Thousands of Australians can now add 'identity theft' to their list of health concerns after Partnered Health, one of the country's largest healthcare providers, confirmed a cyber-attack that spilled patient records like a poorly sealed prescription bottle.

The breach, which occurred on 23 June, affected 21 clinics across Sydney, Melbourne, and Canberra. The stolen data includes the usual headline-grabbers - names, addresses, dates of birth - plus the really fun stuff: Medicare numbers, private health insurance details, concession card info, and actual medical records, including consultation notes and pathology results. Because nothing says 'trust your doctor' like a stranger reading your test results.

Partnered Health, owned by private equity firm Quadrant, issued a statement acknowledging that 'personal information (including health information) was taken' and offered a sincere apology for 'any concern and inconvenience.' The company has reported the incident to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, and has sought an interim injunction from the NSW Supreme Court to prevent the data from being used or published - a move that assumes the hackers care about court orders.

This is the latest in a string of high-profile breaches Down Under. Bupa, which was in the process of acquiring Partnered Health, now gets to inherit this mess. Data breach notifications in Australia hit a record high in 2025, including a Qantas incident that compromised 5.7 million customers. The Office of the Australian Information Commissioner received 1,205 notifications in 2025, an 8% increase from 2024 - suggesting that either hackers are getting better, or companies are getting worse at protecting data. Or both.