A Verizon Data Breach Investigations Report for the health care sector relieves that cybercriminals are generally seeking financial and personal information when they break into health care sites, rather than looking for information about a patient’s medical condition or what drugs they’re taking. The Verizon folks portray this as a surprising finding, but to me it’s completely expected. Of course people are paranoid about someone having access to their health care records, but isn’t a lot easier to grab thousands of credit card records and Social Security Numbers anonymously rather than reading through a bunch of medical notes and going to the trouble of blackmailing someone?
But this report does give me the opportunity to rant about one of my pet peeves: doctors offices asking for my Social Security Number. They don’t need it. They shouldn’t ask for it. You shouldn’t give it to them.
I’ve been surprised that the two doctors I visited in the last year –a generalist in a fairly high-tech group practice and a specialist practicing on his own– both asked for my SSN. Although I know they have no business asking for it I still felt a little awkward about refusing to fill out their form. I don’t mind being tagged as a “difficult patient” if it’s due to my desire for shared medical decision making, but I’d rather not make the doctor or office staff angry out of the box if I don’t have to.
Let’s face it. Most physician offices have weak information security. You have to assume your information could get out. Think twice before providing information the office just plain doesn’t need to know.