Insider Suspected in Australian Medicare Information Breach

Media Division | July 12, 2017

There are several different ways that a data breach can occur. It could be that a malicious outside had forcibly compromised systems or networks, unsecured online databases, or even an employee falling victim to a phishing attack that allows an attacker to get access. But, there is also another way that far too many organizations tend to neglect or not even think with, which is insider threats. This is when someone within the organization goes rogue and leaks information for some reason. This type of breach has become much more common in recent times, with some outside attackers even paying insiders large amounts of money to leak data. Of course, there are also insiders with malicious intent that leak information of their own will as well. Last week, there had been reports of “The Medicare Machine,” which was essentially large amounts of Australian Medicare numbers being leaked and posted for sale on the dark web. It is now suspected that this incident has resulted from an insider abusing their login capability.

The Chain of Events

According to reports, the vendor on the darknet has minimally sold around 75 Medicare card details since October 2016. The listing page appears to suggest that they may have been selling them prior to this date as well but had to change their data accessing method. The card details have been listed for 0.0089 bitcoin each, which is around $22. The information provided by the seller was verified as legitimate by a Guardian staff member who had requested their own information. According to the seller, they are exploiting a vulnerability which “has a much more solid foundation,” saying this will make it easier and faster for them, and they hope it will be there to stay. But, according to government officials, the leak is likely to be stemming from an insider with login abilities. They are currently reviewing an online portal called the Health Professionals Online Services (HPOS) system, which can be used by medical facilities and professionals to check the Medicare eligibility of those who did not bring their cards. It is frequently and heavily used, with a government release stating that it is accessed 45,000 times per day. This system was the subject of speculation as soon as the breach was announced, but with how small the breach has been, it does not seem to align with someone stealing millions of records from the system. But, the one insider theory seems to be backed by the government, as they have placed Professor Peter Shergold in charge of reviewing those with access to the system.

Mitigating an Incident With Data Breach Solutions

As data breaches continue to become more prominent, organizations will have to better fortify themselves in preparation. Not only do they need to have comprehensive security in place to ideally prevent breaches, but they should also have data breach solutions in place for the event of a successful breach. Many organizations do not know how to react when a breach occurs, which leaves them scrambling. There are many actions that need to be taken when a breach occurs, such as locating the source of the breach, patching the vulnerability, tracing a perpetrator, and notifying those affected. Being neglectful in any of these areas can result in much less mitigation and remediation of an incident. Some organizations may not have the resources to properly handle a breach, which means they may need to recruit outside help. Massive Alliance offers comprehensive data breach solutions that can help to fully address an incident.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.