Australia
Healthcare
Ochre Health Data Breach: 25K+ Patients' Medical Records for Sale
A threat actor using the alias 2019 claims to be selling a patient database stolen from Ochre Health, an Australian medical-centre network providing general practice and allied health services. The post advertises 25,000+ patients and 700,000+ records with highly sensitive medical and identity data, including names, dates of birth, contact details, Medicare and DVA numbers, appointment histories, and payment information. It is offered as a one-time sale in cryptocurrency. The claim is unverified and Ochre Health has not publicly addressed it.
Australia▣Post details
Australia!Allegedly exposed
- 25K+ patients / 700K+ records (claimed)
- Patient names & dates of birth
- Mobile, home phone & email
- Home address, suburb & postcode
- Medicare numbers, refs & expiry
- DVA (veterans' affairs) numbers
- Appointment & treating-doctor details
- Payment & billing information
◱Screenshot
⚠Potential impact
If genuine, this is an especially serious exposure: a healthcare dataset linking 25,000+ patients to dates of birth, contact details, Medicare and DVA numbers, appointment histories, and treating doctors. Medicare and DVA numbers are sensitive Australian health identifiers that can enable Medicare fraud, identity theft, and highly convincing medical-themed scams, and the health context itself makes any exposure particularly harmful to patients. Health data is among the most damaging information to leak. Record counts and authenticity are unconfirmed.
iStatus
UnverifiedColumn listings across three tables and sample patient records were posted to an underground forum, offered as a one-time cryptocurrency sale via Session and TOX contacts; the sample records and contact identifiers are not reproduced here. The claim has not been independently confirmed and Ochre Health has not publicly addressed it.
DARK WEB INFORMER - THREAT INTELLIGENCE
