The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found.
The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept which insurance plans, framing it as an overdue improvement and part of the Trump administration’s initiative to modernize health care technology.
But a publicly accessible database used to populate the directory contains some of the providers’ Social Security numbers, linked to their names and other identifying information. For at least several weeks, CMS made the database available for public use as part of its data transparency efforts. The files are not immediately visible to users who visit the provider directory.
The Post downloaded the database and identified at least dozens of Social Security numbers belonging to health care providers while reviewing a sample of rows.
CMS did not respond to questions about how many providers’ Social Security numbers were exposed, whether it had notified the individual providers and other details about the incident.
The Post informed health officials on Tuesday that the numbers had been exposed, giving the agency time to take down the database, and contacted some of the affected providers, who said they were confused and concerned.
“I don’t even know how [Medicare officials] would get my Social Security number,” said one physician, who spoke on the condition of anonymity to avoid the risk of identity theft.
CMS officials said they are working to fix the problem that led to the exposure. A spokesperson said the problem “stems from incorrect entries of provider or provider-representative-supplied information in the wrong places” — essentially, that providers entered information in the wrong place and left their own Social Security numbers exposed.
“The agency has taken steps to address it promptly and reinforce safeguards around data submission and validation,” CMS said in a statement.
The directory is part of a broader initiative that includes plans for a new national directory of health care providers, led by Amy Gleason, the acting administrator of the U.S. DOGE Service and a senior CMS official.
The project has faced several setbacks. The Post last year reported that an early version of directory was rife with errors, including misidentifying which health care providers were covered by which health care plans.
Trump administration officials have said the directory will simplify the process for patients searching for health care practitioners by tapping the reach of the federal government.
“We felt like this is a good-use case of the government actually doing something,” Gleason said in remarks last year.
Some Democrats have raised concerns about its launch.
“We are concerned that this rushed rollout will mislead millions of seniors as they compare plans, and may cause seniors and people with disabilities to incur medical bills they reasonably believed would be covered,” Sens. Jeff Merkley (D-Oregon) and Ron Wyden (D-Oregon) wrote in November to CMS officials.
CMS Administrator Mehmet Oz and his deputies have defended the project.
“We remain committed to continuously improving the services we provide through Medicare.gov and Plan Finder, and to ensuring that all people with Medicare can make informed choices about their health coverage with confidence and transparency,” Oz wrote to Merkley and Wyden last month.
Aaron Schaffer contributed to this report.
The post Medicare portal database exposed health providers’ Social Security numbers appeared first on Washington Post.
