The medical records, including Medicare numbers and DVA numbers, of potentially more than 25,000 patients of Ochre Medical Centre Tuggeranong have been sold online after a prolific hacker breached an unnamed third-party provider.
The same hacker responsible for a string of attacks on Australian targets, 2019 offered the data for sale in a post to a hacking forum earlier this week.
The deal was a one-time offer paid in cryptocurrency. The post has since been deleted, suggesting the sale was successful, and the patient records are now in the hands of another threat actor.
According to 2019’s original post, the data was made up of three distinct datasets comprising more than 700,000 records. The included names and dates of birth, addresses, emails, phone numbers, Medicare and Department of Veterans’ Affairs numbers, appointment details, and billing information.
Ochre Health is aware of the incident and said operations at the medical centre are unaffected.
“Ochre Medical Centre Tuggeranong is currently investigating online claims by an unknown third party that they have accessed some of our information without authorisation,” an Ochre Health spokesperson told Cyber Daily.
“We would like to assure you that this access originated from a third-party platform used by Ochre Health, and our broader environment is secure.
“Our clinics and medical centres are operating as normal with zero disruption to patient care.”
Ochre Health has determined that the incident only impacts its Tuggeranong medical centre, but understands patient data may have been impacted.
“We understand this news may cause concern and wish to assure our customers that we are investigating this as a priority, including a review of our security systems as a precautionary measure,” Ochre Health said.
“We recommend that our patients remain vigilant against the risk of potential phishing emails or scam calls, which are often the most likely risk associated with unauthorised access to contact information.”
Ochre Health is working with the relevant authorities and third-party experts and said it is taking appropriate steps to remediate the situation as swiftly as possible.
Who is 2019?
Threat actor 2019 has been active on underground hacking forums since early 2026 and has made more than 30 leak posts in that time, with the majority referencing Australian victims such as the Australian Centre for the Moving Image and Services Australia.
While Australian organisations appear to be 2019’s preferred target, they have also listed entities from the United States, the United Arab Emirates, France, and Italy.
Generally, 2019 offers stolen data for free, but in some cases, it is sold online in a one-time sale in return for Bitcoin, Ethereum, or Monero cryptocurrencies.
Who is the victim?
Ochre Medical Centre Tuggeranong is one of the more than 65 healthcare centres operated by Ochre Health and is based in one of Canberra’s outer suburbs.
Ochre Health describes itself as a “leading facilitator of healthcare in rural, regional and urban communities around Australia”.
Ochre Medical Centre Tuggeranong provides a range of services, including men’s and women’s health, minor procedures, chronic disease management, travel medicine, and pathology.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.