Australia's largest healthcare provider has suffered a devastating cyber-attack, leaving thousands of patients vulnerable to identity theft and medical data misuse. Partnered Health, which operates 60 clinics across major cities like Sydney, Melbourne, and Canberra, has confirmed that a "malicious actor" accessed sensitive patient information on 23 June.
The stolen data includes highly personal details such as names, dates of birth, addresses, and contact information, as well as Medicare, private health insurance, and concession card numbers. Furthermore, the breach has compromised detailed medical records, including consultation notes, referral letters, and diagnostic results. Partnered Health has issued a public apology, acknowledging the significant concern and inconvenience caused to patients and staff.
In response to the attack, Partnered Health has promptly notified key Australian authorities, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and law enforcement agencies. The healthcare group has also sought an interim injunction from the Supreme Court of New South Wales to prevent the use or publication of the illegally accessed data.
The incident highlights the escalating concern over data breaches worldwide, including in the UK. Australia's Office of the Australian Information Commissioner reported a record 1,205 data breach notifications in 2025, an eight per cent increase from 2024. Past incidents, such as the cyber-attack on Qantas affecting 5.7 million customers, demonstrate the need for robust cybersecurity measures and continuous vigilance.
The breach raises critical questions about the security of digital health record systems and the protection of patient privacy in an increasingly digitised healthcare landscape. For British readers, this incident serves as a stark reminder that cyber threats are not confined to domestic borders and that international cooperation is essential in mitigating these risks.