ram as well.
  well sure, if their contractors aren't cheapening out...
  or if anyone knows what the box going to the dumpster is.
  
  --
  world was created 5 seconds before this post as it is.
7. Re:I wonder by RDW · 2013-07-13 23:51 · Score: 1
  
  Hope you don't work in data security! Every decent file recovery tool (Recuva, PhotoRec, etc.) can restore files from a formatted drive. Secure wiping (as with DBAN) is a different matter.
8. Re:I wonder by maxwell+demon · 2013-07-14 00:01 · Score: 1
  
  Hope you don't work in data security! Every decent file recovery tool (Recuva, PhotoRec, etc.) can restore files from a formatted drive. Secure wiping (as with DBAN) is a different matter.
  Not if it is true formatting (as opposed of the simple rewrite of file system master structures which these days is done when "formatting"). I don't know if modern hard disks actually still support true formatting, though.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
9. Re:I wonder by nojayuk · 2013-07-14 00:35 · Score: 1
  
  Some data recovery can be done even off multiply-overwritten tracks but it takes serious engineering of the sort only police forensics and national security can afford in terms of cash and time. Even then there is no certainty of success.
  The head positioning system in a disk drive is not 100% accurate pass to pass and remnant magnetic data can persist on the edge of the main track after an overwrite or two on some sectors. That data can be read using scanning electron microscopes, SQUIDs and other exotica and some of the disk's original contents reconstructed. One (public) example where this has been carried out is where someone wiped their collection of child porn but the prosecution were able to prove the disk contained a few illegal images, enough to secure a conviction.
  If you're wanting to destroy the data on a disk for sure, shred it into chips if you have the facility (most big data centres either have their own shredder or they can bring in a truck-mounted shredder and shred them on site to preserve chain of custody). Failing that, if you have the time and curiosity take the drives apart, remove the platters and next time you have a BBQ toss them in the charcoal or put them on the grill after cooking. They'll slag down but more importantly the heat will push them over their Curie point totally randomising the magnetic data. You'll also get some kickass fridge magnets out of the deal.
10. Re:I wonder by aurizon · 2013-07-14 00:44 · Score: 1
  
  In Canada the military thermally destroys the drive and PCB to a molten state. In the days of large mainframe hard drives I was told the CIA would first open the drive platter case. separate each platter and mount the platters on a lathe and mill them down to bare aluminium, which was melted.
  I would anticipate the NSA/CSA/FBI would perform a similar level of destruction, the IRS, I have heard of them selling systems with only the directory wiped, so ant expert person could read the scattered data files and make some attemt to re-catenate them?
11. Re:I wonder by pnutjam · 2013-07-14 02:01 · Score: 1
  
  Everything you said should have been preceded by "In theory..." There is no evidence any of that sort of data recovery is possible.
  
  --
  Cheap storage VM.
12. Re:I wonder by julesh · 2013-07-14 02:51 · Score: 1
  
  One (public) example where this has been carried out is where someone wiped their collection of child porn but the prosecution were able to prove the disk contained a few illegal images, enough to secure a conviction.
  If this really has happened, you should be able to point to the details of the particular case. Common wisdom is that this simply does not happen any more (as the likelihood of being able to recover enough information to achieve a conviction has become much, much lower with modern disks that are much more accurate in head positioning than older disks), so I'd really like to see actual documentation of cases where such a technique has been successfully used in, say, the last 10 years.
13. Re:I wonder by Antique+Geekmeister · 2013-07-14 03:33 · Score: 1
  
  Unless it's not. I'm afraid I've been handed several systems by military software developers that were never scrubbed before they were loaned to me for software projects. I did try to arrange a quiet talk with their IT personnel about their security practices, and on one occasion felt compelled to write a registered letter, with copies to their and our legal staff, to warn about the dangers. (There were poorly protect system passwords stored in plaintext on the system.)
14. Re:I wonder by Antique+Geekmeister · 2013-07-14 03:38 · Score: 1
  
  > separate each platter and mount the platters on a lathe and mill them down to bare aluminium
  Given the prevalence of aluminum platters with iron oxide coatings, this seems extraordinarily dangerous. Although, thinking about the possible thermite reaction this could trigger, I think that _would_ destroy the data.
15. Re:I wonder by Charliemopps · 2013-07-14 03:46 · Score: 1
  
