Blue Shield Leaks 18,000 Doctors' Social Security Numbers 74
itwbennett (1594911) writes "The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday. The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the SSNs and other sensitive information and were available under the state's public records law."
Ten copies were requested under the public records law.
Good news though (Score:5, Funny)
With so many SSNs leaked, the odds of a criminal picking yours are getting worse all the time!
Re: (Score:3)
Re: (Score:1)
Re: (Score:1)
Re: (Score:3)
All the news media are becoming cartoonish extravagances of yellow journalism, but it's trite when when someone feels they must proselytize their bias by attacking selective news sources when news sources weren't a prior part of the conversation; besides, it's just a leftish
Re:Good news though (Score:4, Insightful)
Maybe at some point after they're all finally out companies, agencies, colleges, etc. will finally realize that using SSN's as their unique identifiers of choice is dangerous.
Re:Good news though (Score:5, Insightful)
Using SSN as an identifier isn't really the problem.
It's that they want it to be BOTH the public identifier AND the private password.
If it is just an identifier, you should be able to use it publicly - but the whole idea is that you need to guard it and keep it secret because they are treating your knowledge of it as proof that you actually belong to the account is where the problem arises. Either it is just a record number, in which case it shouldn't be a secret - or it is your password, in which case you should have a public record number that isn't secret.
Re:Good news though (Score:5, Insightful)
it wouldn't be an issue if the SSN didn't have to be kept secret. there should be an easily changeable pin that goes with the SSN that you use when you need to apply for a loan or something.
or treat it more like credit card numbers and make it easier to get a new one if it becomes public.
another option issue one time use numbers like some credit card companies do.
there isn't necessarily anything wrong with having a unique identifier for people. the current implementation however is the problem.
Re: (Score:1)
Re:Good news though (Score:5, Informative)
I mean, if they need a record of the physician's business, why not use the Federal Tax ID? Why in the world would anyone give out a SS number in this day in age for anything besides something that is directly related to SS transactions (taxes, payments, etc)?
I don't give my SS to anyone except the bank and for SS tax purposes. My last power company tried to insist I give it to them, when I asked WTF they needed this for simply connecting power they said for a 'credit check'. I talked further and found out they'd take a deposit in lieu of this and that's the road I took. I got the deposit refunded about 6mos later I think.
But seriously, there not a THING these days that should or does require a SS# to be given. However, sometimes, sadly, you DO need to be persistent in your insistence that they don't need it. Speak to a mgr or two if need be, but don't' give it out.
Re: (Score:3)
Re: (Score:3)
if they need a record of the physician's business, why not use the Federal Tax ID?
Unless the doctor is incorporated, the SSN is the tax id.
Why in the world would anyone give out a SS number in this day in age for anything besides something that is directly related to SS transactions (taxes, payments, etc)?
They didn't. The gave out their SSN because this is directly related to SS transactions. The doctors receive payments from the insurance company, and those payments must be reported to the IRS on a 1099 form, and that must include the tax id, which is the SSN.
Anyway, I see leaks like this as a good thing. The sooner everyone's SSN is public, the sooner we move away from the idiotic notion that the same number should be used for both identificat
Re: (Score:2)
Err, if the said Dr. is in business and is not incorporated, he's quite a fool.
Err, no. there is NO place to fill out SS on a 1099 payment. That is precisely where you have and use your TIN (
Re: (Score:2)
when receiving 1099 income, the issuer o
Re: (Score:2)
Yup, win a prize worth more than $600 from the radio and such and you won't receive it until you've filled out the 1099 related paperwork that requires you to give yuour SSN. Win more than $600 at the casino or in something like a dart tournament and the same thing happens?
Oh, and as far as end-of-year payments... Coming up quite short on all that excess income will result in some penalties, the least of which is requiring you to file quarterly estimated payments. In other words, if you have a lot of taxabl
Re: (Score:2)
Any smart Dr will be incorporated and use a TIN for tax purposes, not a SSN.
Re: (Score:2)
Err, no. there is NO place to fill out SS on a 1099 payment.
This is just flat out wrong. Have you ever actually seen a 1099? If you are paying an individual, the SSN is the tax id, and must be listed on the form. If you are paying a corporation, then you don't use a 1099.
Re: (Score:2)
Not so, I contract, I am an individual working for my own S-corp.
I have never given out my SSN when being paid 1099 through my company.
