The Federal Minister for Human Services, Alan Tudge, has brought in the Australian Federal Police (AFP) to look into claims that Medicare card details are available for purchase over the dark web.
The move comes after Guardian journalist, Paul Farrell, claimed that he was able to buy his own Medicare number from a “darknet” trader that has reportedly been illegally selling Medicare patient details online.
According to Farrell, the seller, dubbed “the Medicare machine” uses a Department of Human Services logo to advertise its services, and offers Medicare card details for less than $30.
Now, Tudge has indicated that the Government is taking the claim seriously.
“Claims made in the Guardian newspaper that Medicare card numbers are able to be purchased on the dark web, are being taken seriously by the government and are under investigation,” Tudge said in a statement on 4 July.
“These claims have also been referred to the Australian Federal Police,” he said.
According to Tudge, Farrell has assured the Government that the information he obtained was not sufficient to access any personal health record.
“The only information claimed to be supplied by the site was the Medicare card number,” Tudge said. “The journalist was asked to provide his own name and date of birth in order to obtain the Medicare card number.
“Any apparent unauthorised access to Medicare card numbers is nevertheless of great concern,” he said.
Tudge went on to confirm that investigations into activities on the dark web occur “continually”, and that the security of personal data is an extremely serious matter.
“Thorough investigations are conducted whenever claims such as this are made,” Tudge said. “The Government has an ongoing commitment to prioritise cyber security and is constantly working to further improve our capability.”
During a media conference on 4 July, Tudge added that there has been, as yet, no indication of a wide-scale data breach resulting in the Medicare data making its way into the dark web.
“The advice from our chief information isn't is there hasn't been a cyber security attack on our systems as such and it is a traditional criminal activity,” Tudge said.
Article updated at 2:45 pm on 4 July.