Quick Facts

• Date: 2/11/2010
• Institution: University of Texas Medical Branch
• Type of Incidents: Employee Fraud
• Number Affected: 2,400 (updated)
• Source: PHIPrivacy.net
• Abstract Source: Houston Chronicle
• Update1 Source: Houston Chronicle
• Update2 Source: DataBreaches.Net

Abstract
The University of Texas Medical Branch is investigating if any patient data was stolen after officials were informed that an employee of a contractor was arrested for identity theft. The employee, Katina Rochelle Candick, was arrested and charged identity theft and is accused of using a stolen identity to gain employment at MedAssets, a company hired by UTMB to assist with billing. While none of the charges stem from Candick's access to UTMB data, the university contacted the individuals whose information Candick may have had access too. This information included names, address, Social Security Numbers and insurance information on 1,200 UTMB patients. In the letter, UTMB offers tips on monitoring credit reports as well as informs the individuals of identity theft protection being offered by MedAssets. UTMB no longer does business with MedAssets.

Update1
The University of Texas Medical Branch sent out an additional 1,200 notices regarding the risk of identity theft after police discovered personal information in possession a former MedAssets employee. In addition, at least 10 individuals previously notified have come forward to report they have been victimized by identity theft.

Update2
Katina Candick was sentenced to 15 years in federal prison and order to pay $163,185 in restitution after pleading guilty to charges of unlawful possession of fraudulent identification documents and conspiracy to commit identity theft in US District Court.