Genea, a leading Australian IVF service, has confirmed a data breach following a cyberattack that occurred earlier this month. The fertility specialist first detected suspicious network activity on February 14, which prompted an investigation and the implementation of measures to take certain services offline.
The company has since revealed that an unauthorised third party accessed its patient management systems, potentially compromising confidential patient information.
The compromised data may include names, contact details, Medicare and private health insurance information, medical histories, medications, test results, and doctors’ notes. There is currently no evidence to suggest that financial details, such as credit card or bank account numbers, were affected.
A ransomware group has claimed responsibility for the cyberattack, alleging the theft of 700GB of data from Genea’s servers, including sensitive client details like passports and pathology results. Genea has acknowledged that data from its patient management systems has been made public and is currently investigating the extent of the compromised information.
In response to the breach, Genea secured a court injunction that aims to prevent cybercriminals or any third parties from accessing, using, distributing, or publicising the stolen data. The company has notified both the Australian Information Commissioner and the Australian Cyber Security Centre about the incident.
Genea has expressed sincere apologies to its patients for any distress caused by the incident and is offering support services to those affected. Patients have been advised to remain vigilant for suspicious communications that could be related to identity theft or fraud.
The Australian Information Commissioner (OAIC) will ensure Genea adheres to the notifiable data breaches scheme, given the potential harm to individuals whose personal information was stolen. The OAIC has noted that the health sector has reported the highest number of data breaches since the scheme’s commencement in 2018.
Established in 1986, Genea is one of Australia’s largest IVF providers, operating 21 clinics across the country. The company is currently working to restore its systems securely and minimise disruption to its services. While some systems were taken offline as a precaution, it remains unclear whether the cyber incident continues to disrupt patient services.