Storage and security: how real is the threat?

Thursday, 12 June 2003, 2:42 PM EST

In a previous column covering the requirements imposed by recent legislation on healthcare data protection and privacy, we documented a few gotchas affecting data storage. The column generated several responses and recommendations, particularly with respect to the dilemma confronting a small New England healthcare provider.

The company in question reported difficulties when seeking to return defective disk drives to their manufacturer for replacement under warranty. According to legal eagles, if the possibility existed for privileged data to remain intact on the media, then the disks could not be passed along to a third party.

The storage administrator in the article suggested several approaches for rectifying the problem, including the erasure of the media using a high power electromagnet. He needed to find a way to render the media unreadable in order to fulfill the privacy requirement while not deliberately damaging the media and nullifying his warranty.

Lawyers found that all of the suggested solutions ran afoul of requirements to test the drives—which were non-functioning in the first place—to ensure that the erasure had succeeded. In the final analysis, it appeared that one side effect of HIPAA was that it had absolved disk drive manufacturers of their warranty obligation to provide free replacements for defective wares.

[ Read more ]


Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 24th