Optus cyber attack: What can hackers do with your Medicare number and should you be worried? | SBS News

Almost 15, 000 valid Medicare numbers were reportedly accessed through a massive Optus data breach, but Services Australia says this is not enough information for hackers to be able to access victims’ Medicare details.
When Optus first reported the breach on 22 September, it did not initially disclose the fact that Medicare numbers were among the sensitive details stolen by the cybercriminals.
On Wednesday, Health Minister Mark Butler said he was concerned by the delay in Optus telling the government about the Medicare data breach.
“All of this data is obviously of potential value to criminals, and that’s why consumers are rightly so concerned,” he told ABC radio.
“We were not notified, as I’m advised, that – among passport details, driver’s licence details and others – Medicare details had also been the subject of this breach, so we’re very concerned obviously about the loss of this data and working very hard to deal with the consequences of that, but particularly concerned that we were not notified earlier and consumers were not notified earlier about the breach of Medicare data as well.”
So what could somebody actually do with your Medicare number, and should you be concerned?

Here’s what we know.

Should you be concerned?

Services Australia is reassuring affected customers their Medicare details cannot be accessed by using just the Medicare card number.
Vanessa Teague is CEO of Thinking Cybersecurity, cryptographer, and associate professor at the Research School of Computer Science at the Australian National University.
She says it is difficult to determine whether or not cybercriminals would be able to access customers’ Medicare using other information obtained during the hack.
“The last time I checked, you needed not only the number and the expiry date and so forth on the card, but also the dates of birth of the other family members on that card,” she said.

“It doesn’t seem impossible that a family of four with two older kids with mobile phones might all have signed themselves up together, and it’s possible that for those families, all of that information might be in the leaked Optus data.”

“Different people are going to be concerned about different things, and different individuals…