Medicare Data Breach Australia: What You Need to Know

Medicare details have appeared in multiple Australian data breaches, and the consequences of health data exposure are among the most serious of any breach type. Here’s what happened, who’s affected, and what to do.

How Medicare Data Gets Exposed

Medicare information has been compromised through several channels:

Medibank Breach (2022)

The most significant health data breach in Australian history. The Russian REvil/RansomHub group stole 9.7 million records from Medibank Private including health claims, diagnoses, and Medicare card numbers. They later published sensitive health data — including mental health, drug, and alcohol treatment records — on the dark web after Medibank refused to pay ransom.

MediSecure Breach (2024)

The electronic prescription service MediSecure was breached in 2024, exposing approximately 12.9 million Australians’ prescription data including Medicare numbers and medication details.

Other Sources

Medicare card numbers also appeared in the Optus breach for some customers, and have been found in various smaller healthcare provider breaches over the years.

What Can Someone Do With My Medicare Details?

• Identity fraud: Medicare number + name + DOB can be used to verify identity in many contexts
• Medicare fraud: Claiming Medicare benefits under your number
• Health insurance fraud: Making claims on your private health insurance
• Targeted scams: Calls claiming to be Services Australia or Medicare using your details
• Prescription fraud: In serious cases, exploiting prescription data

What to Do If Your Medicare Data Was Exposed

Request a new Medicare card number

Call Services Australia on 132 011 or visit myGov and request a replacement Medicare card. This gives you a new number, making the stolen one useless for most fraud purposes.

Check your Medicare claims history

Log into myGov → Medicare → Check recent claims for any services you didn’t receive. Report any suspicious claims to Services Australia immediately.

Alert your private health insurer

If you have private health insurance, contact your insurer to flag potential misuse and review your recent claims history.

Be alert to Medicare scams

Services Australia will never call you asking for your Medicare card number or bank details. If you receive such a call, hang up and report it to Scamwatch.

The Privacy Implications of Health Data

Health data is the most sensitive category under Australian privacy law. The Privacy Act 1988 provides additional protections for health information, and health service providers face stricter obligations than other organisations.

If your health data was exposed in the Medibank breach, you may have grounds for a compensation claim. Maurice Blackburn is running a class action — visit mauriceblackburn.com.au for details.

Check Your Full Exposure

Start with a free breach check to see all services where your data has appeared: Check your email now →

For a comprehensive personal audit including health data exposure assessment: DataGuard Personal Audit — $99 →