Medicare Portal Exposed Healthcare Provider Social Security Numbers
A public database intended to help patients find doctors inadvertently leaked the sensitive personal information of thousands of providers.
- By Jesse Jacobs
- May 08, 2026
A publicly accessible Medicare database exposed Social Security numbers of health care providers for several weeks before federal officials took it offline, as reported by Newsweek and The Washington Post.
The database powered a national provider directory run by the Centers for Medicare & Medicaid Services, or CMS. It contained sensitive provider information, including Social Security numbers entered into public fields by providers or their representatives. The news outlets report that CMS attributed the issue to data entry errors, not a cyberattack. A CMS spokesperson told The Post the agency addressed the problem after being alerted.
The directory helps Medicare beneficiaries find doctors and other providers. CMS has not disclosed how many providers were affected or whether they have been notified. However, Newsweek reports this exposure raises questions about data validation in federal health systems, with lawmakers previously having criticized the directory project for accuracy issues.
Providers whose data may have been exposed face identity theft risks, as their Social Security numbers were linked to names, addresses and National Provider Identifiers. Experts recommend monitoring credit reports, setting fraud alerts with Equifax, Experian and TransUnion and checking Social Security earnings records at ssa.gov.
The Washington Post has clarified that only health care providers are affected, with no evidence of patient or beneficiary information or Social Security numbers being exposed.