Hackers have gained access to Australian Government Agency Medicare and are selling the card details of millions of Australians on the Dark Web. This can potentially lead to access to private health records of millions of Australians.
A trader on the Dark Web is illegally selling the Medicare patient details of any Australian on request by “exploiting a vulnerability” in a government system.
The seller is using a Australian Department of Human Services logo to advertise their services and are reportedly selling card details for just $30.
The precise method the seller is using to obtain the Medicare details remains unknown and may be difficult for government agencies to track.
Australian Human Services Minister Alan Tudge said the concerning incident was being treated seriously, but the information being sold wasn’t sufficient to access any personal records.
However, IT experts dispute this and have called for the Government to abandon plans to automatically create a My Health Record for every Australian.
The fact that Medicare data is available on the dark web has raised security concerns about the $1 billion My Health Record scheme. The My Health Record scheme will contain patient’s information such as mental illness, a sexually transmitted disease or a birth/abortion and could be used against them.
Medicare card details are not publicly available. However, they are valuable to organised crime groups, because they allow them to produce fake Medicare cards with legitimate information. These can then be used for identification fraud.
These identification cards have been used by crime syndicates to buy goods, property or cars. The card details could also be used to defraud the government of Medicare rebates, with payments being directed into fraudulent bank accounts.
The Federal Government has revealed it is urgently investigating the security breach and has referred the matter to the Australian Federal Police
The unlawful access of government information can constitute a computer crime offence under the Commonwealth’s criminal code. The vendor’s use and disclosure of this information could also be an offence under the Privacy Act 1988 (Commonwealth) or the Healthcare Identifiers Act 2010 (Commonwealth).