King_justin

Reputable
Mar 25, 2017
32
0
4,530
0
Hello,
I got approached today about a job wiping 11 Windows 7 PCs to give back to the leasing company. This company is in the medical field and wants to make sure that all information is wiped from the hard drive. What would be the best/most convenient route to do this?

I thought about maybe using the Windows 10 bootable upgrade tool Microsoft has and just reformatting the drives and not installing a OS on it? Would that work?

Or is there something else I need to do? When I want to completely wipe a drive before I reinstall a OS on it, that is the method I usually use. There is usually never any "Old Windows" folder left on it. I just wanted to make sure this was a okay method to use before doing it.

Thank you!
 

USAFRet

Titan
Moderator
Mar 16, 2013
142,771
8,302
174,690
22,082
Assuming these are not solid state drives, DBAN.

If they ARE solid state drives:
 

ex_bubblehead

Champion
Moderator
Medical field? Best thing is to destroy the drives and not send them back. You are stepping directly into the HIPPA line of sight here. If ANY data is recovered from one of those drives, and you were the last to touch it before it went back, then you may be held fully responsible for the data breach, and it ain't cheap (fines can easily run into 6 figures). Best to remove the drives and physically shred them.
 

King_justin

Reputable
Mar 25, 2017
32
0
4,530
0
Who approached you for this, and why you?
I am CompTIA certified in A+, Network, and Security +. I just wanted to double check before I did the job. I figured I would need something better. I've been reading up on DBAN.

From my understanding they're sending these pcs back to the leasing company and they want to make sure that all the "PHI" or "PMI" (Personal "something" information..I can't remember exactly what he said) was off the PC. They said they're forbidden to save any of that information on the PC but they wanted to make sure it was wiped just incase. After reading a little more on DBAN, I assume the DoD short would be efficient enough? I think the DoD M option would be a little over kill?

Thanks for any information that can be giving.
 

USAFRet

Titan
Moderator
Mar 16, 2013
142,771
8,302
174,690
22,082
I am CompTIA certified in A+, Network, and Security +. I just wanted to double check before I did the job. I figured I would need something better. I've been reading up on DBAN.

From my understanding they're sending these pcs back to the leasing company and they want to make sure that all the "PHI" or "PMI" (Personal "something" information..I can't remember exactly what he said) was off the PC. They said they're forbidden to save any of that information on the PC but they wanted to make sure it was wiped just incase. After reading a little more on DBAN, I assume the DoD short would be efficient enough? I think the DoD M option would be a little over kill?

Thanks for any information that can be giving.
DBAN is for personal use, NOT for enterprise or commercial use.

Medical info? You absolutely need a documented trail, with the proper tool.
Period.

"most convenient " is not even a consideration here.
 
Reactions: Corwin65

King_justin

Reputable
Mar 25, 2017
32
0
4,530
0
DBAN is for personal use, NOT for enterprise or commercial use.

Medical info? You absolutely need a documented trail, with the proper tool.
Period.

"most convenient " is not even a consideration here.
I have recommended physically destroying the hard drives, but I'm not sure If that's a possibility with this leasing company. I am not sure how the leasing company works.

This place is a rehab center for surgeries etc. Not a drug rehab or anything like that. So I'm not sure what type of HIPPA stuff they get into.

I know the person that contacted me to told me that they do not save, I assume "HIPPA" information on the PC. It is not allowed. That he didn't feel like the wiping process would take long because there isn't much on the PC.

So, I'm really not sure how this place operates and where they save their personal files. But from my understanding, they just want to make sure no one accidentally left personal information on the PC since they're not allowed to do it.

If that makes any sense. All I know is that I was asked if I could wipe hard drives. I'm learning more information as they tell me. So, I am giving all the information I know.


Also, the IT Director told me that they have never had to wipe drives before. I should say that we live in a very technology "less" town. We have 3 fast food resturant, a Walmart, and 7000 dollar generals lol.
 
Last edited:

ex_bubblehead

Champion
Moderator
HIPPA is not something to be flippant with. It covers every single bit of data on a patient (Name, Address, Phone, SSN, what they're being treated for, etc. Basically anything at all to do with that patient) If you're unsure then DO NOT GET INVOLVED, it could cost you.
 

King_justin

Reputable
Mar 25, 2017
32
0
4,530
0
And its not just 'physical destruction by you'...it REQUIRES a certified paper trail.
May I ask what does a leasing company do in this situation? I would assume they would know that if they lease a PC to the medical field then those people want to destroy the hard drive instead of giving it back?
 

USAFRet

Titan
Moderator
Mar 16, 2013
142,771
8,302
174,690
22,082
May I ask what does a leasing company do in this situation? I would assume they would know that if they lease a PC to the medical field then those people want to destroy the hard drive instead of giving it back?
I don't know.

That would probably be in an agreement between the two companies. A written contract.
Either they fold the cost of the destructed drives into the contract, or the means and level of data destruction is identified.

If you personally do not KNOW what that agreement is, you are not in the position of handling these drives.

If ANYTHING weird were to happen....a data leak of some sort, the medical company and their lawyers will point the finger directly at YOU.
 

Bazzy 505

Proper
Jul 17, 2021
188
57
170
2
that is highly irregular, do not get involved. Wiping drives should not have been even implied option with media containing personal data, mediacal history, payroll etc.
If anything happens, you will be thrown under the bus.
 

Bob.B

Notable
Feb 8, 2021
1,074
123
890
15
Hello,
I got approached today about a job wiping 11 Windows 7 PCs to give back to the leasing company. This company is in the medical field and wants to make sure that all information is wiped from the hard drive. What would be the best/most convenient route to do this?

I thought about maybe using the Windows 10 bootable upgrade tool Microsoft has and just reformatting the drives and not installing a OS on it? Would that work?

Or is there something else I need to do? When I want to completely wipe a drive before I reinstall a OS on it, that is the method I usually use. There is usually never any "Old Windows" folder left on it. I just wanted to make sure this was a okay method to use before doing it.

Thank you!
I don't think there is any piece of software that you have access to that can 100% wipe a disk.
The disk will looked wiped to Joe average but if it falls into the wrong hands all bets are off.
If this IT dir type wants 100% clean destroy the disk.
 

King_justin

Reputable
Mar 25, 2017
32
0
4,530
0
I don't think there is any piece of software that you have access to that can 100% wipe a disk.
The disk will looked wiped to Joe average but if it falls into the wrong hands all bets are off.
If this IT dir type wants 100% clean destroy the disk.
This is sort of what I was thinking and what I told them. I told them I know how to wipe drives, but nothing is 100% when it comes to that type of stuff. I recommended physically destroying the devices and told them they need to get with their leasing company on what to do about this. I don't see how a leasing company can ask for the PCs back with the HDD unless they take full responsibility if there is a data leak? I'm not sure how that works, but if I was the IT director their would be no PCs going back with a HDD in them.
 

ASK THE COMMUNITY