TechHR
ex
L&D
UNPLUGGED
Sphere
About Us • Contact Us
People Matters ANZ
People Matters Logo
Login / Signup
People Matters Logo
Login / Signup
  • Current
  • Top Stories
  • News
  • Magazine
  • Research
  • Events
  • Videos
  • Webinars
  • Podcast

© Copyright People Matters Media Pte. Ltd. All Rights Reserved.

 

 

  • HotTopic
    HR Folk Talk FutureProofHR
  • Strategy
    Leadership Csuite StrategicHR EmployeeRelations BigInterview
  • Recruitment
    Employer Branding Appointments Permanent Hiring Recruitment
  • Performance
    Skilling PerformanceMgmt Compensation Benefits L&D Employee Engagement
  • Culture
    Culture Life@Work Diversity Watercooler SheMatters
  • Tech
    Technology HR Technology Funding & Investment Startups Metaverse
  • About Us
  • Advertise with us
  • Become a sponsor
  • Contact Us
  • Feedback
  • Write For Us

Follow us:

Privacy Policy • Terms of Use

© Copyright People Matters Media Pte. Ltd. All Rights Reserved.

People Matters Logo
  • Current
  • Top Stories
  • News
  • Magazine
  • Research
  • Events
  • Videos
  • Webinars
  • Podcast
Login / Signup

Categories:

  • HotTopic
    HR Folk Talk FutureProofHR
  • Strategy
    Leadership Csuite StrategicHR EmployeeRelations BigInterview
  • Recruitment
    Employer Branding Appointments Permanent Hiring Recruitment
  • Performance
    Skilling PerformanceMgmt Compensation Benefits L&D Employee Engagement
  • Culture
    Culture Life@Work Diversity Watercooler SheMatters
  • Tech
    Technology HR Technology Funding & Investment Startups Metaverse
I’ve given out my Medicare number. How worried should I be about the latest Optus data breach?

Story • 3rd Oct 2022 • 3 Min Read

I’ve given out my Medicare number. How worried should I be about the latest Optus data breach?

Technology

Author: Bruce Baer Arnold Bruce Baer Arnold
1.7K Reads
The Optus data breach provides criminals with a set of identifiers that can be used for a range of identity crimes, such as impersonating someone else.

Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach.

Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers.

But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data.

Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next.

What’s the big deal?

Your Medicare number gives you access to subsidised services across Australia’s health system. Most Australians have a number, whether or not they use these services.

Your Medicare card (as a plastic card or digitally, on your phone) is an official identifier. So alongside a driver’s licence, tax file number, birth certificate and passport, it can also be used as “proof of identity”. You may have supplied your Medicare number when opening a bank account, or signing up for a phone plan.

The idea is to minimise the chance people are using fake identities to wrongfully gain benefits from governments and business, including taking part in criminal activities such as money laundering.

Businesses and agencies are not meant to match your Medicare number with other data (eroding your privacy) other than in exceptional circumstances.

But they commonly accept sight of the physical/digital card bearing the number as proof of who you claim to be and risk data breaches by retaining copies of what they saw. Optus was such a business.

What should happen to protect your Medicare number?

In theory, your Medicare number is protected by a number of different types of legislation – both national and at the state/territory level.

There are privacy laws. These are meant to prevent businesses and government agencies from unauthorised use of Medicare and other official identifiers for profiling people. These laws are also meant to prevent undisclosed sharing with other entities, such as individuals or businesses.

Then there are cybersecurity and other criminal laws. These also aim to prevent unauthorised access, sale and sharing of your Medicare number and other data (known as metadata) stored by telecommunication providers.

Has this happened before?

Medicare numbers have been breached before, in 2017. An official inquiry noted trade in stolen Medicare numbers on the dark web.

The 2017 breach was apparently much larger, but the Optus numbers may grow as the investigation continues.

Experts have also raised concern about the government’s authorised release in 2016 of apparently de-identified health data. In fact, patient details could be identified, using a number of simple steps.

These two earlier examples should have meant both health agencies and businesses have taken extra care about their obligations to safeguard health data.

What if your Medicare number has been exposed?

Unauthorised use of a Medicare number doesn’t necessarily result in large-scale identity crime.

For instance, Minister for Government Services Bill Shorten has said a Medicare number alone cannot unlock access to someone’s myGov account (and therefore access to someone’s welfare or tax details).

However, the Optus data breach – and future data breaches in the public and private sector – does provide Australian and overseas criminals with a set of identifiers (including passport and driver’s licence numbers), that can be used for a range of identity crimes, such as impersonating someone else.

Optus is advising affected customers to replace their Medicare card, at no cost, via their Medicare online account at myGov, the Express Plus Medicare mobile app, or by calling Medicare on 132 011.

Further details are available via Services Australia.

What else needs to happen?

As with many data breaches, details about what happened at Optus, how and who is affected are only slowly trickling out.

The Office of the Australian Information Commission – the national privacy regulator – needs to run a rigorous and detailed investigation and release its findings publicly.

This needs to be accompanied by a hard-hitting independent inquiry of what happened at Optus. This requires IT expertise, which the Office of the Australian Information Commission may not have. Such an inquiry would also demonstrate Optus’ commitment to learn from any failures.

As we have seen before, businesses and government agencies cannot assume a data breach “won’t happen to them”. We need to find out what happened at Optus to ensure the future privacy of some of our most personal data.The Conversation

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Read More

Did you find this article helpful?


You Might Also Like

ChatGPT Walks It Back — AI Giants Race Ahead

STORY • 7th May 2025 • 4 Min Read

ChatGPT Walks It Back — AI Giants Race Ahead

Technology#Artificial Intelligence
Did Microsoft's leadership let Skype crumble?

STORY • 6th May 2025 • 3 Min Read

Did Microsoft's leadership let Skype crumble?

LeadershipTechnologyBusiness#HRTech#HRCommunity
Mastering generative AI in the modern workplace

STORY • 6th May 2025 • 4 Min Read

Mastering generative AI in the modern workplace

Technology#Artificial Intelligence
NEXT STORY: If you think scrapping COVID isolation periods will get us back to work and past the pandemic, think again

Trending Stories

  • design-thinking-hr

    Skype is dead: Did Microsoft's leadership let a billion-doll...

  • design-thinking-hr

    Keeping the C-suite in the C-suite - how do we reduce execut...

  • design-thinking-hr

    Return to office: the legalities

  • design-thinking-hr

    The trust factor: Why modern leaders can’t afford to overl...

People Matters Logo

Follow us:

Join our mailing list:

By clicking “Subscribe” button above, you are accepting our Terms & Conditions and Privacy Policy.

Company:

  • About Us
  • Advertise with us
  • Become a sponsor
  • Privacy Policy
  • Terms of Use

Contact:

  • Contact Us
  • Feedback
  • Write For Us

© Copyright People Matters Media Pte. Ltd. All Rights Reserved.

Get the latest Articles, Insight, News & Trends from the world of Talent & Work. Subscribe now!
People Matters Logo

Welcome Back!

or

Enter your registered email address to login

Not a user yet? Lets get you signed up!

A 5 digit OTP has been sent to your email address.

This is so we know it's you. Haven't received it yet? Resend the email or then change your email ID.

People Matters Logo

Welcome! Let's get you signed up...

Starting with the absolulte basics.

Already a user? Go ahead and login!

A 5 digit OTP has been sent to your email address.

This is so we know it's you. Haven't received it yet? Resend the email or then change your email ID.

Let's get to know you better

We'll never share your details with anyone, pinky swear.

And lastly...

Your official designation and company name.