Is PHI Lurking In Your Photocopier?

While attention has been focused on the security (HIPAA violation) risks posed by laptops, smartphones, flashdrives and more sophisticated electronic devices, humble office photocopiers have been quietly accumulating personal data on hard drives most of us didn’t know were there.  A CBS News investigation reveals the ease with which clever identity thieves can access reams of data for the price of a used copier.

For the report, CBS’s team purchased four used copiers for about $300 each from a New Jersey warehouse.   With the help of John Juntunen of  Digital Copier Security, which markets scrubbing software called “INFOSWEEP,” each copier’s hard drive was removed in 30 minutes, then scanned using free forensic software downloaded online.  Within 12 hours, the hard drives yielded highly sensitive documents including criminal investigations, financial and payroll records, real estate development documents, and 300 pages of individual medical records, including prescriptions, blood test results and diagnoses.

Modern copiers use digital scanning technology that is stored to hard drives. Most businesses would not sell or dispose of used computers without taking steps to render any remaining data inaccessible (at least we hope so).  The same caution should be taken with copiers.

Just last week at Brown & Meyers we had to put our wonderful Matilda to rest (our Konica MFD photocopier).  She had been a great asset to us for nearly 10 years and we hated to see her go.  But you bet your bottom dollar that before she went out that door, we removed the hard drive and had it destroyed.

She is no longer with us but will forever remain in our hearts.  RIP, Matilda!!