  That's funny. Can I be the first one with with a real example?
  My brother in law "accidentally" formatted the hard drive of one of their old computers that had all of their family pictures on it.
  I restored the entire drive. Basically all I didn't get were file names. Which, trust me, was annoying. I had duplicate photos all over the place. But I got everything back and was able to copy every photo off the drive. I believe I used Norton and it was a free download.
  If you were to write all 0's to the drive (and there are tools to do that) it would make it harder and require special equipment and taking the drive apart, but you can still read it without a whole lot of effort. Passing the drive through a large electromagnet, then grinding it into little bits that you mixed with lots of other ground up drives would probably make it statistically impossible to recover given current technology. I'd imagine melting them down would be the only way to be really sure.
16. Re:I wonder by Hognoxious · 2013-07-14 09:26 · Score: 1
  
  Everything you said should have been preceded by "In theory..."
  
  Incorrect.
  "Thirty years ago, when disks were the size of truck wheels ..." would also work.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
17. Re:I wonder by Hognoxious · 2013-07-14 09:29 · Score: 1
  
  I think we now know why Canada is (in area terms) bigger than the US but has a fraction of the population.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
This is what will happen when cloud providers die by Anonymous Coward · 2013-07-13 21:45 · Score: 1

This exact leak of data will happen repeatedly. A cloud provider goes under, machines get sold, the buyer is free to do what they want with the data on them, even if it is a torrent of people's personal and banking info.
In theory, the auction site should blank the machines... but what's a blank? A fdisk is still recoverable.
Contract not signed by Alain+Williams · 2013-07-13 21:49 · Score: 1

It does not matter if a contract was not signed, there was still an agreement. All that signing a contract means is that the agreement is provable and, hopefully, responsibilities clearly defined. Here: there does not seem to be a dispute as to who should have deleted the data (destroyed the disks), it is the contractor they should pay every penny of the fine.
All of the above written without knowing exactly what was agreed!
1. Re:Contract not signed by Joce640k · 2013-07-13 23:28 · Score: 1
  
  ... mostly depending on the exact terms of the contract.
  You know how I know you didn't read the article?
  
  --
  No sig today...
Outsourcing by lobiusmoop · 2013-07-13 21:50 · Score: 1

FTFA:
We should not have to tell organisations to think twice, before outsourcing vital services to companies who offer to work for free.
Relevant Dilbert

--
"I bless every day that I continue to live, for every day is pure profit."
salvage value.. by gl4ss · 2013-07-13 21:53 · Score: 1

well duh, obviously this was the highest salvage value they could arrange.

--
world was created 5 seconds before this post as it is.
Fines.. by Bert64 · 2013-07-13 22:00 · Score: 5, Insightful

Fining the NHS is pointless, it only harms the NHS itself... Those responsible don't care because its not their money.
They should fine the contractor instead, as it was his laziness/incompetence that caused this.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
1. Re:Fines.. by Fjandr · 2013-07-13 22:02 · Score: 3, Insightful
  
  While there was negligence on both parts, I definitely agree that the contractor should be penalized for failure to perform the promised service.
2. Re:Fines.. by Joce640k · 2013-07-13 22:17 · Score: 1
  
  If you read TFA you'll see there's no contract. The word "contractor" implies it but really they were just handed to a guy who crossed his heart and promised to do it before putting them on eBay.
  OTOH, you're right that the NHS shouldn't be fined. The person who handed over the computers (presumably to a friend of his) needs jailing.
  
  --
  No sig today...
3. Re:Fines.. by mpe · 2013-07-13 22:24 · Score: 1
  
  Fining the NHS is pointless, it only harms the NHS itself...
  
  Fining any public body tends to be at best pointless, at worst counter productive. (Another common example of this kind of daftness is fining police forces when prosecution of police officers would be more appropriate.)
  
  Those responsible don't care because its not their money. They should fine the contractor instead, as it was his laziness/incompetence that caused this.
  
  The most obvious thing to do would be for NHS Surrey to sue the contractor for all of their costs, including the fine. (Possibly something more like Â£300k.) But the former may well mean they won't bother.
4. Re:Fines.. by leathered · 2013-07-13 23:31 · Score: 3, Informative
  
  Look up Vicarious Liability, it's a tenet of Common Law.
  Too many MBAs believe that when you outsource, you are offloading responsibility. 'It was the contractor's fault, your honour' will not wash in any court of law.
  
