Bleeping Computer and other outlets will probably talk about a breach at Texas Tech, where the University teaches and cares for patients.
The typical were pilfered including name, date of birth, physical address, social security number, drivers license number, government ID number, financial account info, health insurance info, medical info, billing claims data and diagnosis and treatment info.
Can you tell me why you need to hold on to Drivers License and SSN after verifying its purpose to identify the person to whom you’re treating? I know most of this needs to be there including where you live, insurance info, medical records and the like, but this is getting really old.
Once I’m verified as passing what you need to have to give me the care, get rid of the SSN and assign me a random ID number. I don’t want to be identified as giving you the last 4 of my SSN. It isn’t secure and this breach is just another case why I think we need to abolish it for something that doesn’t mean anything like a random ID number like 20250101 for me, 20250102 for Nick, right on down the line. This way, while it isn’t necessarily identifying you directly, you’d have to figure that out.
Maybe don’t do it the way I outline it, but have a system where you randomize it and assign me 20250101, Nick 20259425, Preston 20254000 and right on down the line so that it isn’t easy to just identify people.
I’m glad I don’t identify people in my business this way. Yes, I collected it once, but only used it to verify someone and that was it.
Texas Tech University System data breach impacts 1.4 million patients is the article which you need to read on this one.
Good luck!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.