The federal government’s response to a Medicare data breach that led to patient details being sold on the dark web was “disappointing, confusing and often contemptible,” according to a former detective who headed the Australian federal police’s investigations into high-tech crime.
Nigel Phair, now an adjunct professor at the University of Canberra’s Centre for Internet Safety, told a Senate inquiry the government’s response to data breach concerns meant “less and less people will trust the government with their health details”.
A Guardian Australia investigation revealed in July that a darknet vendor on a popular auction site for illegal products was selling access to anyone’s Medicare card details. The seller used an Australian Department of Human Services logo to advertise what they called “the Medicare machine”.
In his submission to a Senate inquiry into the data breach, Phair criticised the responses of the Department of Health, including the health minister Greg Hunt, and the Department of Human Services, including human services minister Alan Tudge.
“Unfortunately we are plagued by a culture at all levels of government to ‘spin’ the message, including events related to cyber security,” his submission said.
“There is nothing good to come from this in the long term. Considered use of language to clearly communicate cyber security issues is critical, particularly in response to cyber incidents. Effectively communicating cyber security concepts can build confidence, provide assurance and convey opportunity.
“It can be the difference in whether management of a cyber incident, such as the one being investigated by the committee, is perceived as a success or failure.”