CBS news recently ran a story on digital copy machine security, which has generated a lot of inquiries and concerns at UTMB.  Since 2002, most enterprise grade copiers  contain a hard drive - like the one in your personal computer. Every time you scan, print, email or copy a document, an image of it is  stored on the hard drive.

CBS investigators were able to purchase four used copiers, all four contained data that ranged from police reports to social security numbers and even protected health information.  Because of this report, the Office of Information Security conducted a review of copier security and the steps taken to ensure all data is destroyed at the end of a copier lease period.

UTMB copiers are leased from the Xerox Corporation, and according to the documentation and information provided to us by Michael Nayes, Client Delivery Manager with Xerox, all end of lease/life copiers follow one of two paths: If the unit is deemed scrap, it is crushed and then shredded for environmental and recyclable commodities. If the unit is deemed salvageable, the unit is sent to a re-manufacturing facility where the hard drive is re-mastered from a blank drive. The re-mastering includes erasing and re-formatting of the hard drive, deleting all data on the drive.

Newer copiers come with an immediate overwrite option that prevents the information from being stored on the internal disk. The Office of Information Security has asked Xerox to ensure this option is enabled on all supported copiers.  The review concluded that the Xerox corporation is in compliance with Texas Administrative code, rule 202.78, Removal of Data from Data Processing Equipment.

For additional information, please contact the Office of Information Security at x23838 or iso@utmb.edu.