P

Partnered Health Data Breach 2026:
What You Need to Know

Partnered Health, one of Australia's largest general-practice networks, was breached in June 2026, exposing patient data across 21 clinics. The stolen information reportedly includes Medicare numbers, health insurance details and sensitive medical records. Here is what happened, what was exposed, and the steps you can take to protect yourself.

Aware:23 June 2026
Clinics affected:21 (16 directly)
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the Partnered Health Breach Unfolded

23 June 2026

Partnered Health became aware that a malicious actor had accessed some of its data. The company later engaged cybersecurity specialists and began investigating the scope of the incident.

Late June to July 2026

Partnered Health reported the incident to the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC) and law enforcement, and sought an interim injunction from the Supreme Court of NSW ordering that the accessed data not be used or published.

15 July 2026

Partnered Health notified patients by SMS that their information may have been exposed. The breach was disclosed publicly the same day, roughly 22 days after the company first became aware of the unauthorised access.

Twenty-one general practices across NSW, Victoria, Queensland, Western Australia and the ACT were caught up in the breach, with patients at 16 clinics reported as directly affected. The incident came days after UK healthcare group Bupa announced a $450 million acquisition of Partnered Health.

Source: SMBtech and Partnered Health

What Was Exposed

Personal and Health Data Exposed in the Breach

Partnered Health said the stolen information may include the categories below. Because this is a healthcare breach, much of the exposed data is sensitive informationunder Australia's Privacy Act, which carries stronger protections and a higher long-term risk than ordinary contact data.

Data TypeRisk LevelWho Was Affected
Full nameHighPatients of affected Partnered Health clinics
Date of birthHighPatients of affected Partnered Health clinics
Home address and contact detailsHighPatients of affected Partnered Health clinics
Medicare numberHighPatients whose Medicare details were on file
Private health insurance detailsHighPatients with private health cover recorded
Veteran (DVA) or concession card numbersHighDVA and concession-card holders
Medical information and treatment records (consultation notes, referral letters, pathology and diagnostic results)HighPatients whose records were held in the affected systems

Risk levels based on the OAIC: What is personal information? guidance. Health information, Medicare numbers and treatment records are rated High because they are sensitive information under the Privacy Act 1988: they cannot be reissued once exposed, can be used to craft highly convincing health-themed scams, and (with name and date of birth) are commonly used to verify identity with government and health services.

Why health data is different

You can change a password or cancel a credit card. You cannot change your medical history, and a Medicare number is slow and inconvenient to replace. That makes a health-records breach a long-lived risk rather than a one-off event, so the protective steps below focus on ongoing vigilance as much as immediate action.

Company Response

What Partnered Health Did

“We became aware that a malicious actor accessed some of our data. We take the security and privacy of patient information very seriously.”
Partnered Health statement (as reported)

Actions Taken by Partnered Health

  • Engaged cybersecurity specialists to investigate the incident
  • Reported the breach to the Australian Cyber Security Centre (ACSC), the OAIC and law enforcement
  • Sought an interim injunction from the Supreme Court of NSW to stop the accessed data being used or published
  • Notified affected patients by SMS on 15 July 2026

What Now?

Steps You Can Take After the Partnered Health Breach

The exposed combination of name date of birth Medicare number and health records is a strong identity-fraud and scam ingredient. Here are general best-practice steps, organised by the areas most relevant to this breach.

Health and Medicare

Your Medicare and health-cover details were reportedly exposed. These carry long-term identity and privacy risks.

Contact Services Australia about your Medicare number

~15 min
If your Medicare number was included, it is worth contacting Services Australia to discuss protections. A replacement Medicare card with a new number can be issued where there is a risk of misuse.
Services Australia: Medicare

Review private health insurance and concession accounts

If your private health insurance, Veteran (DVA) card or concession card details were exposed, review those accounts for unexpected activity and contact the relevant provider if anything looks wrong. Be cautious of any contact asking you to 'confirm' these details.

Email and Digital Identity

Your email is the key to your digital identity. Securing it is a sensible first step.

Strengthen email security

~5 min
Updating the password and enabling multi-factor authentication (MFA) on the email account tied to your health services is widely recommended. It is also worth checking email forwarding rules and connected-app permissions, which can be abused to silently intercept messages.