  --
  For all intensive porpoises your a bunch of rediculous loosers
5. Re:Fines.. by Faluzeer · 2013-07-13 23:55 · Score: 1
  
  Hmm
  They should punish all involved in NHS Surrey. Hit them where it hurts, final warnings, no pay rises, no promotions, no pension contribution for the year.
6. Re:Fines.. by nukenerd · 2013-07-14 01:03 · Score: 1
  
  Fining the NHS is pointless .... Those responsible don't care because its not their money. They should fine the contractor instead, as it was his laziness/incompetence that caused this.
  Wrong, I think you would find those responsible DO care and are feeling very embarrased about this. Nevertheless, the episode shows that they were incompetent and should simply be sacked. There are too many incapable people holding jobs they are not up to, and too many capable people unemployed.
  
  Apart from that, there is no way that the NHS should have been letting PC's off the premises with data on the drives, contract or no contract. If they had to employ a contractor, the work should have been done on NHS premises, and a responsible and cabable NHS IT guy check each one before releasing it.
  
  If the NHS have no responsible and capable IT guys, then it's time to employ some. FFS, I know how to wipe a HD and I do not even work in IT.
7. Re:Fines.. by Livius · 2013-07-14 01:33 · Score: 1
  
  They should fine the contractor instead
  Suing the contractor is hopefully NHS's next step.
8. Re:Fines.. by drinkypoo · 2013-07-14 02:42 · Score: 1
  
  If the idea is to punish someone to try to correct the behavior, then fining the NHS is a fat fucking waste of time. Fining whoever hired the contractor personally might help. Fining the contractor should be mandatory when one is involved.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
9. Re:Fines.. by leathered · 2013-07-14 05:15 · Score: 1
  
  Agreed that the contractor is primarily responsible, and should be punished.
  However the NHS has a secondary (vicarious) liability and should also be punished for inadequate supervision of its contractors.
  FWIW I used to work for an NHS IT dept. The destruction/wiping of hard disks was tasked to the in-house team. Unlike contractors they're not motivated to take shortcuts for financial gain.
  
  --
  For all intensive porpoises your a bunch of rediculous loosers
10. Re:Fines.. by Rich0 · 2013-07-14 05:49 · Score: 1
  
  However the NHS has a secondary (vicarious) liability and should also be punished for inadequate supervision of its contractors.
  Just how do you "punish" an organization? The only reason the org has money is to accomplish some public service. Taking that money away just makes it less effective at whatever purpose it was created for. If it doesn't need the money, then the money should be taken away regardless of behavior.
  Punish the people who made the decisions, not the organization.
11. Re:Fines.. by N1AK · 2013-07-14 06:28 · Score: 1
  
  Fining public bodies makes plenty of sense if they are remotely well run (a subject for another day). Whether it is appropriate or not would depend on things like if the organisation authorised or allowed the contractor to be given the pc or whether the employee took it without permission (in which case lets call a theft a theft). Was the data on the laptop stored sufficiently securely? Most UK government departments have policies, and sometimes are required, to encrypt discs. If it wasn't secured then maybe they got fined for that. If the contractor is willing to admit that he verbally agreed a contract which involved destroying the data then the NHS has the option of pursuing him in a civil prosecution.
12. Re:Fines.. by Solandri · 2013-07-14 06:51 · Score: 1
  
  The way it works is that you fine the entity responsible for the integrity of the data (NHS) for the data breach. Then the NHS sues the contractor for damages caused by their failure to provide promised services, for the amount of the fines plus whatever administrative costs were incurred.
13. Re:Fines.. by gnasher719 · 2013-07-14 10:46 · Score: 1
  
  If you read TFA you'll see there's no contract. The word "contractor" implies it but really they were just handed to a guy who crossed his heart and promised to do it before putting them on eBay.
  Which means there is a contract.
14. Re:Fines.. by Threni · 2013-07-14 11:24 · Score: 1
  
  Well that's that sorted then.
  Everyone knows it's a shit system - the same thing happens when privatised train companies underperform and get handed financial "penalties", but get to keep their franchise, get more subsidies from the government, put up prices, pay bonuses to the directors etc. But no-one seems interested in doing anything about it.
A: Because it breaks the flow of a message by DNS-and-BIND · 2013-07-13 22:11 · Score: 5, Insightful

Q: Why is starting a comment in the Subject: line incredibly irritating?

