When a federal database—the kind of thing most people assume is locked down to the millimeter—turns out to have been surreptitiously leaking a person’s most sensitive identifiers, a certain kind of uneasiness sets in. This month, following The Washington Post’s revelation that a Medicare portal database had been disclosing Social Security numbers directly linked to physician names, that’s about how health providers are feeling. Additionally, the story appears more disorganized as it progresses.
It was not intended for the directory to be contentious. Promoted as a long-overdue tool to assist seniors in determining which doctors accept which insurance plans, it was introduced last year under the Centers for Medicare and Medicaid Services. A workable solution to an annoying issue. This kind of directory is necessary, as anyone who has spent an afternoon on hold with an insurer trying to find out if a cardiologist is in-network understands. In a press briefing, the Trump administration presented it as part of a larger effort to update health care technology.
However, there were already issues with the directory’s initial version. Errors, such as providers tagged to insurance plans they didn’t actually accept, were discovered by reporters scattered throughout the listings. annoying, but not hazardous. Exposure to Social Security is a completely different kind of issue. CMS claims that the leak occurred as a result of providers or their representatives entering data in the incorrect fields. The organization refers to it as a data-entry problem. Opponents may refer to it as something else: a system built with insufficient safeguards to prevent a predictable human error.
Although the actual number is most likely higher, at least 100 providers have been identified thus far. The Post claimed that after downloading the database, it quickly discovered dozens of exposed numbers. That particular detail is important. It’s difficult not to wonder who else has been surreptitiously scraping this data for months if a reporter can obtain it by just downloading a public file. Press releases are not typically issued by identity thieves.
This story has a political undertone that is difficult to overlook. The hack occurs at a time when the administration is already under fire for its handling of private federal data, particularly in light of previous reports regarding DOGE’s access to Social Security records. There are now whistleblowers. Last year, a Social Security official who raised concerns was fired. In light of this, even a “data-entry glitch” seems less like a singular error and more like a sign of a bigger problem—a tendency to build quickly and patch later.
CMS claims to have resolved the problem and strengthened security measures pertaining to data submission. That might be the case. However, it’s still unknown how long the numbers were publicly available, how many people downloaded the file, and whether the impacted providers were even informed prior to news reports about it. I’ve had casual conversations with doctors in the hallway about health policy, and they sound more exhausted than angry. According to one, it’s “the kind of thing you assume can’t happen until it does.”
There will probably be hearings because Congressman John Larson and others have called for accountability. Usually, there are. It’s another matter entirely whether anything structural changes. There is little political will to slow down tech rollouts, and federal directories are not going away. In these debates, convenience usually prevails.
As you watch this happen, you get the impression that the exposure of a few hundred numbers isn’t the only real harm. Every time something similar occurs, the trust gap grows. In the belief that the system will safeguard their data, providers give it over. Because the government says it’s safe, patients believe their doctor’s information is secure. This week, both presumptions seem a little less certain. Furthermore, nothing about CMS’s response to date indicates that this is going to change anytime soon.
