The Centers for Medicare and Medicaid Services (CMS) unintentionally exposed Social Security numbers for at least 100 healthcare providers on its public National Provider Directory, according to multiple media reports.

The data breach was discovered when The Washington Post flagged the exposed information to CMS officials. The agency subsequently took down the National Provider Directory webpage, which is designed to help Medicare beneficiaries connect with healthcare professionals.

The directory typically contains professional information about healthcare providers, but the exposed data included sensitive personal identifiers that should not have been publicly accessible. CMS has not yet provided details about how long the information was available online or how many people may have accessed it.

This incident comes amid heightened concerns about data security in healthcare systems. The exposure of Social Security numbers presents particular risks, as this information can be used for identity theft and fraud targeting both the affected providers and potentially their patients.

CMS has not announced specific steps it will take to notify affected providers or prevent similar incidents in the future. The agency did not immediately respond to requests for comment about the timeline for restoring the directory or additional security measures being implemented.