Investigation into claims Medicare numbers for sale on dark net

The federal government has referred claims that Medicare card details can be bought on the internet to the Australian Federal Police and an investigation launched.

The Guardian this morning reported that it had been able to buy Medicare card details for $30 worth of bitcoins and that the details of at least 75 people had been sold by the same vendor.

Minister for Human Services Alan Tudge issued a statement saying the claims were being taken seriously by the government and are under investigation.

Mr Tudge said he had received assurance that the information obtained by Guardian journalist Paul Farrell was not sufficient to access any personal health record.

However, he said any apparent unauthorised access to Medicare card numbers was of great concern and that the security of personal data is a serious matter.

The Guardian reported that the vendor was offering “Medicare patient detail in full” but it is unclear whether this includes any MBS or PBS data or is restricted to just the number.

Medicare also holds bank account information for many citizens as well as other personal information.

“The only information claimed to be supplied by the site was the Medicare card number,” Mr Tudge said. “The journalist was asked to provide his own name and date of birth in order to obtain the Medicare card number.”

Mr Tudge said DHS receives ongoing advice and assurance regarding its cyber security capabilities from the Australian Signals Directorate.

“I cannot comment on cyber operations, however, I confirm that investigations into activities on the dark web occur continually,” he said. “Thorough investigations are conducted whenever claims such as this are made.”

Know any more? Submit a tip here.

Posted in Australian eHealth

Tags: Medicare

Comments   

# Peter Gee 2017-07-10 09:38
Well I hope they can resolve this quickly - It certainly can undermine confidence in the system.
If it is one compromised certificate they could buy some information, see which certificate was used to get that information then revoke that certificate. If all certificates are compromised they could all be revoked.
The other problem noted in the articles was that medicare cards are being used as defacto identity cards, which they were never intended to be.

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.