National Clinic Network Reels From Major Cyber Attack, Sensitive Patient Data Compromised
A major cyber attack has targeted Partnered Health, a national network of GP and skin cancer clinics, leading to the theft of sensitive patient medical records. The company is working with authorities, has obtained a court injunction, and is notifying affected patients while urging vigilance against scams.
A prominent network of general practice and skin cancer clinics operating across Australia has been rocked by a significant cyber attack, resulting in the theft of personal medical records belonging to an unspecified number of patients.
Partnered Health, which manages 57 clinics nationwide, issued an incident report confirming that patient medical information was accessed and exfiltrated during the breach. The company became aware of the security compromise on June 23 and has since been collaborating with federal agencies, including the Australian Cyber Security Centre, and law enforcement.
The Extent of the Breach
Initial investigations have confirmed that sensitive information was taken from 16 clinics within the Partnered Health network. This stolen data includes deeply personal medical records such as consultation notes, referral letters, and pathology results, alongside identifying details like patient names, contact information, addresses, Medicare details, and private health insurance particulars.
The confirmed affected practices span multiple states and territories, including locations in Melbourne, Sydney, Canberra, the Gold Coast, the Sunshine Coast, and Coffs Harbour. An additional five clinics, some situated in Western Australia, are still undergoing investigation to determine if their patient data has also been compromised.
Immediate Actions and Patient Impact
In response to the incident, Partnered Health has engaged a team of independent cyber security experts to meticulously assess the full extent of the data exfiltration. The healthcare provider has also taken decisive legal action, securing an interim injunction from the Supreme Court of New South Wales. This court order aims to prevent the use or publication of the illegally accessed data.
Some patients whose data is believed to have been compromised were contacted late yesterday afternoon, with more notifications expected as investigations continue. Partnered Health is advising all patients to remain vigilant against potential scam contacts that may attempt to leverage their personal medical records to appear credible. The network has also engaged with Services Australia to implement enhanced monitoring for individuals whose Medicare details may have been stolen.
Broader Cyber Threat Landscape
The cyber attack on Partnered Health occurs against a backdrop of escalating warnings from government cyber authorities regarding the increasing sophistication and frequency of digital threats. Federal agencies have consistently urged businesses and organisations holding sensitive personal information, particularly those in critical infrastructure sectors, to fortify their cyber defences.
Recent alerts have highlighted a surge in Russian-linked cyber attacks specifically targeting poorly protected router networks globally. Furthermore, experts have cautioned that the rapid advancement of artificial intelligence will likely accelerate the complexity and volume of future cyber security incidents, underscoring the urgent need for robust protective measures across all sectors.
The breach also comes as Partnered Health is in the process of being acquired by health insurer Bupa, adding another layer of complexity to the ongoing situation.