Medicare details of Australians Still being Sold on the Darknet Two Years after Breach
Two years after news first broke of Australian’s medicare details being sold online by criminals, online listing Medicare Madness is still selling illegally-obtained Medicare cards on the darkweb.
The story was first broken by news outlet The Guardian two years ago, who found that medicare details were being sold through darknet vendors for as little as $30.
According to The Guardian’s Paul Karp, “screenshots of the Empire Market, provided to Guardian Australia, show the vendor medicare machine has rebranded as Medicare Madness, offering Medicare details for USD $21...Other vendors charge up to USD $340 by offering fake medicare cards alongside other fake forms of identification- such as a New South Wales licence.”
The news prompted an official review which was headed by Peter Shergold, former secretary of the Department of Prime Minister.
The review panel issued a statement following the publishing of its 55-page report, warning that “current security check for release of Medicare card information provides a much lower level of confidence than the security requirements” for Health Professional online Services; an online portal allowing healthcare providers to make claims surrounding their rebates.
The Guardian interviewed an unnamed person who they say is a reliable inside source on IT matters who said that ‘the re-emergence of the data breach brings into question government assurances around the privacy of medical data “when those responsible cannot even manage the security of Medicare cards.”’
Despite the fact that there is, according to the anonymous source, “concerted effort at the moment by law enforcement to curtail darknet market activity,” the reality of the situation is that “the darknet markets, while disrupted momentarily when their sites are brought down, easily relocate and continue business.”
Once an online site has been taken down, the vendor is able to re-list without too much of a problem, and can send out a message to their existing clients with a link to the new, relocated website domain.
The Department of Human Services issued a statement outlining the fact that “someone claiming to sell fraudulent Medicare cards or details does not mean our systems or personal data have been compromised.”