| I just got this in e-mail |
by JustnCase |
2003-02-06 14:22:15 |
and thought it was interesting. At first I thought it was a warning that an auditor was comming. :) The "use Linux" part flies in the face of our current policy. :)
AUDITOR ALERT
Auditor of Public Accounts Ed Hatchett warns state and local government agencies to take all necessary precautions to protect proprietary and personal, confidential information residing on computer systems taken out of service.
The disposition of government computers requires that their files first be sanitized, eliminating all proprietary and personal, confidential information through destructive overwriting. Our recent forensic analysis of eight surplused computers chosen at random from the inventory of property earmarked for disposition by the Division of Surplus Properties identified confidential data. These data were in clear text, unprotected, and easily accessed. Preliminary discoveries include email, interagency correspondence and memoranda, financial accounting transactions, personal financial data, and HIV/AIDS data.
Deleting data or reformatting disks is not sufficient.
The State Auditor recommends using a floppy-based, bootable operating system such as Linux to destructively overwrite the partition table, logical partitions, and extended partitions of each hard disk, using dd, srm, and fdisk. These tools are available on the Internet and included in the Linux Operating System.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires government agencies to adequately secure confidential medical data, and imposes severe civil and criminal penalties for noncompliance, including heavy fines and/or imprisonment. Agencies must adhere to HIPAA?s requirements.
Data security is the responsibility of the custodians of the data, and not the Division of Surplus Properties or subsequent recipients of the computers.
|
|
[ Reply ] |
|
Hah, I got a easier way... | by Freakazoid | 2003-02-06 14:26:06 |
|
Nope it was from the man himself to my bosses boss | by JustnCase | 2003-02-06 14:53:10 |
|
Not sufficient | by wonga-bonga | 2003-02-06 15:28:14 |
|
That wouldn't work | by Freakazoid | 2003-02-06 15:30:22 |
|
But a destroyed drive is definetly unreadable! | by wonga-bonga | 2003-02-06 15:37:46 |
|
Not quite sensible. | by Naruki | 2003-02-06 15:31:46 |
|
It's not quite that easy either. | by Beorn | 2003-02-06 15:47:48 |
|
must....resist...... | by OzanBABA | 2003-02-06 14:26:29 |
|
I just had to point out that | by hyzenthlay | 2003-02-06 14:27:37 |
|
They are doctors the might be using an autoclave (n/t) | by JustnCase | 2003-02-06 14:54:07 |
|
LOL! I can seriously see that! (n/t) | by hyzenthlay | 2003-02-06 14:55:15 |
|
I work with companies in the healthcare industry.. | by skitzoh | 2003-02-06 14:42:18 |
|
We have an whole team working on nothing but HIPPA | by JustnCase | 2003-02-06 14:56:01 |
|
I know it, and they know it | by skitzoh | 2003-02-06 15:24:09 |
|
MIT study | by DeskTop_Ron | 2003-02-06 15:12:26 |
|
I saw it | by JustnCase | 2003-02-06 15:36:45 |
|
Considering how difficult it is to prevent | by Naruki | 2003-02-06 15:33:27 |
|
Well they are talking about 286s that are | by JustnCase | 2003-02-06 15:38:46 |
|
Trash the disks, then. | by Naruki | 2003-02-06 15:39:51 |
|
I am pretty sure most dont make it to auction | by JustnCase | 2003-02-06 15:41:31 |
|
HIPAA strikes again!!! (n/t) | by krisguy | 2003-02-06 15:56:12 |
|
If it's 486's (or less), just send 'em ... | by kahuana | 2003-02-06 16:19:13 |
