The Partnered Health cyberattack has exposed sensitive patient information across multiple Australian clinics, raising fresh concerns about healthcare cybersecurity.

The Partnered Health data breach, involving clinics owned by healthcare provider Partnered Health, a company backed by Quadrant, affected facilities in New South Wales, Victoria, Queensland, Western Australia, and the ACT.

The incident has also renewed scrutiny of the growing number of cyberattacks targeting Australia’s healthcare sector.

Partnered Health Data Breach Impacted Medical and Personal Information 

Partnered Health confirmed that a malicious actor accessed its systems on 23 June, compromising data from 21 clinics across cities, including Sydney, Melbourne, and Canberra. The healthcare provider disclosed the breach more than three weeks later, informing patients that investigations had confirmed personal and health information had been taken from some clinics within its network.

“Our investigations to date have confirmed that personal information (including health information) was taken from some of the clinics in our network,” the company said. It added, “As a health services provider, we know our patients and our people trust us with personal and medical information, and we sincerely apologise for any concern and inconvenience this may cause them.”

The stolen information includes names, dates of birth, addresses, contact details, Medicare information, private health insurance details, concession card information, consultation notes, referral letters, pathology reports, diagnostic results, and other treatment records maintained by general practitioners.

Investigation into the Partnered Health Cyberattack Continues 

Partnered Health said the cyberattack has been reported to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and law enforcement authorities. The company has also secured an interim injunction from the NSW Supreme Court preventing the stolen information from being used or published.

While investigations remain ongoing, the provider said the extent of the breach is still being determined at five clinics, including three in Western Australia and two in Victoria.

“While there is no direct evidence that patient records have been viewed, as a precaution we have written to patients from these clinics to make them aware of this and provide details of steps that can be taken to protect their information,” a Partnered Health spokesperson said. The spokesperson added, “We understand that this sort of news can cause concern. We sincerely apologize for any distress this may have caused our patients.”

Quadrant-backed Healthcare Provider Faces Growing Scrutiny 

Established in 2013, Partnered Health operates more than 60 medical centres, along with skin cancer, allied health, and mental health clinics, providing services to more than 5 million people nationwide. The company is owned by Quadrant, while Bupa announced in June that it would acquire the healthcare provider.

The Partnered Health data breach comes amid a record year for cybersecurity incidents in Australia. According to the Office of the Australian Information Commissioner, 1,205 data breach notifications were recorded in 2025, marking an 8% increase compared with 2024. Among the year’s largest incidents was the cyberattack on Qantas, which compromised the information of 5.7 million customers and was reportedly leaked on the dark web.

A spokesperson for the Department of Home Affairs said the federal government is aware of the Partnered Health cyberattack and confirmed that relevant agencies are engaged as investigations continue. Authorities have not yet disclosed how many patients were affected or the full scope of the stolen data.

Leave a Reply