Calling all NHS IT Engineers- Hard drive wiping

Daff_Duck · 31 May 2014 at 13:34

In my area we now have couriers picking up broken equipment especially PC's. However due to data protection we are now to take the HD out of the machine and make sure the PM puts in a safe until someone comes to erase the data.

Thing is those at the top have ordered some kind of well expensive gizmo and due to the size of the area it could be months before they get round to each practice

So the question is what about Dban or Diskill do they have sufficient credence to be able to tick the boxes with regards to wiping the disc of its content?

PMKeates · 31 May 2014 at 13:56

Probably, but you should probably do what your bosses tell you?

RedvGreen · 31 May 2014 at 14:03

Follow company policy and procedure - that way if anything goes pear-shaped, it isn't your neck on the line.

Speaking technically, a big degausser follow by a drive destroyer ( http://www.garner-products.com/PD-4.htm ) will be a sure-fire way to destroy most of the data. Of course, on the data level it would be best to run a 0 pass with Eraser or a similar tool prior to this.

AtreuS · 31 May 2014 at 14:41

Sledgehammer and a big hairy man works too p:

This being the NHS they will buy the most expensive solution possible then spend 6 months working out a health and safety procedure for using then discover it COULD be dangerous and never use it... then hire a third party company to do it at vast expense.

Craig321 · 31 May 2014 at 14:42

How many? You could just open them up and smash the disks inside.

darael · 31 May 2014 at 14:50

Fill the drive with random data, fill it with zeros, degauss it, then finally physcially damage the drive.

Nasher · 31 May 2014 at 16:43

The platters have to be smashed to peices or it's still possible to get some date off it using the right equipment. Even if it's snapped in half.

When the government do it (the parts that deal with sensitive, or classified data at least) they use a machine which grinds the entire drive in to fine dust, then they get recycled

Diagro · 31 May 2014 at 16:44

@ School they just throw them in the bin, But i have started drilling holes in them.

Trifid · 31 May 2014 at 20:39

The person in charge of Information Governance will decide the method in which the data should be destroyed. You should follow this method.

adolf hamster · 31 May 2014 at 23:04

unscrew each hard drive and obtain the following:

a free shuriken billet [disk]

several useful screw storage mechanisms [magnets]

now you can be a well organised ninja assured that the data is vanquished along with your foes

smogsy · 31 May 2014 at 23:20

you got a few options

break the air sill once broken the drives the air pressure will drop be useless.
get large magnet to wipe the drive
smash them

or wait for your boss to do the call

Terrier_Jimlad · 1 Jun 2014 at 22:51

Having organised the last 5 or so data wipes for our disks (large NHS trust up north), all I will tell you that the method needs to be CESG approved to meet the strict NHS IG policy laid down by both HSCIC (formally CFH) and the ICO.

I usually flick between the two each time but we use both Euro Recycling and also Greenworld IT - both companies and their tools/methods are CESG approved can will provide evidence of this. Both will degauss the disks first and then shred for the second stage. Each disk is barcode scan with serial numbers which will keep the auditors happy. They both bring a 7.5 tonne wagon on-site which they do it all in the back.

One thing you need to ensure with this method, is you keep an eye on the disks themselves. Brighton NHS were fined around £240,000 because they used a method like the above, however handed a bunch of disks to the company and left them too it, unfortunately a rogue employee was stashing some of the disks away without being wiped, later sold on eBay, and data found!

If you need any more info, give me a shout.

ubern00b · 1 Jun 2014 at 22:59

Trifid said:
The person in charge of Information Governance will decide the method in which the data should be destroyed. You should follow this method.

Someone's done their IG training

We haven't had to destroy hard drives/data in a long time but the last time we did it was deemed a couple goes on a degausser was sufficient. We tried to get clearance for dBan (using something like 7 passes etc) but whoever was in charge at the time deemed this insufficient. Things change though so as Trifid has said speak to your IG owner.

RedvGreen · 1 Jun 2014 at 23:14

ubern00b said:
Someone's done their IG training

We haven't had to destroy hard drives/data in a long time but the last time we did it was deemed a couple goes on a degausser was sufficient. We tried to get clearance for dBan (using something like 7 passes etc) but whoever was in charge at the time deemed this insufficient. Things change though so as Trifid has said speak to your IG owner.

dBan, Eraser, Mac Wipe Utilities... they're all as effective as another whether it is just 1 pass or 21. They will not account for off-track writes which, i'd imagine many NHS machines being beastly old workstations, may have done in their time. ... which is why the degauss and snap or degauss and shred process came about as a more permanent fix!

Terrier - i'm curious which Trust you work for up North?

Terrier_Jimlad · 1 Jun 2014 at 23:24

Energize · 1 Jun 2014 at 23:26

You don't even need special software anymore, windows full format now zeros the drive, shredding is just expensive paranoia.

CaptainCrash · 2 Jun 2014 at 00:54

I don't know the figures, but I'd guess cost is actually the main argument for physically shredding drives, at least in government and other big organisations - it's a simple and foolproof procedure, and the drives are gone in seconds. Secure erasure (and double-checking afterwards to make sure the data is gone) would be much more time-consuming and labour-intensive, particularly if you're habitually dealing with large numbers of drives, and there's a greater risk that at some point the job wouldn't be done properly.

It's a shame that so much potentially reusable hardware gets written off though.

Hotwired · 2 Jun 2014 at 01:17

CaptainCrash said:
It's a shame that so much potentially reusable hardware gets written off though.

Same argument is available when it comes to large businesses binning food.

Potential warm fuzzy feeling of helping people out with your unwanted stuff is never going to make up for the massive potential ****storm if the worst happens and it splashes back all over you.

Energize · 2 Jun 2014 at 03:00

Hotwired said:
Same argument is available when it comes to large businesses binning food.

Potential warm fuzzy feeling of helping people out with your unwanted stuff is never going to make up for the massive potential ****storm if the worst happens and it splashes back all over you.

More myth than anything else, no supermarket has ever been sued as a result of donated food.