The healthcare industry is unique in the sheer volume of sensitive data which it generates and processes on a daily basis, all of which is managed on a vast network of IT devices – but what happens when the hardware on which this data is stored needs refreshing, and reaches the end of its lifespan?
What is ITAD?
The process of disposing of end of life IT assets is know as IT asset disposal, or ITAD for short. IT asset disposal, is a complex, specialist process, and often requires the assistance of a dedicated ITAD vendor to ensure your assets are disposed of safely and securely.
A fully qualified ITAD partner will transport, store and dispose of your data, as well as providing you with a comprehensive audit trail to protect you legally in the event of a data breach.
Perhaps the most important step in the ITAD cycle is the process of data eradication. This will ensure that whatever the final destination of your IT assets – whether they are re-used, re-sold or recycled – the data stored on the devices is unretrievable. Some of the most effective methods of data eradication include:
Data Wiping/Overwriting – This is often the most favoured data eradication method. Your ITAD provider must ensure that any data erasure process is carried out in line with NCSC (previously CESG) standards.
Data Degaussing – Data Degaussing entails the use of electromagnetism, which is used to effectively eradicate all magnetically recorded data.
Data Shredding – This mechanical process crushes, chops and finally shreds IT assets to ensure the data held within is irretrievable.
The EHR Threat
The healthcare industry manages large quantities of patient data in the form of electronic health records (EHRs). Electronic health records have enabled the industry to move towards a paperless system, and ultimately to be able to provide up accurate and high quality care for their patients. A patient’s medical history can now be easily accessed by multiple medical professionals across numerous locations simultaneously.
Despite the obvious benefits EHRs bring to the healthcare industry, they also provide a new set of challenges. Patient data is now stored on a network of IT assets, all of which are vulnerable, not only to a cyber security attack such as the WannaCry ransomware attack which targeted the NHS in May 2017, but to physical theft or misplacement. IT assets are particularly vulnerable when they reach the end of their life span, as they are often set to one side and forgotten about where they are apt to be moved, borrowed or even stolen.
This would be a risky practice for any business, but in the healthcare industry it is highly dangerous and places sensitive patient data at serious risk. End of life assets must be treated as a security threat until the point at which the subjected to the process of data sanitisation by a qualified ITAD partner. A qualified ITAD partner will help to ensure the security and integrity of your patient’s data, as well as providing a fully auditable chain of custody.
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.