What happened
Partnered Health, which operates a national network of general-practice clinics, disclosed on 15 July 2026 that a malicious actor accessed its systems and took personal information — including health information — from a number of clinics in its network. It discovered the access on 23 June 2026 [ph-disclosure]. At least 16 clinics were confirmed affected, with several more under investigation [acsm].
Data exposed
Per the provider’s disclosure, information taken may include names, dates of birth, addresses and contact details; Medicare numbers; private health insurance, DVA Veteran Card or concession card numbers; and, for some patients, clinical data [ph-disclosure]. The number of people affected has not been disclosed and is not estimated here.
Timeline
- 2026-06-23 — Partnered Health discovered unauthorised access [ph-disclosure].
- 2026-07 — Interim injunction obtained from the NSW Supreme Court [nsw-injunction].
- 2026-07-15 — Public disclosure; ACSC, OAIC and law enforcement notified [ph-disclosure].
Why it matters
Primary-care networks concentrate exactly the data attackers want — Medicare and insurance identifiers alongside clinical notes. Nothing here is asserted beyond the provider’s statement and the reporting.