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
1. Re:A: Because it breaks the flow of a message by Anonymous Coward · 2013-07-14 01:16 · Score: 1
  
  The natural order to read comments is to skip the subject line entirely.
2. Re:A: Because it breaks the flow of a message by godel_56 · 2013-07-14 16:57 · Score: 1
  
  The natural order to read comments is to skip the subject line entirely.
  In Slashdot, they also frequently skip the summary and the accompanying article as well.
Should be fining the contractor, not the client by radio4fan · 2013-07-13 22:16 · Score: 4, Insightful

I don't really get this. The NHS contracts out the disposal of the machines to a private contractor, who then royally screws up, and it's the fault of the NHS?
Surely the responsibility lies with the contractor?
FTA:

“Should they [the contractor] be accountable? Definitely not, because NHS Surrey have been entrusted with the welfare of their patients. Should the contractor be responsible? Absolutely, yes,” Jones added.
This seems to me an argument that the NHS cannot outsource or subcontract anything.
What is NHS Surrey supposed to do in this scenario? Use in-house people to analyse the machines to make sure there is no data remaining before disposing of them?
Or just keep data-disposal services in-house? Personally, I think this would be a great idea, but it goes against the dogmatic 'privatise absolutely everything possible' trend in the UK.

“We should not have to tell organisations to think twice, before outsourcing vital services to companies who offer to work for free.”
Except they didn't work for free: they worked for the salvage value. I can't really see how the low value of the contract proves fault.
1. Re:Should be fining the contractor, not the client by radio4fan · 2013-07-13 22:44 · Score: 1
  
  Except amongst your quotes from TFA you omitted one:
  
  The NHS body didn’t sign a contract with the provider and failed to determine whether the hard drives have been wiped, the ICO said.
  Thanks, I must have glossed over the fact that they can't prove that they instructed the contractor to destroy the data.
  But still the issue remains that verifying that the data has been destroyed is more work than destroying the data, so is the ICO really saying that responsibility for data security cannot be subcontracted?
  Personally, I hope so. But like I say, it flies in the face of privatisation dogma.
2. Re:Should be fining the contractor, not the client by gl4ss · 2013-07-13 23:09 · Score: 1
  
  nhs shouldn't be giving them away out of their control in uncleaned condition. that much is simple.
  nhs can try to sue the contractor on contract breach still though. but if getting rid of responsibility was that easy there would be none.
  
  --
  world was created 5 seconds before this post as it is.
3. Re:Should be fining the contractor, not the client by jimicus · 2013-07-13 23:54 · Score: 1
  
  Not really. You can't discharge responsibility just by contracting someone else to do something; the principal is responsible for the actions of their contractor.
  Of course, the NHS could sue the contractor, assuming they had a contract that mentioned secure disposal.
4. Re:Should be fining the contractor, not the client by mrbester · 2013-07-14 02:10 · Score: 1
  
  Even if there wasn't a contract to shred the data, the contractor can still be prosecuted as they broke data protection laws. Putting an unwiped machine on eBay is all on the contractor.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
5. Re:Should be fining the contractor, not the client by jimicus · 2013-07-14 02:49 · Score: 1
  
  The ICO doesn't need to prosecute anyone.
  They did need to some years ago, but today they can simply march in, investigate and levy a fine. You disagree with the fine? It's down to you to appeal the fine at a tribunal.
6. Re:Should be fining the contractor, not the client by L4t3r4lu5 · 2013-07-14 20:58 · Score: 1
  
  Of course it can be subcontracted. I know of several companies which handle data destruction, and all of them offer verification of data destruction on working drives. Yes, it is chargeable, but that's understandable and should have been paid for by the authority. The NHS gets the paperwork, if the data shows up on eBay they go "This is the audit log the contractor provided us. They have obviously provided incorrect of falsified records. We have fulfilled our obligations; Have at 'em." Now the contractor faces Â£0.5m in fines and 6 months in jail, and not the NHS.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
7. Re:Should be fining the contractor, not the client by stephenpeters · 2013-07-14 21:18 · Score: 1
  
