Health Data stolen from National GP Network

Patient records including consultation notes, referral letters and pathology results have been stolen from general practices across five Australian states and territories, in a cyber attack on health services provider Partnered Health.

Partnered Health said it became aware on 23 June 2026 that a malicious actor had accessed some of its data. In a statement published on 15 July, the company confirmed personal information, including health information, was taken from some clinics in its network. The investigation into the full extent of the breach is ongoing.

The company has named 21 affected practices, spanning New South Wales, Victoria, Queensland, Western Australia and the ACT. They include Castle Hill Family Doctors, Mornington Family Doctors, Joondalup City Medical Group and North Canberra Family Practice.

Affected information may include names, dates of birth, addresses and contact details, Medicare numbers, private health insurance, Veteran Card and concession card numbers. It may also include medical information and treatment details recorded by GPs and other medical professionals, such as consultation notes and diagnostic results.

Injunction Obtained

Partnered Health has obtained an interim injunction from the Supreme Court of New South Wales ordering that the accessed data is not used or published. The tactic follows similar injunctions obtained by HWL Ebsworth and Medibank after their high-profile breaches and aims to limit further dissemination of stolen data.

The company has reported the incident to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and law enforcement. It engaged specialist cyber experts and says it took immediate steps to contain the incident.

"As a health services provider, we know our patients and our people trust us with personal and medical information and we sincerely apologise for any concern and inconvenience this may cause them," the company said. Updates are being published at www.partneredhealth.com.au/support.

Partnered Health is advising patients to be alert to suspicious emails, texts and calls, verify sender identities before responding, use strong unique passwords with multi-factor authentication, and monitor accounts for unusual activity. It points patients to www.scamwatch.gov.au for current scam trends.

The incident adds to a growing list of Australian healthcare sector breaches involving highly sensitive clinical records, following incidents at Medibank, MediSecure and Genea.

Business Solution