An alarming report has revealed the private Medicare card details of any Australian are available to buy via "The Medicare Machine" - a darknet vendor exploiting an alleged vulnerability in the government agency which the seller hopes is "here to stay".
Guardian Australia lead the investigation, verifying the claims by requesting the details of a Guardian staff member. All you need, they say, is the first and last name - as well as date of birth - of any individual. Then you receive their full Medicare card details.
The Medicare details of at least 75 individuals have been sold via the vendor in the last nine months alone, with the current going rate 0.0089 bitcoin ($29.75).
The Department of Human Services, Department of Health, Australian federal police and information commissioner have been made aware of the breach.
You can read the full report here, and further details as to exactly how much information is being made available (is it just card numbers? or are medical records sold as well?) have been requested. We will update as we learn more.
A strategy for eHealth, a "digitally enabled and integrated health system" with a focus on delivering "patient-centered health experiences with quality health outcomes" was today announced by the NSW Minister for Health, Jillian Skinner.
Even if it is just the card details, what can buyers actually do with this information? Identity theft is the big one. Your Medicare details could be used to open bank accounts, apply for credit cards, start an illegal business or apply for a passport. Your details could also be used to commit serious crimes, such as money laundering and - in extreme cases - terrorist acts.
If you think you may be at risk, contact IDCare.
A long-running case on whether you're allowed access to view your own mobile phone metadata — retained by Australia's telecommunications companies for government snooping, including comprehensive call logs and location data — and whether that data is classified as "personal information" has come to an unceremonious end.
Australia's Federal Court has put a stop to a final attempt by Australia's peak privacy advocates to restrict the retention and access of information by Australia's telcos, and the judgment will have wide-ranging implications for what information is considered personal under the terms of the Privacy Act.