UTMB housekeeper Maxine Price got one of the 2,400 letters sent out to patients telling them about the possibility that their personal information had been compromised.
"I read it three times and had to sit down," she said. "I was shocked."
The letter from UTMB to select patients alerts them to a potential breach of some of their personal information, going on to say UTMB "regrets the incident occurred."
UTMB spokesperson Carolee King said, "It is a truly unfortunate situation and UTMB is regretful it happened to them, that it happened to us."
Authorities say Katina Rochelle Candrick was working as a contractor doing billing for another company on behalf of UTMB. She allegedly accessed patient information by computer in Dallas, from July though October of last year, getting Social Security numbers, dates of birth, credit card and bank account and other information from patients who used the UTMB system throughout the state.
A representative for that company, Med Assets, says Candrick used a fake identity to get her job with the company. Investigators say she took the job fully intending to get at patient information. UTMB's contract with Med Assets expired late last year. UTMB is no longer using that agency for billing issues.
King said, "I think good hiring practices include checking references."
For her part. this victim is trying to figure out if her identity was stolen and any of her money was spent.
"If I could get my hands on her, we'd have a nice little discussion," Price said.
A spokesperson for Med Assets says a background check was done on Candrick and that references were even checked. It's unclear why those checks didn't turn up Candrick's rap sheet, which includes a list of white collar crimes dating back to the early 90's. That spokesperson couldn't or wouldn't say.
Med Assets is offering to pay for identity theft protection for those whose information may have been stolen. The details on how to get is in the warning letters that were mailed out.
Patients are also being urged to monitor their credit card and bank accounts for any suspicious purchases. They can also place a fraud alert or security freeze with any of the three major nationwide consumer reporting companies, Equifax, Experian and Trans-Union, which requires creditors to contact you before anyone can open a new account or make changes to existing accounts. Remember, the law requires those three companies to give everyone a free copy of their credit report each year.