I give out only my TIN, they pay me with checks, and at EOY I get a 1099 from them for my tax purposes.
Re: (Score:2)
I don't give my SS to anyone except the bank and for SS tax purposes. My last power company tried to insist I give it to them, when I asked WTF they needed this for simply connecting power they said for a 'credit check'. I talked further and found out they'd take a deposit in lieu of this and that's the road I took. I got the deposit refunded about 6mos later I think.
These companies really don't need it. When I setup my cable, electric etc. I didn't have an SSN, it takes time to get one when you are an immigrant. As soon as they learned I just didn't have one then they went down an alternate procedure. I think in the end I only had to leave a deposit with the cell phone company, everyone else just connected me.
This can be a pain down the line when trying to deal with these companies over the phone though as everyone wants the last 4 digits of your social as part of th
Re: (Score:2)
Using them as identifiers isn't actually that bad. Though it's a bit daft not to be able to come up with employee/student/etc numbers.
The problems come trying to use them as AUTHENTICATORS. As well as the daft idea that only you know your own "name"...
Re: (Score:1)
Correction: Most newly graduating and practicing doctors. Established doctors make good money, the lowest average being around 150k year. I don't feel for doctors in general because they are making tons of money off the backs of sick patients. It's time to end for-profit medicine and move to a sane single-payer system. The only thing stopping this is the love of money. Things should be like the military or government, where the medical schools are run by the government and doctors graduate with no debt, but
Re: Not such a big problem (Score:1)
That's the dumbest thing I've read. No, they are getting paid for their service and the hard road it took then to get there.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
I imagine state of current US court system qualifies as "special circumstances".
Re: (Score:2)
I knew an ObGyn who retired shortly after being sued for $BIGNUM for delivering a baby with a clubfoot - a genetic defect. His insurance company refused to fight and wanted to settle for $MEDIUMNUM instead. Thing is, they would then raise his rates significantly. If he chose to fight the case in court and lost, they wouldn't cover any damages since they'd offered to settle it for him. Heads they win, tails you lose.
Re: Not such a big problem (Score:5, Interesting)
Physicians tend to partner up with other professionals, like lawyers, bankers and CPAs when they start their own private practices. Many established physicians ARE going broke and filling for bankruptcy after getting drawn too deep into the business side of medicine. Instead of keeping focus on patient treatment, many physicians have their entire life savings linked to the profitability of their practice, which has more to do with negotiating the best deals for insurance reimbursement, malpractice insurance, building leases, utilities, and capital expenses such as X-ray, EKG, or sonogram machines. The bankers and lawyers structure things so they have the lion's share of ROI while the physician is personally exposed to the most liability. Then they have lawyers, bankers, limited partners, and shareholders pressuring them to be more "profitable", which means cutting face time with patients from 15 minutes to 10 minutes, prescribing drugs from suppliers that will pay back "incentives", referring to other specialists and facilities that offer kickbacks, separating physician fees from facility fees to juice more from insurance, performing more tests than necessary to defend against liability while receiving more reimbursement from insurance and medicare, performing sneaky out-of-network or uncovered services on unsuspecting patients with deep pockets, and more frequently flat-out defrauding medicare, medicaid, and private insurance companies.
Patients and physicians both would benefit from either a single-payer system like the UK and Canada have, or a maybe a public-private system like Australia has, where those willing to pay more direct or willing to buy commercial insurance can be treated by private physicians rather than publicly employed physicians, just like we have public and private schools in the US. In the US we actually have a shortage of physicians, especially if we are going to start covering care for more of our poor and working class. Yet many excellent candidates are not admitted to medical school because only the cream of the cream were selected. There are also many qualified physicians educated in Europe and Asia that cannot EVER practice in the US simply because they didn't get their degree here. Direct government investment in programs to train and certify physicians without forcing them into hundreds of thousands of dollars of unforgivable student loan debt would be a benefit to aspiring physicians and patients alike. Direct government assumption of financial liability and discipline of physicians would free physicians to earn an honest and comfortable living while providing patient care that serves the interest of the patient.
Gradually shortening the terms of pharmaceutical patents and finding more cures and treatments through non-profit, grant-funded, university research would help to substantially lower the family burden when it comes to the cost of care. At the end of the day it is the scientists putting in 80-120 hours each week that makes cures possible, and even those scientists working for Big Pharma are not raking in the dough compared to the executives, lawyers, and pharma sales reps. Scientists are not paid any less at the University level so the argument of profit incentive is rather mute.
