GALVESTON, Texas -- The University of Texas Medical Branch this week began mailing letters to another 1,200 patients whose personal information might have been compromised by a woman charged with identity theft.
The new round of notices comes after the medical branch sent 1,200 letters last month to a different set of patients whose information may have been available to Katina Rochelle Candrick, 33, charged with conspiracy, identity theft and bank fraud.
Candrick is implicated in a widespread identity theft investigation involving at least 40 cases from Texas to Wisconsin and losses upward of $1 million, officials said.
She is being detained in a federal facility in McLennan County.
Since the medical branch began mailing letters last month, at least 10 patients have notified state police that someone had used their identities to create fraudulent credit card accounts and checks and committed bank fraud by making purchases through fraudulent credit card and debit card accounts, officials said.
Candrick is suspected of using a false identity to gain employment with Georgia-based MedAssets, which has a contract with the medical branch to perform billing and collection services.
The job with MedAssets gave Candrick access to medical branch patient information, including Social Security numbers, insurance information and other sensitive data from July through October.
The medical branch was prompted to notify the second set of patients after law enforcement officials reported finding credit card information and checks in Candrick’s possession with the name of a patient who had not been notified in the initial letters, said Carolee King, vice president for legal and regulatory affairs at the medical branch.
The name of that patient led the medical branch to suspect Candrick had access to files the institution initially had not known about when it mailed the first round of letters, King said.
"As a result of the ongoing investigation, UTMB discovered on Feb. 19 that the individual now in police custody had accessed the information of additional patients before her arrest," the medical branch said in a letter going out to patients this week.
U.S. marshals arrested Candrick and two others who were not working for MedAssets on Dec. 15 in Dallas after months-long investigation involving other cases of identity theft.
Upon Candrick’s arrest, police notified MedAssets, which notified the medical branch Jan. 21.
MedAssets is offering to pay for identity theft protection measures for patients who received letters from the medical branch, officials said. Also, MedAssets will give those patients information about how to obtain free copies of their credit reports and how to place a fraud alert on their credit files.