The Federal Government's response to revelations that Medicare card details are being sold online has been labelled “contemptible”.

Nigel Phair, managing director of Centre for Internet Safety (CIS) at the University of Canberra has written to the Australian Senate Finance and Public Administration References Committee about the response from the Department of Human Services and its overseeing minister Alan Tudge to revelations made earlier this year.

“The messaging was confusing and often contemptible,” Mr Phair wrote (available here in PDF form).

“Unfortunately we are plagued by a culture at all levels of government to 'spin' the message, including events related to cybersecurity.

“There is nothing good to come from this in the long term.”

Mr Tudge confusingly attempted to downplay the technological aspects of the data leak in his responses in July.

“The advice that I've received from the chief information officer in my department is that there has not been a cybersecurity breach of our systems as such, but rather it is more likely to have been a traditional criminal activity,” he said at the time.

Mr Phair said language was critical when responding to information security incidents, but the messaging around the mass sale of Medicare details was so vague and inconsistent that it compounded concern.

“Until we reach a maturity where departmental and ministerial spokespersons are fully educated on cyber terminology; the broader online threat environment and its impact on public trust, safety and confidence; combined with a willingness to accept mistakes and inform citizens how they are being addressed then we will never move forward with full adoption of the My Health Record (and indeed many other government online service delivery projects),” he wrote.

An inquiry has been launched to review “any failures in security and data protection”, and look for any systemic issues in the Health Professional Online Services (HPOS) system.

The investigation currently titled “Circumstances in which Australians' personal Medicare information has been compromised and made available for sale illegally on the ‘dark web’” is due to report by September 30.