The federal government is currently investigating claims that Medicare details of Australians are up for sale on the dark web.
An investigation by The Guardian revealed a darknet trader is selling Medicare card details for a cost of 0.0089 bitcoin, just shy of AU$30.
The report details that the seller is using an Australian Department of Human Services logo to advertise the services dubbed “the Medicare machine”, which is allegedly exploiting a vulnerability in a government system to access the information.
A statement from Minister for Human Services Alan Tudge said the information obtained illegally was not sufficient to access any personal health record, but he noted any apparent unauthorised access to Medicare card numbers is “nevertheless of great concern”.
“The only information claimed to be supplied by the site was the Medicare card number,” Tudge said on Tuesday. “The journalist was asked to provide his own name and date of birth in order to obtain the Medicare card number.”
Assistant Treasurer Michael Sukkar said the government took “extraordinarily seriously” the data it collected on individuals.
“It’s very alarming to me if any of that data is finding its way into hands that it shouldn’t be,” he told Sky News. “This is going to be an ongoing issue as more and more of our information ultimately is collected and stored online. Governments are going to have to be much better at protecting that data.”
Sukkar also said he understood concerns people held over the “extremely concerning” reports of the breach.
“All I can do is assure you that we will do absolutely everything possible to protect that data,” he said. “If that means more work and more upgrades to our system, then so be it.”
Tudge said the Department of Human Services receives ongoing advice and assurance regarding its cybersecurity capabilities from the Australian Signals Directorate. He also said the government has an ongoing commitment to prioritise cybersecurity and is constantly working to further improve its capability.
“I cannot comment on cyber operations, however, I confirm that investigations into activities on the dark web occur continually,” the minister added.
“The security of personal data is an extremely serious matter. Thorough investigations are conducted whenever claims such as this are made.”
The matter has been referred to the Australian Federal Police.
The Australian opposition previously criticised the government for “outsourcing” healthcare-related initiatives after Prime Minister Malcolm Turnbull warned against outsourcing too many government services during his election campaign.
Labor pointed out that the data contained in the national cancer screening register (NCSR) being handled by telecommunications carrier Telstra was too sensitive to be managed by a private sector vendor.
A report from the Australian National Audit Office (ANAO) last week revealed there was no plan around how privacy and security of the NCSR will be handled by Telstra. It said the department had rejected the telco’s proposed data protection plan in December on the grounds that it did not comply with the requirements of the contract.
Telstra admitted in its response to ANAO’s findings, dated June 1, that the documentation was “still being finalised”.
Following the release of the ANAO’s report, Shadow Minister for Health and Medicare Catherine King called the federal government’s handling of the NCSR “disastrous”.
“The stuff up is made all the more serious by the fact that some of Australia’s most sensitive and deeply personal health data, such as pap smear results and bowel cancer screening, will be housed on this register,” she said in a statement last week.