Written by 7:30 pm Blog

Thousands of Canberrans caught up in GP clinic’s cyber security breach

Thousands of Canberrans have had their medical information exposed in major data breaches affecting…
Thousands of Canberrans caught up in GP clinic’s cyber security breach

Thousands of Canberrans have had their medical information exposed in major data breaches affecting three ACT general practitioners’ clinics.

Subscribe now for unlimited access.

or signup to continue reading

Save 30%

All articles from our website

& app

The digital version of

Today’s

Paper

Crosswords, Sudoku and Trivia

North Canberra Family Practice in Belconnen, Wentworth Avenue Family Practice in Kingston and Ochre Medical Centre Tuggeranong have reported leaks of client data in two separate cyber security breaches.

A Canberra cyber security expert and patient of one of the clinics has called for stronger standards to be legislated on health clinics to prevent more privacy breaches.

Ochre Medical Centre confirmed on Wednesday, July 15, that an “unknown third party” had logged into two Ochre Health user accounts on booking platform HotDoc in June 2026.

“From the claims published online, we understand that some company information, including patient records, may have been impacted. Based on the information available at this stage, we understand that only the Tuggeranong medical centre has been impacted,” a statement said.

The breaches were limited to the Ochre Health accounts, with the company still investigating what information was accessed.

“Our investigations to date have confirmed that personal information (including health information) was taken from some of the clinics in our network,” a statement said.

Patients with the North Canberra and Wentworth Avenue clinics may have had their Medicare card number, medical history or veteran card number stolen in the breach, a company website advised.

Cyber security expert and patient of one of the affected clinics Dean White. Picture by Keegan Carroll

Principal at cyber security firm OneGUARD Consulting Dean White, who is also a patient of one of the clinics, said a third party had claimed the Ochre Medical clinic alone lost about 20,000 records listing people’s names and addresses.

He argued a gap in federal legislation meant GP networks and primary health providers were not subject to strict cyber security obligations, despite holding extensive amounts of sensitive health and identity information.

Only critical health facilities, such as Canberra Hospital or Sydney’s Royal North Shore Hospital, have federally legislated mandatory reporting timeframes for cyber security incidents.

“It’s not a story about who’s failed here and who hasn’t failed, it’s about the fact that the rules don’t require any particular standard in the first place,” Mr White said.

“This data itself is some of the most valuable data that cyber security criminals are looking for. You can’t replace someone’s medical history. Once that information is compromised, it’s available to anyone who is prepared to pay the appropriate amount of money for it.

“It’s almost certain that [another breach] is going to happen in the future unless we get some changes, because that healthcare is some of the most valuable data that is on the black market.”

Partnered Health operates more than 60 clinics across Australia. The company reported its data breach to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and law enforcement, and also obtained an interim injunction from the NSW Supreme Court ordering that the accessed data not be used or published.

More from National News

As it happens

Breaking news alert

Be the first to know when news breaks.

Article Source

Close