Turnbull gov't declares Medicare security review

computer data — A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. Reuters/Kacper Pempel

The Turnbull government has declared a review on the security of the online Medicare system. How doctors access Medicare numbers will also be reviewed following reports of a darknet trader that illegally sells patient details on request.

Health Minister Greg Hunt and Human Services Minister Alan Tudge announced the inquiry on Monday. They have issued a joint statement, saying Medicare numbers and cards have always been targets of crooks.

“This review will identify options to improve the security of Medicare numbers while continuing to support the accessibility of medical care,” the joint statement reads. The ministers recognised the system must be convenient and secure at the same time.

“The review team will examine this balance to determine its adequacy in today’s context,” Hunt and Tudge said. The operation of the Health Professionals Online Services (HPOS) web portal is the issue at hand. Doctors, hospital staff and health clinics use it to access Medicare numbers.

The review will be lead by former head of the Department of Prime Minister and Cabinet Peter Shergold. Shergold will perform the review with Australian Medical Association president Michael Gannon. Royal Australian College of General Practitioners president Bastian Seidel will also participate in the inquiry.

The government said health professionals utilise the HPOS web portal at least 45,000 times per day. It can be accessed via a secure online system or over the phone to check the details of patients who have not brought their Medicare card with them.

The review will focus on what identifying information must be asked to access Medicare treatments, the security controls in place and “any other identified area of potential weakness.” It will also make recommendations “for immediate practical improvements to the security of Medicare numbers while continuing to ensure people have access to the health care they need in a timely manner.”

Last week, Guardian Australia reported that a darknet trader was offering personal details of Medicare patients by “exploiting a vulnerability” in a government system. The report has raised concerns that the health agency could be seriously compromised.

The illegal operation was believed to be going on since October last year. The seller seemed to have sold the Medicare information of up to 75 Australians.

Thousands of doctors and other providers can obtain access to Medicare numbers through an online portal. Over 200,000 health professionals and administrators across Australia have access to Medicare card details. Last year, there were 209,307 users able to access HPOS.

$223 million satellite station to enhance Australia’s border protection