Medicare access to be reviewed after breach discovery

System hasn’t been changed in eight years.

The federal government has ordered a review of the way heathcare providers access Medicare card numbers following the revelation that the details were being sold online.

Last week The Guardian revealed Medicare card data for any Australian was being offered on the dark web for around A$29 per file.

The manner in which the data was being sold led to the presumption that the unknown individual was exploiting legitimate access to obtain the details.

Alongside payment, the seller requested a target’s full name and date of birth – the same data required for a search on Human Services’ HPOS Medicare verification service for healthcare providers.

The data the seller promised to provide was a Medicare card number and individual reference number (IRN) – the same data returned in an HPOS search.

The federal government has said the card data breach was likely perpetrated through “traditional criminal activity” rather than a vulnerability in Medicare systems. It has declined to provide any more detail while an AFP investigation is underway.

Just under 210,000 healthcare workers – including medical practitioners as well as administrative staff – across Australia have access to HPOS, according to Human Services’ most recent annual report. The system was accessed 3.9 million times during 2015-16.

The government today said the system not been significantly updated since it was first introduced eight years ago. It was introduced to allow people to get emergency treatment if they don’t have their card with them.

Ministers Alan Tudge and Greg Hunt said the review would examine the balance between the system’s convenience and security.

The review will be led by professor Peter Shergold, assisted by president of the Australian Medical Association Michael Gannon and president of the Royal Australian College of General Practitioners Bastian Seidel.

View the Original article

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s