  Except they didn't work for free: they worked for the salvage value. I can't really see how the low value of the contract proves fault.
  I can. I have quoted for this type of work in the UK before. I went to have a look at the kit first before quoting and did so knowing that the job was more complicated that it initially appeared. The people wanting to dispose of the equipment wanted to dispose of it through an auction house specialising in selling unwanted corporate assets in bulk. They wanted to get rid of it quickly and as they did not understand what needed to be done thought the job would be fast and cheap.
  I found racks of working servers, disk arrays, standard PC's as well as lots of dead equipment, individual drives and older UNIX equipment. Most of the kit could be wiped with standard utilities, but the UNIX equipment and dismantled kit would take much more time so my quote allowed for this. The company chose to go with a very cheap data deletion specialist who used a minimum wage employee armed with a PC wiping CD. Of course this would not boot anything not running an Intel processor so they simply didn't bother with that kit. It didn't have drivers for disk arrays so these were missed too. As the amount paid didn't allow sufficient time to connect up to all of the drives not in a PC they didn't bother with these either. All of the kit went straight to auction from there.
  I read the report from the company wiping the machines which stated that their deletion routines were successful in the summary then went on to explain in highly technical language what had not been done and why in the rest of the report. Managers would be highly unlikely to understand what had not been done from this, but would probably assume that the kit was sent out in a clean state. The contractor had actually stated what had been wiped and what had been missed, just not in an understandable format and so were probably not liable for a data breach. I pointed out that they had not wiped any of the UNIX kit and had sent a complete readable set of financial data to be sold at auction. I have yet to hear back from them.
  Managers simply don't understand this area and are easy prey for the unscrupulous. They will usually choose the cheapest quote.
Re:This is what will happen when cloud providers d by CadentOrange · 2013-07-13 22:37 · Score: 1

dd if=/dev/zero of=/dev/hda bs=1M
Or something equivalent. It's not hard to blank out a hard drive, just time consuming.
So? by Murdoch5 · 2013-07-13 23:34 · Score: 1

Your records aren't secure or private in the first place, no matter where you live or get health care. I've had 5+ sets of digital AND paper records just magically go missing from several hospitals. The doctors didn't get really care, they just re-ran the tests and in one case the re-run results also went missing. If you believe in an illusion of privacy and security with your countries health care system then you've been fooled.
Re:This is what will happen when cloud providers d by maxwell+demon · 2013-07-14 00:08 · Score: 1

Of course there's still a small risk that important data has gone to a bad sector which is no longer mapped and thus also not rewritten in the process.
However if confidential data is stored strongly encrypted (as it should be), then as long as your key is reliably wiped out, it doesn't really matter if the rest of the data is still there. Nobody will be able to read it anyway.
Well, unfortunately "should be" is entirely different from "is" ...

--
The Tao of math: The numbers you can count are not the real numbers.
How hard by EmperorOfCanada · 2013-07-14 01:46 · Score: 1

How hard is it to wipe a machine? I've never been a fan of the wasteful practice of physically shredding hard drives. But a simple policy is that you physically take every drive out of the machine, hook it up to a master machine, and run a reliable drive wiping program. As for the reliability of these drive wiping programs, I have not only not heard of something slipping by them, there is one company that sells hard drives that have been wiped with only zeros and has a cash prize if you can restore the data. So if you are doing a two pass random data wipe you are way ahead of the state of the art.

I am fairly certain I could set up a drive wiping station (with a multi drive connector) for about $200. Then if you occasionally did get a drive with a weird issue where you couldn't wipe it then you use the hammer next to the station and bonk the drive a few times and throw it in a special box for physical destruction.

This is not rocket surgery.
1. Re:How hard by PPH · 2013-07-14 12:40 · Score: 1
  
  I use DBAN (http://www.dban.org/). And from what I've heard, its not likely anyone will be able to recover anything short of using some very expensive forensic techniques. Sure, if someone wants your data and is willing to wait out by the dumpster for you to retire it, they could still get it. But given a random dumptruck load of DBAN-wiped PCs, which one is worth the recovery cost?
  The biggest problem is that people selling used PCs want to be able to show a working machine with an OS. And for most people, that means not scraping off Windows. I always throw Ubuntu on my old scrubbed systems. But most people will wet themselves if they don't see the familiar Microsoft logo.
  
  --
  Have gnu, will travel.
Re:What I fail to believe by uglyduckling · 2013-07-14 02:00 · Score: 1

None of the NHS trusts I've worked for are using Windows 3.1 or CRT monitors, except for maybe esoteric lab equipment which isn't worth upgrading. I agree that NHS informatics is generally a mess, but the hardware isn't generally as bad as you're making out.
Re:What I fail to believe by uglyduckling · 2013-07-14 02:04 · Score: 1

The 'text mode DOS crap' is probably a proprietary pathology lab system, and it's likely not DOS at all but a unix running over telnet. Old but super fast and efficient, and not easy to upgrade without replacing expensive lab gear that interfaces with it well. You may also be seeing EMIS, or similar, a GP health informatics system that's again super-fast and reliable. There is an upgrade path to a Windows clients and more modern backend but most areas are following a phased rollout. As for path results - GPs can phone and get the results within 24-48hr, but it's not practical to do for every patient.
Re:This is what will happen when cloud providers d by julesh · 2013-07-14 02:55 · Score: 1

