Companies requiring identity confirmation when calling YOU [View all]

I've had two occurrences this week of companies calling me and asking me to provide my date of birth to identify myself before they will speak with me. Having a tech and security background, I sort of balk at this.

In both cases this was legitimate. One was the doctor's office and the other the pharmacy. So, I get it, they want to identify me before discussing private medical details. But I have the phone registered on my account in my possession, and in most cases that satisfies the 2FA requirement. And they called me! If somebody is out to steal your identity, maybe you shouldn't lend them your phone.

I refused to provide any sensitive personal information in that situation, and they talked to me anyway.

My concern is that if this becomes commonplace, then people will let their guard down and readily provide their personal information during a very rudimentary phishing attack. Spoofing a phone number is unfortunately still very easy.

What should healthcare providers be doing in this case? Thoughts? Do you draw the line at date of birth or just social security number?