The third quarter of 2017 kicked off with a super story from The Guardian's Paul Farrell, who revealed that he'd been able to buy his own Medicare number from a dodgy purveyor on the dark web. The yarn immediately spurred allegations that it would give other dodgy types access to the My Health Record, which it didn't, but it quickly became apparent that there was a breach of the Department of Human Services' systems somewhere along the line. The finger was then pointed at HPOS, which allows healthcare providers to search for patients' Medicare numbers.

The AMA told a subsequent quick-fire inquiry that while it wasn't downplaying the seriousness of the breach, it was warning against lumbering general practices with extra responsibility for security and recommended that DHS instead speed up the move to the Provider Digital Access (PRODA) system for authentication. This is exactly what the inquiry did, recommending an expeditious move from the current PKI certificates to PRODA. Meanwhile, the Australian Federal Police is still investigating.