The Australian minister for human services Alan Tudge has referred the leak of private Medicare information to the Australian Federal Police for investigation.
Overnight, the Guardian reported that Australians’ personal Medicare data were on sale on the dark web for as little as $30, and that the online newspaper managed to successfully buy accurate records of one of its own staffers.
Tudge, while saying the claim is “being taken seriously”, denied that the exposed data was of sufficient concern.
“I have received assurance that the information obtained by the journalist was not sufficient to access any personal health record,” he said.
“The only information claimed to be supplied by the site was the Medicare card number. The journalist was asked to provide his own name and date of birth in order to obtain the Medicare card number.”
He declined to comment on specific cybersecurity operations, but did say law enforcement agencies are continually monitoring activities on the dark web.
“The security of personal data is an extremely serious matter. Thorough investigations are conducted whenever claims such as this are made.”
The Guardian’s report said that the precise method that the seller, who has a top rating in the marketplace, used to obtain the information is not known.
The department of human services, which runs Medicare, is directed in its cybersecurity strategy by the Australian Signals Directorate. The department of health is also likely to hold Medicare data of Australians.
The seller has been quoted as saying he/she is “exploiting a vulnerability which has a much more solid foundation which means not only will it be a lot faster and easier for myself, but it will be here to stay”, raising concerns about how difficult it will be to locate the source of the breach.