Caitlin Bernard, Indianapolis OB-GYN, doxxed and investigated by Indiana AG after providing abortion to 10-year-old rape victim

What happened

On July 1, 2022, the Indianapolis Star reported that an Indianapolis OB-GYN had provided a legal abortion to a 10-year-old rape victim who had traveled from Ohio. The patient stayed unnamed. The physician was Dr. Caitlin Bernard.

Within days her name was everywhere. National outlets republished it. Social-media accounts pulled her employer, her photo, and her professional background. Bernard received death threats at home and at work. Indiana Attorney General Todd Rokita publicly questioned whether she had violated state reporting requirements and opened an investigation.

The Indiana Medical Licensing Board later reprimanded Bernard for a paperwork-related privacy disclosure. The underlying medical care she provided was never found unlawful.

How it started

Bernard didn't get hacked. She didn't post her own address. She did her job, the patient's story made the news, and her name surfaced through standard reporting channels.

From there the chain ran through three layers most healthcare workers underestimate. First, the state medical board's public license lookup, which lists every Indiana physician's name, license number, and practice address. Second, the hospital staff page on the IU Health website. Third, the people-search broker pages that scrape voter rolls, property records, and licensing databases and resell home addresses to anyone with a credit card.

None of those layers required a leak. Each one runs every day on every named physician in the country.

Why this case matters

This is the canonical doxxing-for-doing-your-job case in healthcare. The work was legal. The doxxing was the response. And the AG investigation amplified it from anonymous threats into a state-sanctioned escalation.

For physicians providing reproductive care, gender-affirming care, or any treatment that draws political attention, the Bernard timeline is the working template. Story breaks. Name surfaces. Threats land at home and at work. Sometimes a regulator joins in. The address is on a broker page the entire time.

It also reframes what doxxing means in healthcare. The threat profile here looks more like the Lefkow or Salas chain than like the standard nurse-stalker pattern. The trigger is public attention rather than a one-on-one patient relationship. The lookup runs through the same broker stack either way.

What this means for you

If you provide care that draws political or media attention, the Bernard pattern is the working model. Your name will surface. Your employer will surface. Your home address is one search away unless you've already pulled it down.

The federal DPPA limits what state DMVs can release. It does not stop a broker page that already has your address from voter rolls or property records. Indiana has no Daniel's Law analog and no broker-removal statute that covers physicians. The structural fix is continuous removal across every commercial site that resells residence by name.

For more on the threat shape and what to do once you've been named, see /healthcare/physicians and /doxxing/recovery.

The medical board ruling

On May 25, 2023, the Indiana Medical Licensing Board ruled 2-1 that Bernard had violated state privacy law by speaking publicly about the case, even though she never named the patient. The board fined her $3,000 and issued a letter of reprimand. Coverage from the Indianapolis Star walked through the vote and the underlying complaint.

The ruling is editorially important because it is the institutional escalation. The same speech that drew the death threats also drew the official sanction. Bernard absorbed both at once. The threats were anonymous and unprosecuted. The reprimand was on the record.

For any healthcare worker tracking the Bernard chain as a working template, this is the part that often gets left out. The doxxing, the harassment, and the regulatory action ran in parallel. They were not separate problems. They were the same problem flowing through different institutions.

The Rokita disciplinary charges

In September 2023, the Indiana Supreme Court Disciplinary Commission charged Indiana Attorney General Todd Rokita with three counts of attorney misconduct related to his public statements about Bernard. The Indiana Citizen reported the filing on September 18, 2023.

The misconduct charges centered on Rokita's public characterization of Bernard as "an abortion activist acting as a doctor with a history of failing to report." The disciplinary commission found those statements violated the Rules of Professional Conduct that govern attorneys' public statements about pending or contemplated investigations.

This thread closes the loop on accountability. The attorney general who launched the investigation that amplified the doxxing was himself charged with misconduct over how he conducted it. The same public-speech turn that put Bernard's name and employer in the daily news cycle was, by the disciplinary commission's reading, an attorney-conduct violation in its own right.

For the working template, this matters in one specific way. The institutional escalation is not always one-directional. The official actor who escalates against you can also draw consequences for how the escalation was conducted. That does not pull the broker pages down. It does not call back the threats. It does add a counterweight that some of the people running these campaigns do not expect.

---

Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.