What is media sanitization?

Media sanitization refers to thoroughly removing or destroying data stored on various digital media devices to prevent unauthorized access to these devices. Data cannot be recovered or accessed once it is no longer needed or when the media is being repurposed. 

Understanding media sanitization

The concept of media sanitization has been developed and standardized by organizations such as the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). A 2018 Cyber Resilience Conference paper on the topic of media sanitization tools offered the following simplified definition of the term, “In general, media sanitization can be summarized as the process of erasing all contain of the storage media. This process is to ensure that all data cannot be recovered.”

The primary purpose of this practice is to protect confidential information from falling into the wrong hands. In industries like healthcare, breaches can be prevented by securely wiping or destroying old medical records, test results, and other sensitive data stored on devices like hard drives, flash drives, and tapes.

See also: How to properly dispose of electronic PHI under HIPAA

The main components of media sanitization 

1. Secure erase (ATA command): Secure Erase is a command embedded in the firmware of ATA (Advanced technology attachment) hard drives. When initiated, it overwrites all data on the drive with zeros or random patterns, making it virtually impossible to recover the original data. It works best for sanitizing hard disk drives (HDDs) and solid-state drives (SSDs) that support the ATA command set. 
2. Crypto shredding: Crypto shredding involves encrypting the data on a digital media device and then securely deleting or discarding the encryption keys. Without the keys, the encrypted data is effectively unreadable and irrecoverable.
3. Remote data wipe: Remote data wipe allows administrators to remotely initiate the erasure of data on a device, typically through a centralized management console or software. Remote data wipe is ideal for sanitizing mobile devices such as smartphones, tablets, and laptops, especially in BYOD (Bring your own device) environments.
4. Data destruction services: Data destruction services involve outsourcing the physical destruction of digital media devices to specialized vendors. These vendors use industrial shredders, crushers, or disintegrators to render the devices and their data irrecoverable.
5. Solid-state drive (SSD) cryptographic erasure: Some SSDs support cryptographic erasure, where all data on the drive is encrypted using hardware encryption keys. To sanitize the drive, the encryption keys are securely erased, rendering the data inaccessible.

The NIST guidance

The National Institute of Standards and Technology (NIST) guidance on media sanitization provides a set of best practices that organizations can follow so that sensitive data is effectively erased. The Introduction of the guidance document provides insight into its overall purpose, “This document will assist organizations in implementing a media sanitization program with proper and applicable techniques and controls for sanitization and disposal decisions, considering the security categorization of the associated system’s confidentiality.”

The main points of the NIST media sanitation guidance include three key techniques: clearing, purging, and destroying. 

• Clearing involves using software-based methods to overwrite all data on the storage media, making it difficult for most software-based recovery tools to retrieve the data. 
• Purging provides a more secure level of data removal, typically through physical destruction or degaussing, which demagnetizes the media to disrupt the stored data. 
• Destroying the media involves physically dismantling it, such as shredding or incinerating, to ensure that data cannot be recovered by any means. 

The guidance also discusses developing and implementing a documented sanitization policy that specifies how data should be handled and destroyed based on the classification level of the information.

See also: NIST Releases Cybersecurity Framework (CSF) 2.0

How to implement basic media sanitization strategies 

Develop a sanitization policy

First, healthcare organizations must establish a comprehensive media sanitization policy. This policy should include definitions of different data sensitivity levels, methods of sanitization appropriate for each level, and the roles and responsibilities of staff involved in the process. The policy should align with HIPAA requirements to ensure patient data privacy and security.

Classify data

Before sanitization, classify data stored on media based on its sensitivity and the potential risk associated with its exposure. For example, patient health records would typically require a higher level of security than administrative data.

1. Clearing Data: Use approved software tools to overwrite all areas of the media with nonsensitive data. This method is suitable for media that will be reused within the same secure environment. Select a tool from the NIST approved products list, ensure the entire medium is overwritten, and verify the process through a quality assurance check.
2. Purging Data:

• Degaussing: Use a degausser to disrupt the magnetic fields of magnetic media, thereby making the data unrecoverable.
• Cryptographic erasure: Use encryption methods to secure data at rest and then delete the encryption keys as a form of sanitization.
  
  

Destroying data

Employ methods like shredding, crushing, or incineration to physically destroy the media, ensuring data cannot be reconstructed or retrieved. Choose a destruction method suitable for the media type (e.g., optical disks should be shredded, hard drives might be crushed or shredded), use devices that meet regulatory destruction standards, and conduct periodic audits.

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What types of media need to be sanitized in healthcare settings?

All types of electronic media that store patient information need sanitization, including hard drives, USB drives, magnetic tapes, and mobile devices.

How often should media sanitization occur in healthcare?

Sanitization should occur whenever a storage device is decommissioned, transferred to a different department, or when it is no longer needed for its original purpose. Routine checks and scheduled sanitizations can also help manage data securely.

Who is responsible for media sanitization in a healthcare facility?

Typically, the IT department or data security team is responsible for media sanitization, though responsibilities can vary depending on the facility's structure. All staff members should be aware of the policies and their roles in protecting sensitive information.