- Social Security numbers have been exposed in a public database
- The database was used to populate a Medicare directory
- The directory was launched by CMS as part of Trump administration plans to modernize Medicare
A directory created by the Centers for Medicare and Medicaid Services (CMS) has exposed the Social Security numbers of a number of US healthcare providers.
The Trump administration introduced a new Medicare portal as part of plans to modernize US healthcare technology.
However, a database that was part of the directory was left publicly accessible, and exposed providers’ names and Social Security numbers.
Private data exposed
The directory, which included the database, was created to assist seniors in need of care to look up which doctors and medical providers were compatible with their healthcare insurers.
The database, downloaded and examined by the Washington Post, was publicly accessible as part of efforts by CMS to adhere to data transparency efforts.
Unbeknownst to CMS, the database contained some of the providers’ Social Security numbers, which CMS says were entered into the database by mistake. CMS explained that the error “stems from incorrect entries of provider or provider-representative-supplied information in the wrong places.”
“The agency has taken steps to address it promptly and reinforce safeguards around data submission and validation,” CMS added.
CMS did not explain how many Social Security numbers were exposed, nor any information on if providers had been informed about the exposure. The database was taken down after the Post notified health officials.
Speaking to the Post, one anonymous physician said, “I don’t even know how [Medicare officials] would get my Social Security number.”
The modernization of US Medicare under the Trump Administration has faced a number of previous errors, including mismatched or duplicated insurance coverage, which has raised criticism from some Democrats.
Sens. Jeff Merkley (D-Oregon) and Ron Wyden (D-Oregon) wrote a letter to CMS in November, stating, “We are concerned that this rushed rollout will mislead millions of seniors as they compare plans, and may cause seniors and people with disabilities to incur medical bills they reasonably believed would be covered.”
For Healthcare providers who believe their Social Security number may have been exposed, Microsoft recommends taking the following steps:
- Place a temporary fraud alert on your credit to alert credit bureaus to suspicious activity
- Download an up-to-date copy of your credit report
- Escalate any unrecognized accounts to the Federal Trade Commission
- File a police report so that there is an official record of your identity being stolen
- File a complaint with the Internet Crime Complaint Center
- Notify the Internal Revenue Service
