DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UT Southwestern employee accused of selling patient information

Posted on March 5, 2010 by Dissent

Shon Gables reports:

Authorities arrested an employee at UT [University of Texas] Southwestern Medical Center after she allegedly stole patent information and possibly their identities.

Hundreds of patients’ personal information – including birth dates, addresses, phone numbers and financial data – was stolen before Tracy Renay Thomas’ arrest and termination, police said.

Thomas is accused of stealing that information and then selling it to a third party.

“No,” Thomas said when asked if those allegations are true. “I need to call my lawyer.”

UT Southwestern recently sent out a mass mailing to 10,000 of its patients, claiming the former employee disclosed patients’ information to a third party that intended to use it for credit, loans and open bank accounts.

Read more on WFAA.

Interestingly, Gables reports that:

Representatives have admitted that when Thomas was hired to work in the financial services department, she did have a prior misdemeanor for theft on her record. She worked at the medical center for six months.

Yet a letter on UT Southwestern’s web site paints a somewhat different picture. The letter, which is not linked from the home page and I could find only by using the site search function to search for breach, says, in part:

UT Southwestern Medical Center recently learned that personally identifiable information about you may have been stolen from UT Southwestern. The protection of your health information is of utmost importance at UT Southwestern, and we regret the inconvenience and concern that this may cause you. We want to alert you to the incident, describe the type of information that may have been compromised, and explain what UT Southwestern is doing to ensure that the privacy of our patient information is maintained.

An individual with no known criminal history, formerly employed in the UT Southwestern University Hospitals Patient Financial Services Department, apparently misused her position of employment to access personal identifying information of patients who had made payments to the University Hospitals. She then gave the information to someone who intended to use the information to apply for credit cards, loans, and bank accounts.

The individual responsible is no longer employed by UT Southwestern, and the UT Southwestern Police Department is actively investigating the individual’s access to and use of the information obtained. Thus far, the investigation has revealed tangible evidence that this individual disclosed the personally identifiable information of 21 UT Southwestern patients in an unauthorized manner, and we have contacted each of these patients directly via telephone. We have additional evidence indicating that the personally identifiable information of up to 179 additional patients was disclosed; however we do not have sufficient evidence to verify the exact identities of those patients. Consequently, we are notifying all patients whose personal information might have been accessed and disclosed. It appears that the former employee had access to your name, address, date of birth, dates of service, and insurance information. She also had access to the manner in which you made payments on your account with UT Southwestern (i.e., check, credit card).

It is important to note that currently there is no evidence of patient information being used in an unauthorized manner from this incident.

So what happened? She had a known criminal history, but they didn’t know it?

Related posts:

  • UT Southwestern Medical Center has disclosed at least four breaches since July 2023. Is HHS investigating?
  • New Math, data breaches version
  • Crowd-sourcing an idea for a law
Category: Breach IncidentsEducation SectorHealth DataInsiderU.S.

Post navigation

← Major deficiencies in VCHA's Primary Access Regional Information System – report
A dozen here, a dozen there… →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.