What You Probably Didn’t Know About the Kaiser Foundation Health Plan Data Breach

February 07, 2014
Kevin Lam

This past January 2014, the Attorney General of California filed a complaint against Kaiser Foundation Health Plan, Inc. for the data breach of about 30,000 social security numbers. The SSNs were found left on an external hard drive which was then later purchased by a member of the public at a thrift store in Santa Cruz, California.

You might think that Kaiser could have just deleted those files and they could have avoided this entire incident. Not really, read on.

An Important Thing You Need to Know About Deleted Files

This might come as a surprise: when you delete a file from a computer file system, it’s not really deleted in the way you would think.  Rather, what your operating system (Windows, Mac, Linux, etc.) does is it “de-allocates” that file or folder so that the original space is marked as free space and available to be overwritten by new files. Until that happens, your deleted file or folder can actually be recovered by low-level disk utilities.

If you’re not a techie this might not make too much sense or at all. That’s ok. Just imagine your file system like a paper book. Your files and folders are the content and chapters in the book.  When your computer system deletes a file or folder, all it really does is it erases reference to those chapters and contents from the table of contents. It doesn’t actually erase the actual chapter, so that content is still there. It can easily be recovered and lead to an unintended data breach.

So even if Kaiser had just erased that external drive, a data breach could still have happened. They would have needed a strong method of ensuring that those files were actually deleted and can’t be recovered.  Which leads to our next discussion topic …

How to Help Prevent the Recovery of Deleted Files (With Software You Already Have)

OK, lets look at preventing the recovery of deleted files. The National Institute of Standards and Technology (NIST) released a guide for Data Sanitization in September 2012 , but some of the techniques discussed might be to technical for most users.  So here’s an easy way to help ensure deleted files on your computer are actually deleted.

On every copy of Windows starting with XP, there’s a utility called cipher.exe.  Cipher.exe can overwrite your free space (the space containing your “deleted files”) with zeros (0s), then ones (1s) and then random data. It does this automatically for you in three passes and helps prevent the recovery of any deleted or “deallocated” data. You simply tell cipher.exe the drive letter with the command line:  cipher /W:<directory>

cipherwipe

For Mac users, it’s even easier. Under Finder, select Secure Empty Trash:

securemptytrash

So remember, when you are about to decommission hardware, make sure to (1) delete the file contents and (2) use a free space wiping tool like cipher.exe and the Secure Empty Trash feature on Mac OS X. The tools to do this are free and already on your computer, so be sure to use them. In the future, I’ll talk about other and more advanced data sanitation techniques like “cryptographic erasing” so be sure to join our Data Protection Friday mailing list.

Until then,

–Kevin