Partnered Health Confirms Data Breach Affecting Patients Across 21 Clinics
Australian healthcare provider Partnered Health has confirmed a significant cyberattack involving the unauthorized access of personal and medical information. According to official company statements, the breach occurred on June 23 and impacted 21 clinics across Sydney, Melbourne, and Canberra. The incident has prompted investigations by the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
Scope of Stolen Patient Information
The unauthorized access by a “malicious actor” resulted in the theft of sensitive data from multiple clinics within the Partnered Health network. The company confirmed that compromised information includes:
- Personal Identifiers: Names, dates of birth, addresses, and contact details.
- Government and Insurance Records: Medicare, private health insurance and concession card details.
- Clinical Records: Consultation notes, referral letters, and pathology or diagnostic results.
Partnered Health, which operates more than 60 medical centres nationwide, has sought an interim injunction from the Supreme Court of NSW to prevent the further use or publication of the stolen data.
Regulatory Response and Cyber Security Trends
The breach has been reported to law enforcement and relevant privacy regulators, including the Office of the Australian Information Commissioner (OAIC). This incident occurs against a backdrop of rising cyber threats. Data from the OAIC shows that 1,205 data breach notifications were received during the 2025 calendar year, marking an eight percent increase from 2024.
Recent high-profile incidents in Australia have underscored the vulnerability of large-scale data holders. For instance, a separate cyberattack on Qantas previously compromised the details of 5.7 million customers, with the stolen information reportedly surfacing on the dark web.
Impact on Patients and Ongoing Investigations
Partnered Health has issued an apology to those affected, acknowledging the breach of trust regarding the handling of medical records. The organization continues to cooperate with the Australian Cyber Security Centre to determine the full extent of the intrusion and to mitigate further risks to patient privacy.
While Partnered Health is currently in the process of being acquired by the health insurer Bupa, the company maintains that the breach investigation remains a priority for its current management team.
Related reading