I don’t know when VPNs might take a stronger hold. According to the article below the employee has an extensive criminal record, but so far there’s no evidence of any of the patient information being used. There were other items reported missing as well. There’s no mention of encryption and usually when this is not mentioned there’s a pretty good chance it was not protected as IT individuals are usually quick to note any additional information as such as it does make a difference on the odds of the data being accessed. A couple years ago this story made the news, the data was encrypted but the login and password were taped on the device. BD
If You Take the Time to Encrypt Medical Information – Don’t Tape the Passwords on the Container or Flash Drive – NHS Security Breach
The Family Planning Council in Philadelphia made public Friday that a computer storage device containing the personal and medical records of about 70,000 patients was stolen in December and remains missing.
The theft was blamed on a former worker whose employment ended Dec. 28, the day the theft was discovered and reported to police.
The former employee, Kelly Stanton, 40, has an extensive criminal record, and has been in and out of prison for the last two decades on multiple convictions of theft and other offenses, court records show.
The health-care providers affected by the data breach include Children's Hospital of Philadelphia, Planned Parenthood Southeastern Pennsylvania, Planned Parenthood Association of Bucks County, Spectrum Health Services Inc., and Public Health Management Corp.