Understand your full account exposure

Most people have dozens of online accounts linked to one email address. When that email is exposed alongside health data, mapping which services are connected is a critical first step in assessing your personal risk.

Identity Protection

Name, date of birth and a Medicare number together are commonly used in identity verification.

Consider a credit ban (especially with Medicare and date of birth exposed)

~20 min
Because date of birth and a Medicare number were reportedly exposed alongside your name, the combination could be used in attempts to open credit or services in your name. Placing a free credit ban with Australian credit bureaus prevents new credit from being opened without additional verification.

Stay alert for targeted, health-themed phishing

Exposed health records and Medicare number can be used to craft convincing scams that reference real appointments, referrals or results. Do not click links in unexpected messages, and verify any contact by calling your clinic or Partnered Health directly using details from their official website.

Monitoring and Reporting

Australian resources for breach response and identity protection.

Contact IDCare or report to Scamwatch

IDCare (1800 595 160) is Australia's national identity and cyber support service and provides free, tailored guidance for people affected by data breaches. Reporting to Scamwatch helps authorities track emerging threats.

Check your exposure across breaches

Reviewing which of your accounts share the exposed email is a practical way to prioritise what to secure first, especially if your data also appeared in other recent Australian health breaches.

Not sure which of your accounts are affected?

In The Event Of helps you find the accounts linked to your email and shows your breach exposure, so you can work through a clear, prioritised plan after an incident.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The Partnered Health breach did not happen in isolation. If your data also appeared in other major Australian health breaches, the combination of leaked information can build a far more complete medical and identity profile.

How breach data compounds

On its own, the Partnered Health breach exposed Medicare numbers, health-cover details and medical records. But if your email also appeared in the Medibank, Genea or Australian Clinical Labs breaches, the combined data set may include health claims, pathology results and further Medicare details. This kind of compound exposure significantly increases the risk of identity fraud and health-themed scams.

  • Medibank (2022)9.7M records - health claims, Medicare details
  • Genea Fertility (2025)~940K records - IVF and medical records
  • Australian Clinical Labs (2022)~223K records - pathology results, Medicare numbers
  • Partnered Health (2026)Medicare, health insurance, medical and treatment records

If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

Partnered Health Breach FAQ

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

ACMI Data Breach 2026

~25,000 records exposed

High

Melbourne Film Festival Data Breach 2026

~26,782 records exposed

High

UWA Callista Student System Data Breach 2026

Undisclosed records exposed

Medium

University of Sydney Data Breach 2025

~27K records exposed

High

NYC Health + Hospitals Data Breach 2026

~1.8M records exposed

Critical

Australian Courts Data Breach 2026

Thousands of files records exposed

Critical

youX Data Breach 2026

~444K records exposed

High

Prosura Data Breach 2026

300K-500K records exposed

High

Canvas (Instructure) Data Breach 2026

~275M (claimed) records exposed

Medium

Booking.com Data Breach 2026

Undisclosed records exposed

High

McGraw Hill Data Breach 2026

13.5M records exposed

High

Crunchyroll Data Breach 2026

Undisclosed records exposed

High

Eurail Data Breach 2026

300K+ records exposed

High

Basic-Fit Data Breach 2026

1M records exposed

High

Under Armour Data Breach 2025

72M records exposed

High

Salesforce (ShinyHunters) Data Breach 2025

~1B records exposed

High

Allianz Life Data Breach 2025

2.8M records exposed

High

Workday Data Breach 2025

Undisclosed records exposed

Medium

Western Sydney University Data Breach 2025

10K records exposed

High

Genea Fertility Data Breach 2025

940K records exposed

Critical

DeepSeek Data Breach 2025

1M records exposed

Medium

Tangerine Telecom Data Breach 2024

232K records exposed

High

Australian Clinical Labs Data Breach 2022

223K records exposed

Critical

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High

Guides to read next

In The Event Of is an Australian digital footprint manager that helps you find the accounts linked to your email, see your breach exposure, and work through a prioritised action plan. These guides walk through the steps:

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. It is based on publicly available reporting at the time of writing. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Partnered Health. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.