In theory, the auction site should blank the machines
At least here in the UK, there is no law that would require them to do so as far as I am aware. The only obligation to destroy the data rests with the data controller, who in your scenario is not even the cloud provider. The cloud provider may have undertaken to do so on behalf of the data controller, but I am uncertain if such an obligation would survive the company being declared insolvent: at such a time, recovering the maximum possible revenue for the company's creditors becomes the highest legal priority; honouring existing contracts is relegated to a distinct second place.
No data on devices by Natales · 2013-07-14 03:07 · Score: 1

When are all these organizations going to learn that NO DATA should ever be on a mobile device? All access should be done through virtual desktops from secured, managed devices using strong authentication and mandatory access controls, period. This is not rocket science and the technology has been available for years. They only have themselves to blame.
Re:This is what will happen when cloud providers d by ChumpusRex2003 · 2013-07-14 03:30 · Score: 1

This also only works "in theory". The list of drives with hopelessly broken "SATA secure erase" implementations is a long one.
How is this even possible? by wisewellies · 2013-07-14 03:33 · Score: 1

I still don't understand how this kind of breach of data security is even possible. The real question is why the records access system even allows data to be downloaded to a local hard drive for access - surely each PC should contain an operating system and whatever client application is necessary to access medical records. There should never be a need for a local copy to be made - remember these PCs are connected to the hospital's network. It simply shouldn't be possible to export records from the system unless they are suitably anonymised - and access to this export function should be restricted to those involved in research programmes. Fining the NHS trust for allowing the breach does nothing to solve the real problem - that the records storage and access system permits records to be downloaded in the first place. Get the IT requirements right at the design stage and most of these problems go away.
Re:This is what will happen when cloud providers d by flyingfsck · 2013-07-14 05:11 · Score: 1

The sad thing is that every disk drive sold this century has a low level secure erase function built in, but practically no-one knows about it. You can activate it with hdparm.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Re:This is what will happen when cloud providers d by cheesybagel · 2013-07-14 05:21 · Score: 1

Even better. Use /dev/random instead of /dev/zero. Good luck to anyone trying to recover that data.
Re:This is what will happen when cloud providers d by CadentOrange · 2013-07-14 06:49 · Score: 1

Why is /dev/random better? They should not be able to retrieve the data if the drive has been zeroed?
Re:This is what will happen when cloud providers d by CadentOrange · 2013-07-14 06:50 · Score: 1

I knew it existed for SSDs, didn't know it also applied to hard drives too.
It's backwards...really? Was that irritating? by DNS-and-BIND · 2013-07-14 07:06 · Score: 1

You see what I did there?

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Re:This is what will happen when cloud providers d by gregor-e · 2013-07-14 08:43 · Score: 1

/dev/random is slightly better because on a hard drive, the data band is surrounded by guard bands, areas of unused magnetic surface that separate them from the next track. Head positioning and magnetic footprint aren't 100% accurate, so these guard bands get a little magnetic influence from the data written on the data band. If the data band is erased with zeros, the guard bands are not scrambled and can be used to recover the data that had leaked onto them before. If you write random data on the data bands, the leakage into the guard bands will also scramble up the leaked magnetic patterns from the previous data.
For some reason, I'm thinking of Dumbo. by Hognoxious · 2013-07-14 09:12 · Score: 2

I wanna see a "CD stick".
Coat [at least] one side with glue.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Is Xzibit a law professor now? by Hognoxious · 2013-07-14 09:18 · Score: 1

perhaps a measure stating he will do what he says he does.
The contract should include a clause stating that the contractor must abide by the contract? Should it perhaps include another clause stating that the contractor must abide by the clause stating that the contractor must abide by the contract?

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Re:This is what will happen when cloud providers d by CadentOrange · 2013-07-14 19:23 · Score: 1

I did not know this. Thanks for enlightening me!
Re:Responsibility by Errol+backfiring · 2013-07-14 20:19 · Score: 1

It is the full responsibility of the NHS to make sure patient data isn't leaked. This means it is almost criminal to outsource it, and if they do outsource it, it must be audited. But if they are even too stupid to wipe the hard drives before handing the machines over, they are just incapable of working with sensitive data.

--
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!