Medicare breach sets off alarms over $1 billion e-health plan

A report shows that the full Medicare card details of any Australian are being sold on the dark web for around $30 each.

Announcing both internal and federal police investigations on Tuesday, Human Services Minister Alan Tudge said it appeared the breach had affected only a small number of people and had not put sensitive personal medical records at risk.

But IT and privacy experts are sounding the alarm, using the revelations to call for an urgent rethink of the government's new centralised $1 billion My Health Record system - which is about to be rolled out to most Australians.

As revealed by the Guardian Australia, an online vendor on a "dark net" auction site claims to be able to access anyone's Medicare card details on request, and is selling them for around $30 each. A reporter tested the veracity of the claim by successfully purchasing his own Medicare number.

Describing the system as "the Medicare Machine", the vendor claims they are "exploiting a vulnerability" in the government's systems to pull the data, and appears to have sold at least 75 numbers to date.

There are concerns organised crime groups could use the numbers to create fake cards for the purpose of identity fraud. The cards could be used to help open bank accounts, apply for a passport or credit card, or start an illegal business.

Mr Tudge said the government was taking the claims seriously but sought to allay fears of a wide-scale breach.

"The advice I have received from the chief information officer in my department is that there has not been a cyber security breach of our systems as such but rather it is more likely to have been a traditional criminal activity," he said.

He also sought to reassure that people's sensitive data was well-protected: "Nobody's health records can be accessed just with a Medicare card number. Anybody who suggests otherwise is irresponsible and is fear-mongering."

Nonetheless, the incident has sparked calls for the government to change course on its e-health plans. Nearly five million people already have a My Health Record but from next year they will automatically be created for everyone who doesn't opt out.

Medical IT specialist Paul Power says while it would be difficult for anyone to use a Medicare number to access health records, the breach highlighted the problem with big, centralised repositories of sensitive information.

"Our Medicare data is held in a centralised location and the proposal is to have My Health Records hosted in a centralised location," he said.

"The kind of breach that has evidently happened with the Medicare data can - and almost certainly will - happen with the My Health Record data if we go ahead and host it on this same kind of centralised depository."

He is calling on Health Minister Greg Hunt to instead consider a new German model, in which people's master data is stored on personalised cards and backed up on an individual consulting doctor's computer.

The Australian Privacy Foundation's David Vaile said the government had "drunk the big data Kool Aid".

"They seem to have set aside concerns about security, privacy, confidentiality and access controls," Mr Vaile said. "Health is the most sensitive form of information, that can dog your entire life. It can affect insurance, family relationships, your capacity to get jobs or travel."

Electronic Frontiers Australia also called for a My Health rethink, saying repeated cyber security blunders had undermined public trust in the ability of government agencies to properly handle their sensitive personal data.

A spokeswoman for the Department of Health said the My Health Record system had "multiple layers" of world-leading security and strict privacy controls.

"The My Health Record has been in operation for over five years, with nearly five million Australians having a record. In this time there have been no security breaches of patient data in the system," she said.

With Fergus Hunter and Tim Biggs