Recently Trua founder & CEO Raj Ananthanpillai did a guest editorial for American security today, where he talked about doing battle with identity thieves.
Doing battle with Identity Thieves
When HCA Healthcare was hacked recently, the personal information of tens of millions of patients was compromised.
Soon after that breach, the information went up for sale on a data breach forum, demonstrating that hackers waste no time trying to profit from their criminal efforts.
It was a chilling scenario for anyone concerned about identity theft, but sadly, it wasn’t that extraordinary of an event.
Hacks happen often, personal information is exposed, and identity thieves celebrate their triumphs.
(Millions of people may be affected by a data breach through HCA Healthcare. There are five HCA facilities in Northeast Florida. Courtesy of NEWS4JAX and YouTube. Posted on Jul 11, 2023.)
Here’s the thing, though. We don’t have to throw up our hands in frustration at these breaches and accept them as one of the downsides of our technology-fueled world.
There is actually something that can be done to prevent this scenario from happening in the future. In fact, a couple of things.
One is that businesses should rethink what kinds of information they require of their customers and clients because they are obligated to protect it once they have that information.
But unfortunately, most businesses, no matter how conscientious, aren’t equipped to serve as a fortress against cyber criminals. This is why businesses should give serious reflection on what information they truly need from consumers and whether they are collecting some of that data simply as a means to verify someone’s identity.
In many instances, the business could avoid gathering the information and the headaches of guarding it. (There are exceptions. An employer needs the information for payroll purposes. Banks and credit card issuers also have a legitimate need for it.)
For health providers such as HCA, though, I would ask this question: Do you need to ask for Social Security numbers when patients have insurance, and you already have the insurance information?
Frankly, businesses need to investigate better ways to verify customer identities rather than gathering and storing information that they now must shield from hackers who crave that information and have several tricks for getting it.
Consumers could also help by asking why a business or organization needs the information, how it will be stored, and for how long.
They also should ask whether other options don’t require them to provide their personally identifiable information (PII). (There are exceptions, as noted previously.)
The second thing that would help is everyone to have a form of reusable verified digital identification. This identification would confirm the person’s identity without revealing Social Security numbers, driver’s license numbers, birth certificates, or any other information that cybercriminals want to get their hands on.
The consumer would provide their personal information only once for verification purposes when the digital identification is created.
Still, after that, they would not need to provide it repeatedly each time they interact with a new business or government agency.
They would present the digital ID, and the business or agency would know the person’s identity had already been verified.
In this case, the specifics of Social Security numbers or other personal information would not have exchanged hands, reducing the odds that cyber criminals could get their hands on the information.
Until reusable verified digital identification is in widespread use, it remains up to businesses and individuals to thwart those cyber criminals by limiting the amount of personal information stored on servers.
The hackers can’t steal it from those servers if it was never placed there to begin with.
Be sure to check out the original article at americansecuritytoday.com