Cyber Incident Victim: Partnered Health
Date:
Jun 2026
Location:
Australia
Summary
Partnered Health said a malicious actor accessed its network recently, compromising personal and medical information from 21 clinics across Australia. The breach exposed consultation notes, referral letters, pathology results, Medicare details, names, contact information, addresses and private health insurance data. The provider reported the incident to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and police, and obtained an interim injunction preventing use of the stolen data. Affected practices span New South Wales, Victoria, Queensland, Western Australia and the Australian Capital Territory.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Partnered Health, an Australian healthcare provider, disclosed on July 15 2026 that it became aware on June 23 2026 that a malicious actor had gained unauthorized access to its data networks. The breach affected 21 general practice clinics spread across New South Wales, Victoria, Queensland, Western Australia Australian Capital Territory and other jurisdictions. The organization said the intrusion compromised personal medical records held at those clinics, noting that the compromised information could include a range of health‑related data. Partnered Health stated that the incident was identified through its internal monitoring systems and that it promptly initiated an internal investigation.

The data that may have been exfiltrated includes consultation notes, referral letters, pathology or diagnostic results, and Medicare information, as well as patients’ names, contact details, residential addresses and private health insurance information. Partnered Health reported the breach to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and to state police forces as required by law. In its public statement the organization said that investigations to date have confirmed that personal information, including health information, was taken from some of the clinics in its network. It expressed sincere apology for any concern and inconvenience the breach may cause patients and urged recipients to remain vigilant against suspicious communications that might reference their medical records to appear credible.
The organization listed the specific clinics affected as Blackburn Road Medical Centre, Broadway General Practice, Bundall Medical Centre, Cardiff Medical Centre & Skin Cancer Clinic, Castle Hill Family Doctors, Champion Drive Medical Centre, Chancellor Park Family Medical Practice, Dromana Family Doctors, Dural Medical Centre, Joondalup City Medical Group, Kealba Family Practice, Mornington Family Doctors, Noosaville Seven Day Medical Centre, North Canberra Family Practice, Park Beach Family Practice, Park Orchards Family Practice, Rockingham City Family Practice, Sans Souci Medical Practice, Templestowe District Medical Centre, Wentworth Avenue Family Practice and Wyong Family Practice. To prevent further misuse Partnered Health obtained an interim injunction from the Supreme Court of New South Wales ordering that the accessed data must not be used or published. Partnered Health said it continues to investigate the full extent of the impact and is directly communicating with patients from the impacted clinics to provide updates and support.
