Medical booking service HealthEngine has revealed a data breach.

HealthEngine - an online booking company for medical practices - says a data breach potentially saw 59,600 pieces of patient feedback “improperly accessed”.

The company says that in line with new laws, it has notified those affected as well as the Office of the Australian Information Commissioner.

The company said the breach stemmed from “an error in the way” its website operated, and that information “ordinarily not visible to users on the site” was accidentally exposed.

No usernames or passwords were impacted and “no action is required to be taken by users of the site”.

“HealthEngine has worked around the clock to investigate how the information was improperly obtained, what patients might have been affected, and the steps required to further address the matter,” CEO Dr Marcus Tan said in a statement.

“We have removed all published patient feedback from our site while we review the HealthEngine Practice Recognition System, to ensure that hidden feedback information can no longer be accessed in this way.

“We take data security very seriously, and acted swiftly and decisively when we became aware of the breach, to identify the error and shut down the published patient feedback function.”

This comes just a week after HealthEngine was accused of funnelling users’ data to legal firms.