Re: (Score:2)
And that won't lead to worse kick backs from drug companies than are already happening with doctors making $200k-$500k a year?
Riiiiight.
Re: (Score:2)
Correction: Most newly graduating and practicing doctors. Established doctors make good money, the lowest average being around 150k year. I don't feel for doctors in general because they are making tons of money off the backs of sick patients. It's time to end for-profit medicine and move to a sane single-payer system. The only thing stopping this is the love of money. Things should be like the military or government, where the medical schools are run by the government and doctors graduate with no debt, but are required to give the government 10 years of service in lieu of tuition. They would get promoted based on time in grade and time in service. They would receive sane salaries like military doctors. It's beyond time to remove the incentive of money for good treatment.
Just like bakers, farmers and chefs. They make money off the backs of HUNGRY people. It's time to end for-profit food-making and move to a sane single-payer system. Things should be like the military or government, and they would receive salaries. It's beyond time to remove the incentive of money for good treatment.
See what I did there?
Re: (Score:2)
Oh, we could go even further and mention programming and IT work. We'd get even closer if we mentioned basement dwelling as an occupation.
Using SSN? (Score:2)
How could a criminal use SSNs anyway?
What types of scam/hack/crime would be possible?
Re: (Score:2)
Re:Using SSN? (Score:4, Informative)
They can use SSNs for ANYTHING, which is what's so scary about having yours stolen. They can open credit cards, take out insurance policies, even look for jobs in your name. Essentially, an SSN is a person's identity.
Re: (Score:2)
They can use SSNs for ANYTHING, which is what's so scary about having yours stolen. They can open credit cards, take out insurance policies, even look for jobs in your name. Essentially, an SSN is a person's identity.
Right... the problem isn't SSNs, or even the security of them... it's the fact that creditors will ruin your credit over the internet with nothing more than a 9 digit number and having never met you in person or even mailing you a letter. The majority of SSN fraud is done on the SSN of people who are dead. And not like "died last month" as in, dead for decades or even longer. The creditors don't even check to see if you're still alive before issuing a loan. There are more rigorous checks on your identity wh
Re: (Score:1)
Re: (Score:3)
While I don't want to provide a detailed how-to, it goes something like this:
1. Go to store.
2. Fill cart with TVs and other expensive goods.
3. Wait for cashier to ask "would you like to save money by opening a credit card?"
4. ???
5. Profit.
Re: (Score:2)
Someone got a car under my SSN using a check cashing card as proof of identity. They didn't even have any documents with the SSN on them, except a check cashing card.
Re: (Score:1)
I don't see this as a SSN problem; it's more a greed problem on the part of the seller, who failed to enforce due diligence.
Re: (Score:2)
I don't see this as a SSN problem; it's more a greed problem on the part of the seller, who failed to enforce due diligence.
He didn't just fail to enforce due diligence, his intent was to sell the car to someone not entitled to buy it, so that he could get a judgement. You can borrow against owed debt. It's all a very well-known scam.
Re: (Score:2)
With a person's name, SSN, and date of birth (somewhat easy to obtain), you can steal that person's identity and open lines of credit in their name. Add in address (pretty easily obtained) and you can do a lot of damage to their credit - while racking up thousands in purchases to enjoy. I wish I could add the caveat that you'd only enjoy this stuff until the police arrested you but many identity theft cases don't result in arrest because 1) the local police are unprepared to investigate online crimes that
Re: (Score:2)
Exactly how can you steal someone's identity? Aren't they still there? Don't their friends still know them? This just makes no sense.
Re: (Score:2)
The person took my personal information (from where I'll never know) and opened a credit card in my name - in other words, using my identity. This damaged my credit rating. Granted, it wasn't damaged as bad as it could have been, but that's like saying someone took my car for a joyride one night and brought it back with just a dented fender.
Other people who have had their identity stolen haven't been as lucky as I was. The thieves can make off with thousands of dollars worth of merchandise in a couple of
Re: (Score:2)
Yes, I get it that and kind of now regret my smart-ass comment. It was kind of trollish. I wanted to see how others might compare identity theft to IP theft. To me, they are very similar.
