POLITICS

Medicare Breach Like Breaking Into A Dr's Surgery? Experts Say No

The chance of a Guardian journalist being part of a small card cache has been put at 0.0003 percent.

05/07/2017 11:53 AM AEST | Updated 05/07/2017 8:59 PM AEST
Andrew Meares/Fairfax
Human Services Minister Alan Tudge: "This isn't a cyber security attack as such, but is more of a traditional criminal activity."

CANBERRA -- In the wake of revelations that Medicare card details are being sold online with the promise of access to 'any Australian' for around $30, the Turnbull Government has been out assuring the public that there's been no major cyber security breach of its health IT systems.

Human Services Minister Alan Tudge has rejected the description of a cyber security attack, instead describing the sale - exposed by a Guardian Australia investigation - by an anonymous vendor over the hidden "dark web" on an auction site was "more of a traditional criminal activity".

"This means that someone has not hacked into a database," the Minister told RN Breakfast on Wednesday.

"We have had such traditional criminal activity in the past for example where someone has literally broken into a doctor's clinic to seize Medicare card numbers they would then try to use for fraudulent purposes.

"No one has downloaded the system as such."

Medicare card details are seen as valuable in the production of fake IDs and are worth around 40 points in the authorisation for things such as passports and bank loans. Tudge could not confirm the vendor's claim that 75 Medicare numbers had been sold, saying it was likely to be "in the dozens".

And he admitted the government didn't know about the breach until contacted by the Guardian journalist.

But, hang on. The Guardian Australia verified the legitimacy of the card details by requesting the data of one of its own journalists. And the vendor claimed a vulnerability breach in the department's system.

"I think the likelihood of the information being available on the dark net by any means other than a hack of the data is extremely unlikely," medical IT expert Paul Power told HuffPost Australia.

"The probability that only 75 records were taken and the Guardian journalist happened to be among them is 0.0003 percent."

"So I would take it with a grain of salt any supposed explanation that the acquisition of the data was by any means other than a hack."

Is it like breaking into a doctor's surgery?

"The probability that someone has broken into a particular doctor's surgery and by the way it happens that the journalist of the Guardian has his records amongst them is so close to zero it is not funny," Power explained.

Another expert has urged caution.

Rob Livingston is a technology advisor and UTS Fellow has told HuffPost it is best to wait for the outcome of the AFP and Departmental inquiries.

"Until the forensic analysis is done we don't really know the full details of it," Livingston said.

"However in general terms, the trade in Medicare numbers, especially fraudulent ones, is on the dark web and there is a constant trade of this globally."

"The key thing is, the controls within the Medicare system is sufficient."

So it is not known whether or not it is a hack, but this unlikely probability scenario was put to Minister Tudge on Sky News on Wednesday as he maintained there was "not a cyber security breach of our systems", it was "highly likely a traditional criminal activity" and people's health records were not at risk.

Tudge stated, "they have not hacked the government's systems to the best of our knowledge."

Host Tom Connell asked, "are you saying, coincidentally, they broke into the same doctor's office that the reporter goes to?"

The Minister took a step to the side.

"I'm just not adding any further commentary on this Tom," Tudge said.

"But that would mean that would be the case, if that was a possibility?" the Sky News host pursued.

"Again I am not providing any further information on this," the Minister stated. "I just don't want to jeopardise any investigation."

Federal Police are looking into the allegations and there is an internal investigation underway by the Department of Human Services.

The Human Services Minister also said his Department's policies upon which people access data numbers are being reviewed.

Click below to follow HuffPost Australia Politics on Facebook!


ALSO ON HUFFPOST AUSTRALIA

More On This Topic