News Stay informed about the latest enterprise technology news and product updates.

Copy machines targets for health care data breaches

Last week we saw a piece on a law firm blog about how copy machines can make a health care provider vulnerable to data breaches and HIPAA violations in a way we hadn’t considered.

It’s not enough, apparently, to make sure a copier’s software is set up to prevent patient data breaches by locking down the scan-to-email function. It’s not enough to force the copier to wipe or format its disk drive periodically, to make sure files are routinely deleted.

No, this article shows that enterprising identity thieves can circumvent even those measures — because of the way copier operating systems generally work. This isn’t the first time we’ve heard health care IT authorities talk about shredding hard drives as the only truly fail-safe way to prevent data breaches. But it’s the first time anyone’s brought it up while discussing copy machines, devices usually managed by third parties.

Which brings up our tip of the day: In your HIPAA business-associate agreements with copier providers, make sure that disk-shredding — or at least a strong scrubbing — becomes part of the decommissioning process. Don’t let your patient information be exposed, because it’s likely that CBS News didn’t come up with this idea for hacking into copiers for patient data on its own; other opportunists might be lurking around your facility.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.