A computer hard disk sold on eBay was found to contain confidential medical records, despite supposedly having been wiped. The information was discovered as part of a research project sponsored by BT, which buys up hundreds of second hand hard drives from various sources, and passes them to a team at the University of Glamorgan, who try to retrieve the data on them. The project is designed to highlight the problem of insecure data falling into the wrong hands. Government rules say that hard drives should be overwritten at least three times to prevent data falling into the wrong hands.
The Dudley Group of Hospitals NHS Trust contract the disposal of their old IT equipment to Siemens Medical Solutions, who in turn subcontract to Computer Disposals. But the Trust says that there is no record of this machine going through Siemens’ systems, and that they are trying to trace the route that the hard drive took after leaving them: theft is one possibility they are looking into.
As well as medical records relating to cancer patients, the hard drive also contained financial information, company records, North Sea drilling information from a Texan oil company, and paedophile material which has been handed to police.