Medicare card details for sale on dark web

A trader is selling off Medicare patient details alleged to be from a government health agency.

The Medicare details of Australian patients are being sold online by a trader on the dark web, sounding alarms that the systems of a government health agency could have been compromised.

An investigation by Guardian Australia has uncovered the sale of Medicare card details on a dark web auction site popular for trading illegal products.

The dark web trader says in the listing that they have sold the details of at least 75 Medicare cards since October 2016 by "exploiting a vulnerability".

But the listing suggests the trader sold a large number before having to change their methods of accessing data.

Being used to promote what the seller has dubbed "the Medicare machine" is a logo for the Australian Department of Human Services.

The Minister for Human Services, Alan Tudge, addressed the vulnerability at a press briefing in Melbourne.

"The advice I have received from the Chief Information Officer in my department is that there has not been a cyber security breach of our systems.

"Rather it is more likely to have been a traditional criminal activity."

The service was verified when the journalist behind the investigation placed an order for approximately $30 and in return was given his Medicare number. This information was generated after he provided his name and date of birth.

The details of a Medicare card can be used to run fraudulent credit checks to purchase goods such as mobile phones, cars or property. They can also be used to defraud the government of Medicare rebates.

A Medicare card number alone cannot be used to obtain people's health records, says the minister.

"I have received assurance that the information obtained by the journalist was not sufficient to access any personal health record.

"The security of personal data is an extremely serious matter. Thorough investigations are conducted whenever claims such as this are made."

The Guardian reported the vulnerability to the Australian Federal Police prior to publishing. It is currently being investigated.