UPDATED Incident – Medical Data Breach, 19 February 2025

Australian IVF provider Genea in cyber incident

Genea patients frustrated by lack of communication amid data breach.

Company Statement: 19 February 2025: Important update about a cyber incident
Company Website: Genea
Source: Australian IVF provider Genea in cyber incident | iTnews
Source: Genea patients frustrated by lack of communication amid data breach | ABC News (Australia)

View more incidents relating to the Medical and Health Care sector and incidents from Australia.

Update: 26th February 2025: Genea Fertility hack claimed by Termite ransomware | cyberdaily.au
The Genea Fertility cyber incident from earlier this month has been claimed by the Termite ransomware operation, which has posted alleged business data as evidence of the breach.
“We have ~700gb of data from [company] servers such as confidential, personal data of clients,” the group said.
While the firm has not been able to confirm exactly what data was stolen, it said the data might include “full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, Defence DA number, medical record numbers, patient numbers, date of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaire, pathology and diagnostic test results, notes from doctors and specialists, appointment details and schedules, emergency contacts and next of kin,” it said on its website.

Summary: Genea, one of Australia’s largest IVF providers, is urgently investigating a cyber incident after detecting suspicious activity on its network. The company confirmed that an unauthorized third party accessed its data, leading to disruptions in phone lines and the MyGenea app, which patients use to track their fertility treatments.

Data Compromised: While the company has yet to reveal when the breach was detected or whether patients’ personal and health information was exposed, Genea’s breach confirmation comes five days after a phone outage impacted the group’s fertility clinics.

Response: Obex Medical is working with cybersecurity experts to mitigate the impact of the attack and restore access to the encrypted data. The company is also cooperating with law enforcement agencies to investigate the incident. Patients have reported difficulties in contacting their clinics and accessing critical treatment information. Some have expressed concerns about the potential impact on their treatment schedules.

Notifications: Genea is working to minimize disruption to patient care and has communicated with affected individuals. The company is also liaising with the Australian Cyber Security Centre.