[LINK] MyHealthRecord opt-out Site
Bernard Robertson-Dunn
brd at iimetro.com.au
Mon Apr 4 11:50:38 AEST 2016
On 4/04/2016 11:33 AM, Hamish Moffatt wrote:
> On 04/04/16 11:12, Bernard Robertson-Dunn wrote:
>> If you wish to opt-out of the MyHealthRecord trials you can go to
>> this site.
>> http://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
>>
>> A few clicks takes you to a page where you can fill in identity details
>>
>> That page asks for name, date of birth and Medicare number and one of
>> driver licence number
>> passport number
>> or immicard number
>>
>> Would someone please confirm that all this is being done in the clear?
>> i.e. it's not https
>>
>
> It works on https too though.
>
> https://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
>
>
> So the test is, how did you get to that link in the first place?
> Perhaps this isn't actually much of an issue.
I clicked on the link on the myhealthrecord.gov.au website. The official
one that many people will use.
The link is www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
Here's a screen grab. You can see the link at the bottom.
https://www.privacy.org.au/Campaigns/MyHR/MyHR_opt-out3.jpg
It's an obviously simple link mistake, but really it shouldn't be
possible to even get at a non https version
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
email: brd at iimetro.com.au
web: www.drbrd.com
web: www.problemsfirst.com
Blog: www.problemsfirst.com/blog
More information about the Link
mailing list