Partnered Health Data Breach 2026:
What You Need to Know
Partnered Health, one of Australia's largest general-practice networks, was breached in June 2026, exposing patient data across 21 clinics. The stolen information reportedly includes Medicare numbers, health insurance details and sensitive medical records. Here is what happened, what was exposed, and the steps you can take to protect yourself.
Your personal risk from this breach
Sign in or create a free account to see your personalised risk score.
What Happened
How the Partnered Health Breach Unfolded
23 June 2026
Partnered Health became aware that a malicious actor had accessed some of its data. The company later engaged cybersecurity specialists and began investigating the scope of the incident.
Late June to July 2026
Partnered Health reported the incident to the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC) and law enforcement, and sought an interim injunction from the Supreme Court of NSW ordering that the accessed data not be used or published.
15 July 2026
Partnered Health notified patients by SMS that their information may have been exposed. The breach was disclosed publicly the same day, roughly 22 days after the company first became aware of the unauthorised access.
Twenty-one general practices across NSW, Victoria, Queensland, Western Australia and the ACT were caught up in the breach, with patients at 16 clinics reported as directly affected. The incident came days after UK healthcare group Bupa announced a $450 million acquisition of Partnered Health.
Source: SMBtech and Partnered Health
What Was Exposed
Personal and Health Data Exposed in the Breach
Partnered Health said the stolen information may include the categories below. Because this is a healthcare breach, much of the exposed data is sensitive informationunder Australia's Privacy Act, which carries stronger protections and a higher long-term risk than ordinary contact data.
| Data Type | Risk Level | Who Was Affected |
|---|---|---|
| Full name | High | Patients of affected Partnered Health clinics |
| Date of birth | High | Patients of affected Partnered Health clinics |
| Home address and contact details | High | Patients of affected Partnered Health clinics |
| Medicare number | High | Patients whose Medicare details were on file |
| Private health insurance details | High | Patients with private health cover recorded |
| Veteran (DVA) or concession card numbers | High | DVA and concession-card holders |
| Medical information and treatment records (consultation notes, referral letters, pathology and diagnostic results) | High | Patients whose records were held in the affected systems |
Risk levels based on the OAIC: What is personal information? guidance. Health information, Medicare numbers and treatment records are rated High because they are sensitive information under the Privacy Act 1988: they cannot be reissued once exposed, can be used to craft highly convincing health-themed scams, and (with name and date of birth) are commonly used to verify identity with government and health services.
Why health data is different
You can change a password or cancel a credit card. You cannot change your medical history, and a Medicare number is slow and inconvenient to replace. That makes a health-records breach a long-lived risk rather than a one-off event, so the protective steps below focus on ongoing vigilance as much as immediate action.
Company Response
What Partnered Health Did
“We became aware that a malicious actor accessed some of our data. We take the security and privacy of patient information very seriously.”
Actions Taken by Partnered Health
- Engaged cybersecurity specialists to investigate the incident
- Reported the breach to the Australian Cyber Security Centre (ACSC), the OAIC and law enforcement
- Sought an interim injunction from the Supreme Court of NSW to stop the accessed data being used or published
- Notified affected patients by SMS on 15 July 2026
What Now?
Steps You Can Take After the Partnered Health Breach
The exposed combination of name date of birth Medicare number and health records is a strong identity-fraud and scam ingredient. Here are general best-practice steps, organised by the areas most relevant to this breach.
Health and Medicare
Your Medicare and health-cover details were reportedly exposed. These carry long-term identity and privacy risks.
Contact Services Australia about your Medicare number
~15 minReview private health insurance and concession accounts
Email and Digital Identity
Your email is the key to your digital identity. Securing it is a sensible first step.
Strengthen email security
~5 minUnderstand your full account exposure
Identity Protection
Name, date of birth and a Medicare number together are commonly used in identity verification.
Consider a credit ban (especially with Medicare and date of birth exposed)
~20 minStay alert for targeted, health-themed phishing
Monitoring and Reporting
Australian resources for breach response and identity protection.
Check your exposure across breaches
Not sure which of your accounts are affected?
In The Event Of helps you find the accounts linked to your email and shows your breach exposure, so you can work through a clear, prioritised plan after an incident.
Are You Still at Risk?
The Hidden Danger: Compound Breach Exposure
The Partnered Health breach did not happen in isolation. If your data also appeared in other major Australian health breaches, the combination of leaked information can build a far more complete medical and identity profile.
How breach data compounds
On its own, the Partnered Health breach exposed Medicare numbers, health-cover details and medical records. But if your email also appeared in the Medibank, Genea or Australian Clinical Labs breaches, the combined data set may include health claims, pathology results and further Medicare details. This kind of compound exposure significantly increases the risk of identity fraud and health-themed scams.
- Medibank (2022)9.7M records - health claims, Medicare details
- Genea Fertility (2025)~940K records - IVF and medical records
- Australian Clinical Labs (2022)~223K records - pathology results, Medicare numbers
- Partnered Health (2026)Medicare, health insurance, medical and treatment records
If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.
Frequently Asked Questions
Partnered Health Breach FAQ
Sources
- Partnered Health: Recent Cyber Incident (official notice)
- SMBtech: "Partnered Health breach sees patient data stolen in cyberattack on 21 Australian medical clinics"
- EFTM: "Partnered Health data breach exposes patient records at family clinics"
- The Canberra Times: "Patient details exposed in medical centres cyberattack"
- OAIC: What is personal information? (Privacy Act 1988 categories)
- OAIC: Notifiable Data Breaches scheme
- Services Australia: Medicare
Other Major Australian Data Breaches
Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.
ACMI Data Breach 2026
~25,000 records exposed
Melbourne Film Festival Data Breach 2026
~26,782 records exposed
UWA Callista Student System Data Breach 2026
Undisclosed records exposed
University of Sydney Data Breach 2025
~27K records exposed
NYC Health + Hospitals Data Breach 2026
~1.8M records exposed
Australian Courts Data Breach 2026
Thousands of files records exposed
youX Data Breach 2026
~444K records exposed
Prosura Data Breach 2026
300K-500K records exposed
Canvas (Instructure) Data Breach 2026
~275M (claimed) records exposed
Booking.com Data Breach 2026
Undisclosed records exposed
McGraw Hill Data Breach 2026
13.5M records exposed
Crunchyroll Data Breach 2026
Undisclosed records exposed
Eurail Data Breach 2026
300K+ records exposed
Basic-Fit Data Breach 2026
1M records exposed
Under Armour Data Breach 2025
72M records exposed
Salesforce (ShinyHunters) Data Breach 2025
~1B records exposed
Allianz Life Data Breach 2025
2.8M records exposed
Workday Data Breach 2025
Undisclosed records exposed
Western Sydney University Data Breach 2025
10K records exposed
Genea Fertility Data Breach 2025
940K records exposed
DeepSeek Data Breach 2025
1M records exposed
Tangerine Telecom Data Breach 2024
232K records exposed
Australian Clinical Labs Data Breach 2022
223K records exposed
Qantas Data Breach 2025
5.7M records exposed
Optus Data Breach 2022
9.8M records exposed
Medibank Data Breach 2022
9.7M records exposed
Latitude Financial Data Breach 2023
14M records exposed
MyDeal (Woolworths) Data Breach 2022
2.2M records exposed
Guides to read next
In The Event Of is an Australian digital footprint manager that helps you find the accounts linked to your email, see your breach exposure, and work through a prioritised action plan. These guides walk through the steps:
Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. It is based on publicly available reporting at the time of writing. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Partnered Health. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.