Hi Cary,
The most robust solutions I've seen involve a combination of at least one Data Identifier (DI) policy as well as an Exact Data Match (EDM) policy based on whatever SSN data your company has record of.
The DI policies are usually a SSN DI set to Medium or Narrow breadth and with applicable keywords set. It sounds like you already have this. I've also seen some companies setup an additional Wide breadth policy and configure it to be less (i.e. Info severity) as just an informal view to see what else is out there.
The EDM policy is where you can get really accurate, robust detections. The concept would be to take whatever SSN's you have on record (i.e. from your employee database or your customers if you track that information for them) and then index it. Generally you'd want to index at least a Last Name and SSN and some companies include a First Name as well. Once you have that index you can setup a policy to look at the index of data and trigger an incident whenever it sees a matching Last Name and SSN in the same document/email/attachment.
The Admin Guide for DLP goes into more detail on this, and how to set it up and configure it, but that's the general idea.
Best of luck - let us know if you have any questions!
- Tim