UTMB was notified about the incident on January 21 and has been working with law enforcement and MedAssets officials since then.
"We place a priority on our patients' privacy and we sincerely regret this incident," said Carolee King, UTMB vice president for legal and regulatory affairs. "We have reviewed our policies and processes related to vendor access to our systems closely and have enhanced them to ensure that are doing the most we can to protect our patients' information."
In letters UTMB sent to affected patients, they are offered identity theft protection paid by MedAssets. Additionally, they are provided information on obtaining a free copy of their credit reports and how to place a fraud alert on their credit files. Patients are also provided with the names and contact information for law enforcement officers who are investigating the incident. Patients may also visit a special website, http://www.utmb.edu/idtheft_resources/, set up by UTMB to provide additional help and guidance.
UTMB says they will continue to work with MedAssets to protect personal information in their possession and will regularly review and enhance internal procedures and policies with respect to patient information.