Blue Shield Leaks 18,000 Doctors' Social Security Numbers

itwbennett (1594911) writes "The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday. The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the SSNs and other sensitive information and were available under the state's public records law." Ten copies were requested under the public records law.

Good news though

With so many SSNs leaked, the odds of a criminal picking yours are getting worse all the time!

Re:Good news though

[rmdingler]

Indeed. Perhaps picking up a couple of spares is the only sane defense now.

Re:Good news though

[NotDrWho]

Maybe at some point after they're all finally out companies, agencies, colleges, etc. will finally realize that using SSN's as their unique identifiers of choice is dangerous.

Re:Good news though

Using SSN as an identifier isn't really the problem.

It's that they want it to be BOTH the public identifier AND the private password.

If it is just an identifier, you should be able to use it publicly - but the whole idea is that you need to guard it and keep it secret because they are treating your knowledge of it as proof that you actually belong to the account is where the problem arises. Either it is just a record number, in which case it shouldn't be a secret - or it is your password, in which case you should have a public record number that isn't secret.

Re:Good news though

[leonardluen]

it wouldn't be an issue if the SSN didn't have to be kept secret. there should be an easily changeable pin that goes with the SSN that you use when you need to apply for a loan or something.

or treat it more like credit card numbers and make it easier to get a new one if it becomes public.

another option issue one time use numbers like some credit card companies do.

there isn't necessarily anything wrong with having a unique identifier for people. the current implementation however is the problem.

Re:Good news though

[cayenne8]

This was my first thought, WTF are they using SS on this type of report at all?!!?

I mean, if they need a record of the physician's business, why not use the Federal Tax ID? Why in the world would anyone give out a SS number in this day in age for anything besides something that is directly related to SS transactions (taxes, payments, etc)?

I don't give my SS to anyone except the bank and for SS tax purposes. My last power company tried to insist I give it to them, when I asked WTF they needed this for simply connecting power they said for a 'credit check'. I talked further and found out they'd take a deposit in lieu of this and that's the road I took. I got the deposit refunded about 6mos later I think.

But seriously, there not a THING these days that should or does require a SS# to be given. However, sometimes, sadly, you DO need to be persistent in your insistence that they don't need it. Speak to a mgr or two if need be, but don't' give it out.

Re:Good news though

[jbmartin6]

That is how the SSN was originally meant to be used. But then along came a need for a global UID for people and whoosh all the promises went out the window. I will try the deposit route though next time I encounter that situation.

Re:Good news though

[ShanghaiBill]

if they need a record of the physician's business, why not use the Federal Tax ID?

Unless the doctor is incorporated, the SSN is the tax id.

Why in the world would anyone give out a SS number in this day in age for anything besides something that is directly related to SS transactions (taxes, payments, etc)?

They didn't. The gave out their SSN because this is directly related to SS transactions. The doctors receive payments from the insurance company, and those payments must be reported to the IRS on a 1099 form, and that must include the tax id, which is the SSN.

Anyway, I see leaks like this as a good thing. The sooner everyone's SSN is public, the sooner we move away from the idiotic notion that the same number should be used for both identification and authentication, and thus must be simultaneously both widely known and secret.

Re:Good news though

[cyberchondriac]

That's an arrogant point of view. Who are you to judge who's an idiot? And MSNBC is certainly no less biased, and both CBS and NBC have been caught either lying (Dan Rather) or editing/doctoring tapes (as in the Trayvon Martin case).
All the news media are becoming cartoonish extravagances of yellow journalism, but it's trite when when someone feels they must proselytize their bias by attacking selective news sources when news sources weren't a prior part of the conversation; besides, it's just a leftish mantra to be parrotted, no actual thought required. Fox News is not as bad as the strawman lefties make it out to be, but because it gives "those other guys" a strong voice, and it's popular in the face of it's competition, it must be attacked at all costs and at every available opportunity. It just smacks of desperation.
People have been saying that SS is going to be gone before they retire for years, and the danger is real; under Bush, no one challenged that claim, but now suddenly it's just derp?

Re:Using SSN?

[f00zy]

SSNs, like passwords, need to die. They are a relic that doesn't work anymore.

Re:Using SSN?

[timrod]

They can use SSNs for ANYTHING, which is what's so scary about having yours stolen. They can open credit cards, take out insurance policies, even look for jobs in your name. Essentially, an SSN is a person's identity.

Re:Using SSN?

