The Medicare details of Australian patients are being sold online by a trader on the dark web, sounding alarms that the systems of a government health agency could have been compromised.
An investigation by Guardian Australia has uncovered the sale of Medicare card details on a dark web auction site popular for trading illegal products.
The dark web trader says in the listing that they have sold the details of at least 75 Medicare
cards since October 2016 by "exploiting a vulnerability".
But the listing
suggests the trader sold a large number before having to change their methods of accessing data.
Being used to promote what the seller has dubbed "the Medicare
machine" is a logo for the Australian Department of Human Services.
The Minister for Human Services, Alan Tudge, addressed the vulnerability at
a press briefing in Melbourne.
"The advice I have received from the Chief Information Officer in my department is that there has not been a cyber security breach of our
"Rather it is more likely to have been a traditional criminal activity."
The service was verified when the journalist behind the investigation
placed an order for approximately $30 and in return was given his Medicare
number. This information was generated after he provided his name and
date of birth.
The details of a Medicare card can be used to run fraudulent credit checks
to purchase goods such as mobile phones, cars or property. They can also be
used to defraud the government of Medicare rebates.
A Medicare card number alone cannot be used to obtain people's health
records, says the minister.
"I have received assurance that the information obtained by the journalist
was not sufficient to access any personal health record.
"The security of personal data is an extremely serious matter. Thorough
investigations are conducted whenever claims such as this are made."
The Guardian reported the vulnerability to the Australian Federal Police
prior to publishing. It is currently being investigated.