CHOICE membership

Possible Medicare Data Breach


#1

Another day, another breach. It seems that our Medicare details are available on the dark web for the price of about US $22.00. The way the information is obtained is still not known but there are hints it is a vulnerability within a Government server. See these articles for more information:

http://thenewdaily.com.au/news/national/2017/07/04/medicare-card-details-sale-darkweb/


MyHealth Record - Megathread
#2

Nothing would surprise me given the fiasco that is MyGov … oh MyGod …


#3

So if people can get you medicare details can they then access other services via the mygov system? Should we be unlinking Medicare from mygov?


#4

They really don’t know how the data is being hacked.

But to answer your question, no there is no need to unlink your Medicare data in MyGov, the login to MyGov does not involve any Medicare details. If the hack involved MyGov all your links would be at risk not just Medicare so this is not a concern at this time.

The problem with having the Medicare data is that it would allow someone to start stealing your identity. They could then generate a copy of your Medicare Card which is worth 25 points of proof of Id out of the 100 required. The concern of this leak/hack is that the data should have been stored in a very secure manner and it appears that it hasn’t or that someone in a position of trust has abused that trust by accessing data to sell to others.


#5

If a hack did actually occur, it could also have been from other sources as well…such as State Government health system, private health insurance companies, hospitals, doctors surgeries, pharmacies or any other source that uses medicare number and other information to collect benefits.

It is possible that many of the later may not have the same level of security as the government websites.

It is also worth noting that many who don’t support the My-Health record system also seemed to be firing off numerous media releases around the same time the ‘hack’ first made the public domain.


#6

Has anyone heard if the government is doing anything about this? I haven’t heard anything on the news?


#7

Hi @WonderWoman, the Federal Government has responded by launching an independent review into the system. More info:


#8

Not even sure where to start with these people !! :wink:

It seems it’s not tortoises all the way down, it’s stupid all the way down … unless of course they pass a law to make stupid illegal, apparently that fixes it. Can’t see the government doing that though, they won’t legislate to outlaw their core competency …


#9

This latest Breach had it’s details embargoed until today so the Govt entity could fix the problem. But how do you fix what has been out in public for so long (over 1 year ago)?

Our Governments are all words about privacy, security, and how we should be careful with our data and then they let the world have it. Oh the wish to sue them and charge them for the personal data cleanup I will have to undertake. My nicest thoughts are words I will not express but “Utter Morons” is the sanitised version.


#10

A few years back I sponsored a review and plan to secure a government network environment. It was met with derision since there were no personal details on that network beyond internal staff, making it deemed unnecessary and not worthy of a hacker’s time. Fast forward a few years (I was long gone) and that network was hacked ‘critical national infrastructure’ with estimates of a few hundreds of millions to fix it properly instead of the few millions it would have taken not so many years prior.

Morons? No, the selection process for senior government employees is heavily weighted on how they think (strategic vision), not what they know or what they can do or their leadership/management ability, and the outcomes are often that very intelligent people are appointed who are ill equipped to do difficult jobs as many in the public sees them. At the end of the day their real jobs are dealing with government/pollies/spin and ticking boxes and $$$ things, not actually achieving outcomes (if the box can be otherwise ticked), however sometimes there is congruence. It is as much on the pollies as the public service system since many of our modern pollies know more about everything than anyone and have stone heads to advice. We are not where the US is today, but there is a trend.

Lots are of the view that what the public does not know will not hurt, sometimes they bank on their successor wearing the problem so it is not a priority, and sometimes they think a problem lessens as time passes or is supplanted by more visibly serious issues. Such is the beauty of strategic thinking as it often is called into play. Our government strategic thinking stops at the next election or next sound byte blaming the ‘other mob’. Imagine having to work in that environment.


#11

This slip up was not a data breach in the sense it was not hacked from behind secure servers. It was a public release of what was considered by them as personally unidentifiable data. I do agree that the upper echelons are probably very intelligent, they are hindered by the political waves, they do the job their masters want. But this release was not, and should have been, done more carefully or with less public access. What they thought and what was possible was very different. But they should have been sure and not just ‘thought’ it was secure or safe before they released it or they should have released it in a way that access was limited to those with a valid reason for ‘need to know’, and they could also could have been bound to some reasonable terms of non-disclosure.

The Government then tried to cover their folly by trying to make it offence to re-identify someone from publicly released data, which has failed. By the very nature of making it public it is open data, no one needed to de-encrypt this to identify anyone they just needed to run analysis on the data to match it to specific people.


#12

All true as you wrote, led by internal ‘experts’ with grand strategic visions and little comprehension of realities.


#13

… thats where I lost it, what can be said? - I was thinking ‘1984’, but it’s probably more ‘Brazil’ (on it’s way to ‘Idiocracy’) …


#14

It is the same government mentality that loves to cover its own behind or causing the innocent to become guilty using retrospective laws, the technique of the scoundrel and which should be illegal by any common sense except that of politicians. OK, politicians and common sense do not coincide, so I yield that aspect.


#15

…and perhaps the same entrenched government ‘competence’ and ‘rigorous training’?


#16

‘by default’ …


#17

It should be the reverse, no sharing unless you opt in. The installers of programs that do the opt out rather than the opt in for crapware/bloatware are usually identified as PUP or malware, so why should we have to opt out in this much more private area of our life. Perhaps we should now treat our Federal Government as malware.


#18

During my travels I have briefly encountered 3 countries of government so far, and it has been a reminder how self serving ours has become where everything is tilted toward user pays and taxes provide us with little except our pollies who are paid at the top end of world comparisons even though they are barely amateurs in what they do; and from their perspective the treasury is theirs and everything has a cost but no value except their re-election prospects.

I propose this opt-out mentality is an example of how deeply held that dogma has become where we are but commodities in their day to day dealings, not their ‘employers’.


#19

Agree with your premise. We are but the fodder for the cannons.


#20

Opt -in, opt-out, shake it all about …