[plover]

While I don't want to provide a detailed how-to, it goes something like this:

1. Go to store.
2. Fill cart with TVs and other expensive goods.
3. Wait for cashier to ask "would you like to save money by opening a credit card?"
4. ???
5. Profit.

Identity Theft

[Jason+Levine]

I've been through identity theft. It's not fun. And I was lucky enough to catch it quick enough that little damage was done. Capital One approved a card for "me" based on an online form where the thieves had my name, address, DOB, and SSN. Mother's maiden name was wrong, but that didn't stop the approval process. The thieves paid for rush delivery of the card and then changed the address on it. This meant that the card was sent to me BEFORE the address change went through. If this hadn't happened, I would have only known about it once the bill collectors came barging down my door.

On a side note: Capital One was not helpful at all. They stonewalled both me ("If we tell you the address on the card and you go and kill the person, we're liable" = what they actually told me) and the police (gave them a phone number linked to an answering machine and never called back). The combination of their approval of the card, missing all of the red flags along the way, and refusing to help beyond canceling the card means Capital One will NEVER be "what's in my wallet."

For those who think they have bad credit and thus wouldn't be victims, it doesn't take much. Remember, the thieves don't care about whether you can pay back the bills they are generating. All it takes is one credit card company to approve a card and they'll tear through the balance leaving you with thousands in debt that you'll need to prove wasn't your doing. In addition, there's another form of identity theft where a criminal is arrested and gives your name/SSN/DOB instead of their own. Then your name goes into the police databases and you'll be harassed as an assumed criminal. Removal of your name can take years during which time you'll flunk any background checks.

There's no protection that I know of from the latter form of identity theft, but you can freeze your credit to protect against the former. This means that nobody - not even you - can open new lines of credit unless you first thaw the credit files. The downside is that you need to pay to freeze and for each thaw. The upside is that you have a handy retort for all of those "You can save $5 if you open up a credit account with us" offers at the cash register. "No, thanks. My credit file is frozen." I've found these people stop their sales push the minute they hear you were a victim of identity theft. (I don't think that's in the script they are supposed to read to customers. ;-) )

Re: Not such a big problem

[Sentrion]

Physicians tend to partner up with other professionals, like lawyers, bankers and CPAs when they start their own private practices. Many established physicians ARE going broke and filling for bankruptcy after getting drawn too deep into the business side of medicine. Instead of keeping focus on patient treatment, many physicians have their entire life savings linked to the profitability of their practice, which has more to do with negotiating the best deals for insurance reimbursement, malpractice insurance, building leases, utilities, and capital expenses such as X-ray, EKG, or sonogram machines. The bankers and lawyers structure things so they have the lion's share of ROI while the physician is personally exposed to the most liability. Then they have lawyers, bankers, limited partners, and shareholders pressuring them to be more "profitable", which means cutting face time with patients from 15 minutes to 10 minutes, prescribing drugs from suppliers that will pay back "incentives", referring to other specialists and facilities that offer kickbacks, separating physician fees from facility fees to juice more from insurance, performing more tests than necessary to defend against liability while receiving more reimbursement from insurance and medicare, performing sneaky out-of-network or uncovered services on unsuspecting patients with deep pockets, and more frequently flat-out defrauding medicare, medicaid, and private insurance companies.

Patients and physicians both would benefit from either a single-payer system like the UK and Canada have, or a maybe a public-private system like Australia has, where those willing to pay more direct or willing to buy commercial insurance can be treated by private physicians rather than publicly employed physicians, just like we have public and private schools in the US. In the US we actually have a shortage of physicians, especially if we are going to start covering care for more of our poor and working class. Yet many excellent candidates are not admitted to medical school because only the cream of the cream were selected. There are also many qualified physicians educated in Europe and Asia that cannot EVER practice in the US simply because they didn't get their degree here. Direct government investment in programs to train and certify physicians without forcing them into hundreds of thousands of dollars of unforgivable student loan debt would be a benefit to aspiring physicians and patients alike. Direct government assumption of financial liability and discipline of physicians would free physicians to earn an honest and comfortable living while providing patient care that serves the interest of the patient.

Gradually shortening the terms of pharmaceutical patents and finding more cures and treatments through non-profit, grant-funded, university research would help to substantially lower the family burden when it comes to the cost of care. At the end of the day it is the scientists putting in 80-120 hours each week that makes cures possible, and even those scientists working for Big Pharma are not raking in the dough compared to the executives, lawyers, and pharma sales reps. Scientists are not paid any less at the University level so the argument of profit incentive is rather mute.