The medical software provider says Partnered Health is a client but insists its platform was not compromised.
Patient management software provider Best Practice made it clear today that its software was not involved in the cyber attack incident on its client Partnered Health, in which data from potentially thousands of patients was stolen.
Primary care provider Partnered Health, which operates more than 60 primary care and skin cancer clinics around Australia, announced on Wednesday that personal details, medical records and test results had been taken in a data breach on 21 clinics by a “malicious actor”.
A Best Practice spokesperson told The Medical Republic today that Partnered Health was a client but said its software was not compromised.
“Best Practice Software (Best Practice) can confirm that Partnered Health is a customer of Best Practice,” they said.
“We are not involved in this incident response and cannot comment on Partnered Health’s internal systems or investigation.
“We are not aware of any compromise involving our platform.”
Partnered Health became aware of the attack on June 23 but released a statement and advice to patients 22 days later on July 15 – a delay that experts said was “unacceptable”.
The company confirmed that personal information, including health information, was taken from 21 clinics in NSW, Victoria, Queensland, Western Australia and the ACT.
Related
In a statement to patients, Partnered Health said the company took immediate steps to contain the incident and engaged specialist cyber experts for advice, and said the investigation was “ongoing”.
The company said it had apologised to patients and had obtained an interim injunction from the NSW Supreme Court to prevent the accessed data being used or published.
Partnered Health said the incident may have affected patients’ personal information including names, dates of birth, addresses, contact details, Medicare number, private health insurance details, veteran card numbers and concession card numbers, the company said.
Medical information and treatment details were also potentially involved in the data breach, including consultation notes, referral letters, and pathology or diagnostic results recorded by GPs or other clinicians.
Partnered Health said it was working with authorities and had reported the incident to the Australian Cyber Security Centre, the Office of the Australian Information Commissioner and law enforcement.
The Partnered Health practices that have been impacted are:
- Blackburn Road Medical Centre
- Broadway General Practice
- Bundall Medical Centre
- Cardiff Medical Centre & Skin Cancer Clinic
- Castle Hill Family Doctors
- Champion Drive Medical Centre
- Chancellor Park Family Medical Practice
- Dromana Family Doctors
- Dural Medical Centre
- Joondalup City Medical Group
- Kealba Family Practice
- Mornington Family Doctors
- Noosaville Seven Day Medical Centre
- North Canberra Family Practice
- Park Beach Family Practice
- Park Orchards Family Practice
- Rockingham City Family Practice
- Sans Souci Medical Practice
- Templestowe District Medical Centre
- Wentworth Avenue Family Practice
- Wyong Family Practice



