Medicare portal database exposed health providers’ Social Security numbers

Washington Postno paywall: “The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found. The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept which insurance plans, framing it as an overdue improvement and part of the Trump administration’s initiative to modernize health care technology. But a publicly accessible database used to populate the directory contains some of the providers’ Social Security numbers, linked to their names and other identifying information. For at least several weeks, CMS made the database available for public use as part of its data transparency efforts. The files are not immediately visible to users who visit the provider directory. The Post downloaded the database and identified at least dozens of Social Security numbers belonging to health care providers while reviewing a sample of rows. CMS did not respond to questions about how many providers’ Social Security numbers were exposed, whether it had notified the individual providers and other details about the incident. The Post informed health officials on Tuesday that the numbers had been exposed, giving the agency time to take down the database, and contacted some of the affected providers, who said they were confused and concerned. “I don’t even know how [Medicare officials] would get my Social Security number,” said one physician, who spoke on the condition of anonymity to avoid the risk of identity theft…”

Posted in: Censorship, Civil Liberties, Cybercrime, Cybersecurity, E-Records, Government Documents, Legal Research