If you have health insurance anywhere, or are a Medicare patient in Australia, your data are up for sale on the darknet

Paul Farrell reports:

A darknet trader is illegally selling the Medicare patient details of any Australian on request by “exploiting a vulnerability” in a government system, raising concerns that a health agency may be seriously compromised.

An investigation by Guardian Australia can reveal that a darknet vendor on a popular auction site for illegal products claims to have access to any Australian’s Medicare card details and can supply them on request.

The seller is using a Australian Department of Human Services logo to advertise their services, which they dub “the Medicare machine”.

Read more on The Guardian. And then if that doesn’t have you anxious enough, consider this:

Another darknet actor is offering a database allegedly from “a well known international blue chip Medical Insurance Company.” That database contains individuals from 122 countries with information on each person including:

MEMBER ID
REGISTRATION ID
GROUP ID
MEMBER NAME
STATUS
LAPSE SUSPEND DATE
LAPSE REASON
LAPSE EFFECT
NATIONALITY
BIRTH DATE
INTERMEDIARY ID
INTERMEDIARY NAME
INTERMEDIARY TYPE
PRODUCT ID
PRODUCT NAME
PRODUCT SUB TYPE
HOME FAX
HOME EMAIL
HOME MOBILE
HOME TELEPHONE
WORK FAX
WORK EMAIL
WORK MOBILE
WORK TELEPHONE

"stressed out" by Blake Anthony.

The seller claims that the data was obtained from the main severs of the unnamed international company and that pretty much anyone who has health insurance is in the database.

How many records in this database, you wonder? Well, the seller claims there are over 130,000 just for the U.K. alone, and that’s just one of 122 countries in the database. He actually claims more than 1 million individuals have records in the database.

Note that although I am including both of these incidents in the same post, I am not suggesting – and do not think that – they are related to the same individual or individuals. But I do think that their combined impact is a stark reminder that our health information and health insurance information are just not secure at all.

About the author: Dissent