Medicare data leaks, but who was breached?

Medicare numbers in Australia became a lot less useful as a proof-of-identity, with the Australian Federal Police investigating how an unknown number of records ended up for sale on a Tor site.

The report first surfaced via The Guardian’s Australian site, with journalist Paul Farrell reporting he purchased his own record for around AU$30 on the dark site, by providing his name and date of birth to a vendor.

The vendor claims to have found a vulnerability in the system, but it’s not known how many records “the Medicare machine” has accessed.

Medicare records aren’t held only on commonwealth computers: they’re all over the place, including general practitioner systems, state-operated and private hospitals, and much, much more – making any breach difficult to trace and verify.

The vendor, who The Graun reckons has sold 75 records since October 2016, claims to have real-time access to any Australian’s Medicare number.

Prominent computer scientist and cryptography specialist Dr Vanessa Teague of the University of Melbourne noted that such breaches emphasise the importance of providing better protection for citizens.

Speaking to the Australian Broadcasting Corporation, Dr Teague said the compromise of Medicare data is “ironic, given that the AG has recently advocated weakening standards of encryption in the hope of combatting terrorism”.

The Federal opposition’s health spokesperson Catherine King called on the government to explain how the breach occurred.

Read more…

Source: The Register