Medicare

Medicare is the Australian Government's national health insurance scheme, administering the Medicare Benefits Schedule which provides subsidised access to medical services for eligible Australian residents and some overseas visitors. Its core function involves processing claims for consultations, procedures, and diagnostic services, managing the distribution of Medicare cards as key identifiers for accessing the system, and safeguarding the extensive personal and health information collected through these transactions. The scheme represents a fundamental component of Australia's public health infrastructure, serving a significant portion of the population and operating under the legislative framework of the Health Insurance Act 1973. A defining attribute of Medicare is its role as a centralised repository for sensitive patient data, making it a high-value target for cybercrime, as evidenced by a major incident in 2016. This incident underscores the critical regulatory and operational responsibility the organisation holds in protecting national health information from exploitation for identity fraud and financial crime.

In October 2016, a darknet vendor exploited a security vulnerability within a government system to gain unauthorised, real-time access to Medicare patient records. The vendor advertised this illegal access service as 'the Medicare machine' on darknet markets, offering to retrieve the personal details of any Australian. The breach was verified by a media outlet which successfully tested the service, confirming the vendor could provide accurate, current information. The vendor had already sold the data of at least 75 individuals, with the information used to commit identity fraud, including the creation of counterfeit Medicare cards for financial crimes. Authorities investigating the breach indicated the vendor's claims of leveraging a security flaw were credible and raised concerns about potential involvement by organised crime groups utilising darknet platforms to avoid detection. The incident posed significant risks to the integrity of the health system and the personal security of citizens, highlighting the persistent threat to government-held health data.