DOGE-Built Medicare Portal Leaks Provider Social Security Numbers
A directory created by the Centers for Medicare & Medicaid Services (CMS) to help seniors find doctors accepting their insurance plans inadvertently exposed the Social Security numbers of healthcare providers, according to a report by The Washington Post published April 30, 2026. The system, implemented by the Trump administration’s Department of Government Efficiency (DOGE) program, was publicly accessible for “several weeks” before the issue was brought to the attention of federal officials.
Background on the Medicare Directory
CMS launched the directory in 2025 as part of an effort to modernize healthcare technology and improve transparency for Medicare beneficiaries. The directory aimed to streamline the process of verifying which providers accept specific insurance plans. However, the implementation process contained a critical flaw.
How the Data Leak Occurred
The leak stemmed from incorrect data entry by providers or their representatives, who inadvertently entered their Social Security numbers into publicly accessible fields within the directory. According to a CMS spokesperson, the problem “stems from incorrect entries of provider or provider-representative-supplied information in the wrong places.” The exposed data included names and other identifying information alongside the Social Security numbers.
DOGE and Previous Data Security Concerns
The incident raises further concerns about data security practices within the Department of Government Efficiency. NPR reported in January 2026 that DOGE employees improperly accessed and shared sensitive personal data on millions of Americans. The Social Security Administration (SSA) discovered that DOGE employees shared confidential information on approximately 1,000 Americans with workers at Elon Musk’s companies, according to Marketwatch.
Attempts to Share Data with Advocacy Groups
The SSA also stated in a January 16, 2026, court filing that DOGE employees attempted to transfer sensitive personal records to an unnamed advocacy group seeking to “overturn election results.”
Ongoing Remediation Efforts
CMS officials have stated they are working to rectify the issue and secure the directory. The extent of the damage and the number of providers affected are still being assessed. The agency used Cloudflare in March 2025, against its own security policies, according to the Marketwatch report.
Key Takeaways
- A Medicare directory designed to improve transparency inadvertently exposed the Social Security numbers of healthcare providers.
- The data leak was caused by incorrect data entry by providers and their representatives.
- The Department of Government Efficiency (DOGE) has faced previous scrutiny regarding data security practices.
- CMS is working to resolve the issue and secure the directory.