SYS::ONLINE
Wasteland.
Briefs1216
Issues19
SinceFeb 2026
LIVE
▣ Breach RACGP-MEDICAL-DATA 2026-07-16

Partnered Health: Medical Data Breach Across 21 GP Clinics

"Here is the complete intel brief article."

Here is the complete intel brief article.


title: "Partnered Health: Medical Data Breach Across 21 GP Clinics" date: 2026-07-16 slug: racgp-medical-data-breach


Partnered Health: Medical Data Breach Across 21 GP Clinics

The Royal Australian College of General Practitioners (RACGP) has confirmed a major cyberattack against Partnered Health, an operator of general practices and skin cancer clinics, in which patient and medical information was stolen. Partnered Health, which owns 57 clinics nationwide, disclosed that a malicious actor accessed its data on 23 June 2026, with at least 21 clinics across five states and territories confirmed impacted.

What Happened

Partnered Health became aware on 23 June 2026 that a malicious actor had accessed its data. The company operates 57 general practices and skin cancer clinics across Australia, and it has confirmed that at least 21 of those clinics were affected. The impacted sites span New South Wales, Victoria, Queensland, Western Australia, and the Australian Capital Territory.

The company said it took immediate steps to contain the incident, and its investigation into the full extent of the compromise is ongoing. Partnered Health has stated it does not yet know the complete scope of personal information that has been affected, and it has pledged to notify individual employees, patients, and doctors directly if their specific information is confirmed to have been exposed.

What Was Taken

The stolen data represents some of the most sensitive personal information a healthcare provider holds. According to Partnered Health, the information taken from some clinics includes:

The combination of government identifiers such as Medicare and veteran card numbers alongside detailed clinical records makes this breach unusually high risk. The exact volume of records has not yet been confirmed, as the investigation into the extent of the impact continues.

Why It Matters

Healthcare data is among the most valuable material on criminal markets because it cannot be reset like a password. Medicare numbers, concession card details, and diagnostic results are permanent, high value inputs for identity fraud, medical fraud, and targeted extortion. Patients whose consultation notes and pathology results are exposed face not only financial risk but also the prospect of highly personal medical details being leaked or used for blackmail.

This incident continues a sustained pattern of Australian healthcare and general practice networks being targeted. A multi state footprint means notification obligations, regulatory scrutiny under the Notifiable Data Breaches scheme, and patient trust impacts are all magnified. For a network of independent practices sharing common infrastructure, a single compromise cascades across dozens of sites at once.

The Attack Technique

Partnered Health has described the intrusion only as access by a malicious actor, and the specific initial access vector has not been publicly disclosed. No ransomware group or threat actor has been publicly attributed at the time of reporting, and it is not yet clear whether the compromise stemmed from credential theft, a vulnerable internet facing system, or a third party or shared platform used across the clinic network.

The shared infrastructure model common to multi practice operators is a likely factor in why 21 clinics across five jurisdictions were simultaneously affected. RACGP Practice Technology committee chair Dr Rob Hosking framed the attack as a reminder for GPs to review their own security posture, underscoring that the mechanism of compromise remains a live question for practices relying on centrally managed systems.

What Organizations Should Do

General practices and healthcare providers should treat this incident as a prompt to harden their environments now, not after a breach.

Sources: Medical information stolen in major cyberattack - RACGP

TWEET: Partnered Health breached: 21 GP clinics across 5 AU states hit, Medicare numbers, consult notes & pathology results stolen. Full breakdown: https://wasteland.me/intel/racgp-medical-data-breach #CyberSecurity #ThreatIntel