The Medicare details of anyone in the Australian public health system are offered for sale by an apparent hacker on the dark web, according to a report in The Guardian.
The vendor claims to be “exploiting a vulnerability” and will retrieve the Medicare details of anyone for a small payment in Bitcoin equivalent to around $A30.
Medicare details could be used to defraud the medical rebates system, but there are other uses for the information, especially identity theft, which can be used for more significant criminal activity.
The listing invites users: “Purchase this listing and leave the first and last name, and DOB of any Australian citizen, and you will receive their Medicare patient details in full.”
It’s offered on a darknet trading platform, a private peer-to-peer network.
The vendor has received a number of positive reviews and The Guardian reported it successfully bought the accurate details of a staff member.
The federal agency that administers Medicare is the Department of Human Services, while the Department of Health also has a significant role. A DHS spokesperson told The Guardian that the department was working with other agencies to investigate.
The Australian government has invested significantly in cyber security, last year rolling out a four-year strategy to build capability across government and the private sector.
Last week it emerged the government’s cyber intelligence unit was being given significant resources — 100 staff at first, growing to 900 over time — with the capability and authority to launch its own offensives against foreign sources of cyber attacks.