Identity Theft (Score:5, Informative)
I've been through identity theft. It's not fun. And I was lucky enough to catch it quick enough that little damage was done. Capital One approved a card for "me" based on an online form where the thieves had my name, address, DOB, and SSN. Mother's maiden name was wrong, but that didn't stop the approval process. The thieves paid for rush delivery of the card and then changed the address on it. This meant that the card was sent to me BEFORE the address change went through. If this hadn't happened, I would have only known about it once the bill collectors came barging down my door.
On a side note: Capital One was not helpful at all. They stonewalled both me ("If we tell you the address on the card and you go and kill the person, we're liable" = what they actually told me) and the police (gave them a phone number linked to an answering machine and never called back). The combination of their approval of the card, missing all of the red flags along the way, and refusing to help beyond canceling the card means Capital One will NEVER be "what's in my wallet."
For those who think they have bad credit and thus wouldn't be victims, it doesn't take much. Remember, the thieves don't care about whether you can pay back the bills they are generating. All it takes is one credit card company to approve a card and they'll tear through the balance leaving you with thousands in debt that you'll need to prove wasn't your doing. In addition, there's another form of identity theft where a criminal is arrested and gives your name/SSN/DOB instead of their own. Then your name goes into the police databases and you'll be harassed as an assumed criminal. Removal of your name can take years during which time you'll flunk any background checks.
There's no protection that I know of from the latter form of identity theft, but you can freeze your credit to protect against the former. This means that nobody - not even you - can open new lines of credit unless you first thaw the credit files. The downside is that you need to pay to freeze and for each thaw. The upside is that you have a handy retort for all of those "You can save $5 if you open up a credit account with us" offers at the cash register. "No, thanks. My credit file is frozen." I've found these people stop their sales push the minute they hear you were a victim of identity theft. (I don't think that's in the script they are supposed to read to customers. ;-) )
Re: (Score:1)
In Sweden we use our SSN (equiv) for almost everything. We do not expect it to be secret. Also all mail from creditors are always sent to our registered adress. So while we still have identity theft it's much harder for the thieves to actually rerout packages containing credit cards. Rather they often need to steal the package from the mailbox (which can be hard in condos/appartments). I don't really see how the companies considering the SSN to be secret will help anyone. If just everyone assumes that all S
Re: (Score:2)
Yeah, like that is really verified. Just google "voter registration" to find out why that can't really be considered valid in the US. Yes, we really do have a major political party that has dedicated itself to the notion of allowing anyone to vote, regardless of eligibility (citizenship).
Re: (Score:2)
Well, yes and no. Its a good thing "in theory" but turns out to be dreadfully inconvenient in practice, just as having an official registered address is a bad thing "in theory" but turns out to be totally reasonable in practice. Its not as you haven't already provided an address to various government agencies for your drivers license, income tax, etc...
Re: (Score:1)
So, pretty clearly, there is a huge problem with SSNs being used in the USA as both identifier and authenticator. And this has been know for years, and many people have suffered as a result of this really really stupid system, whose flaws are obvious to everyone using the system.
So how long will it take to get something changed?
Re: (Score:2)
Sadly, I don't think this will be changed anytime soon. Identity theft doesn't really hurt credit card companies or credit agencies. The credit card companies just close the card and write off the fraudulent purchases. At best. At worst, they'll send collection agencies after you for years until you prove that "you" wasn't really you. (The credit card company in my case had various "suggestions" as to what happened including that my wife opened the account with my information without my knowledge. Fin
Wasn't there an old joke: (Score:2)
to screw up is human, to really screw up requires a computer.
Another example (Score:2)
Another example of why stupid people shouldn't be left in charge. These folks are responsible for managing billions of dollars in health care premiums and payments and a failure in data management policies has lead to a breach. I'm sure they'll just offer the poor doctors "Lifelock" for a year. No wonder our healthcare system is so fucked up.
Re: (Score:2)
The health care industry was the employer. Did you really think that it was just a major coincidence that only those patients who were also doctors had their SSNs leaked?
Monthly filing (Score:2)
I'm going to guess that these filings are done electronically. And that the information provided must fit some sort of pre-arranged schema. Back in the old paper days, a form with labeled fields to be filled out. So if some moron ran a SELECT * to populate the report, the state should have rejected it as not being filled out properly.
Or is this one of these reports that the state requires but never uses? Something that has been done by tradition but everyone has forgotten about the reasoning behind it. So