Data Breach Exposes Patient Information Across GP Network
Synopsis
One of Australia's largest primary healthcare providers has confirmed a cyber incident affecting patient records at multiple clinics.
Australia's GP network that leaked patients' personal details at numerous medical practices has seen authorities, cyber security experts and regulators engaged in its response.
Partnered Health has confirmed it had been compromised by unauthorised access to its systems on 23 June, and investigations showed the data was copied from several clinics before it was contained.
A total of 21 clinics are in the process of being reviewed after 16 clinics were confirmed as affected, the provider said. It has 57 general practice clinics and skin cancer clinics throughout Australia.
Patient Records Among Stolen Information
The GP network data breach may have exposed patient names, dates of birth, residential addresses, phone numbers, email addresses, Medicare numbers, private health insurance details and medical records.
Consultation notes, referral letters, pathology reports and diagnostic results may also have been consulted.
Partnered Health has started to reach out to impacted patients themselves and has hired third-party cyber security experts to find out how widespread the incident is. It has also informed the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and the law enforcement agencies.
Healthcare Sector Faces Growing Cyber Risk
The provider has secured an interim injunction from NSW Supreme Court to stop the stolen information from being accessed, shared or published. Services Australia is keeping an eye out for any misuse of Medicare data and cautioned that it is not possible to access Medicare records using a Medicare number.
The GP network data breach follows the continued reports of healthcare organisations having the largest number of cyber related privacy incidents in Australia.
In 2025, the Office of the Australian Information Commissioner (OAIC) received 1,205 eligible data breach notifications, the largest number reported over the past seven years since the mandatory reporting of data breaches commenced in 2018. Healthcare was the leading industry with 225 notifications, which is 19% of all reported notifications.
The trend is reflected internationally. In the IBM's Cost of a Data Breach Report 2025, healthcare continued to be the world's most costly industry for data breaches for the 14th year in a row, at an average cost of US$7.42 million, surpassing the worldwide average of US$4.44 million.
Bupa is currently bidding for Partnered Health. Bupa stated that the acquisition would not have an impact on its technology systems, as both organisations operate in separate systems, and the acquisition is expected to be completed on 5 March.
Source: Information Age
Pooja Malik is a business journalist with over six years of experience covering startups, entrepreneurship, and emerging trends. She has previously worked with leading media platforms such as YourStory Media and BW BusinessWorld, where she reported on business, policy, and market developments. Currently, she serves as Editor at The Inspirepreneur Magazine, where she writes and edits stories across business, lifestyle, and travel, with a focus on clarity, accuracy, and reader relevance.
You Might Also Like
$16 Billion Suddenly Disappeared from Australian Bank Accounts
Career Loyalty in the Modern Workplace: To Whom Do You Owe Your Allegiance?