Forgot your password?
typodupeerror
Privacy Medicine

Blue Shield Leaks 18,000 Doctors' Social Security Numbers 74

Posted by Unknown Lamer
from the measure-twice dept.
itwbennett (1594911) writes "The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday. The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the SSNs and other sensitive information and were available under the state's public records law." Ten copies were requested under the public records law.
This discussion has been archived. No new comments can be posted.

Blue Shield Leaks 18,000 Doctors' Social Security Numbers

Comments Filter:
  • by NotDrWho (3543773) on Tuesday July 08, 2014 @08:40AM (#47406395)

    Maybe at some point after they're all finally out companies, agencies, colleges, etc. will finally realize that using SSN's as their unique identifiers of choice is dangerous.

  • by Anonymous Coward on Tuesday July 08, 2014 @08:58AM (#47406465)

    Using SSN as an identifier isn't really the problem.

    It's that they want it to be BOTH the public identifier AND the private password.

    If it is just an identifier, you should be able to use it publicly - but the whole idea is that you need to guard it and keep it secret because they are treating your knowledge of it as proof that you actually belong to the account is where the problem arises. Either it is just a record number, in which case it shouldn't be a secret - or it is your password, in which case you should have a public record number that isn't secret.

  • by leonardluen (211265) on Tuesday July 08, 2014 @09:19AM (#47406555)

    it wouldn't be an issue if the SSN didn't have to be kept secret. there should be an easily changeable pin that goes with the SSN that you use when you need to apply for a loan or something.

    or treat it more like credit card numbers and make it easier to get a new one if it becomes public.

    another option issue one time use numbers like some credit card companies do.

    there isn't necessarily anything wrong with having a unique identifier for people. the current implementation however is the problem.

The universe is like a safe to which there is a combination -- but the combination is locked up in the safe. -- Peter DeVries

Working...