There is a lot of righteous anger out there about the Equifax security breach, and I am not arguing against it.
The point that goes under the radar in this is that personal information security has been violated in major systematic hacks for a long time (decades) and it’s time for a major revamp of personal identification. SSN’s were developed in the 1930’s when there was no consideration of modern information security. So many databases and security systems rely on SSN’s and those have been spread far and wide. Even before the Equifax hack, this was true.
In the example of the dental office scenario you suggested - the real risk is that the lowly paid office staff person is likely selling your personal ID, including SSN to identity fraudsters. Hospitals, medical providers and dental clinics are good sources for fraud artists, and they do not have to hack in - they can just bribe an employee.
Some thought needs to be put into a secure biometric id system that would replace SSN as key identification. The problem with that was on display in the Senate interrogation of the former Equifax CEO - and is also visible in the investigation of the Russian hacking into the 2016 election. To wit - very few in the Senate or the House have any basic understanding of modern information technology. You can hear it in the way they frame questions. How can you expect good policy to emerge from folks who have no understanding of the problem?
All good points.