Medicare Fraud in Australia — How Your Medicare Number Is Being Misused

Medicare number theft is a growing and underappreciated problem in Australia. Following multiple large-scale data breaches — particularly Medibank and the various healthcare provider breaches that followed — millions of Australian Medicare numbers are circulating on criminal markets. A stolen Medicare number enables fraudulent benefit claims, access to prescription medications, and as part of a broader identity fraud package, significant financial crime.

How Medicare Details Are Stolen

The most common routes are data breaches from healthcare providers — as occurred with Medibank, which exposed Medicare details for 9.7 million Australians. Phishing attacks impersonating Services Australia or the Medicare website, which capture login credentials that include linked Medicare information. Physical theft of Medicare cards, which are still widely carried in wallets. And as part of broader myGov credential theft, which provides access to all linked government services including Medicare.

What Criminals Do With a Stolen Medicare Number

A Medicare number can be used to fraudulently claim Medicare benefits for services not rendered — services are claimed in the victim's name by criminals with access to provider systems. Prescription medication fraud — using Medicare details to access subsidised medications under the Pharmaceutical Benefits Scheme. As part of a comprehensive identity package that enables broader financial fraud. And to access and modify your myGov-linked health records, which can be valuable for insurance fraud.

How to Check If Your Medicare Has Been Misused

Log in to myGov and access your Medicare account through the linked services. Review your Medicare claims history — you can see a complete list of claims made in your name with dates, providers, and service types. Any claim from a provider you do not recognise, for a date when you did not receive treatment, may indicate fraud. Contact Services Australia on 1800 175 555 to report suspected Medicare fraud — they take these reports seriously and can investigate and block fraudulent claims.

How to Protect Your Medicare Details

Do not share your Medicare card number or card expiry date unless there is a clear, verified reason — a healthcare provider at the point of service, your health insurer, or a genuine government portal. Never respond to any email or SMS claiming to be from Medicare or Services Australia that asks you to click a link — access your Medicare account directly through myGov by typing my.gov.au yourself. Enable MFA on your myGov account. And consider leaving your physical Medicare card at home unless you are attending a healthcare appointment — the digital card in the Medicare app is more secure and cannot be physically stolen.

Reporting Medicare Fraud

If you identify fraudulent Medicare claims in your name, report them immediately to Services Australia on 1800 175 555. Services Australia investigates Medicare fraud seriously and has the ability to block fraudulent providers and reverse fraudulent claims. You will need to provide your Medicare card number, the dates of the claims you do not recognise, and any other relevant details. Keep a record of all your interactions with Services Australia throughout this process.

Replacement Medicare Cards

If you believe your Medicare card details have been compromised — particularly if your card number appeared in a data breach — you can request a replacement Medicare card with a new number through myGov. Linked health fund accounts and providers that have your current Medicare number will need to be updated, but this is a worthwhile step if your details have been specifically exposed. Protect your new number carefully — store your physical card securely and use the digital card in the Medicare app at health appointments rather than carrying the physical card. IntrusionX can help you understand and implement the broader digital security measures that protect all your government service accounts — contact us for a consultation.