For sale: any Australian's full health record for a mere $22


A hacker who appears to have ongoing, continuous access to Australia's electronic health care records is selling access to any full record for 0.0089 bitcoin, or about USD22.


The records are for sale through a darknet auction site, and the seller promises that they will soon offer bulk access. All that's needed to retrieve a record is first and last name and date of birth. The Guardian confirmed the authenticity of the records by paying for a reporter's own e-health file.

Giant databases of sensitive information are very tempting targets. The Australian health record contains lots of potentially compromising and profitable information, including everything needed to commit several kinds of identity theft.

Donald Trump has proposed to aggregate a similar database through his voting suppression efforts (he describes this as an "election integrity commission"). 44 states have declined to deliver all the data Trump requested. Trump owe his own election to leaks and hacks, and this incident highlights the kinds of outcomes we can expect to see when enormous quantities of potentially explosive data is aggregated and stored — it's the equivalent of refining harmless uranium ore into immortal, lethal plutonium and then praying that none of that stuff leaks.


A spokeswoman for the Department of Human Services said the agency was working with other government security agencies to investigate the sale of Medicare records.

“The department does not comment on cyber operations, however will confirm that investigations into activities on the dark web continually occur,” she said.

“The department takes the security of personal data extremely seriously. Thorough investigations are conducted whenever claims such as this are made.”

“The department takes every precaution to protect the sensitive information of Australians, and to safeguard the payments we make on behalf of the Australian government.”

A spokesman for the Australian federal police said the agency would not comment on whether it was investigating the matter.


The Medicare machine: patient details of 'any Australian' for sale on darknet
[Paul Farrell/The Guardian]