Australian IVF giant Genea confirms a significant healthcare data breach

Australian IVF giant Genea said the sensitive personal and healthcare information of its patients were compromised in a cyber security incident it suffered in February.

 

Earlier this month, the fertility treatment provider said in a data security incident notice published on its website that it experienced a major cyber security incident and took several systems offline as a precaution and is in the process of restoring them.

 

“Our ongoing investigation has identified that an unauthorised third party has accessed Genea data. We are urgently investigating the nature and extent of data that has been accessed and the extent to which it contains personal information,” it said.

 

In a recent update, the fertility clinic said its investigation has revealed that the threat actors who infiltrated its internal network accessed patient management systems, which includes the sensitive personal data of patients.

 

The compromised data includes full names, emails, addresses, phone numbers, medicare card numbers, private health insurance details, defence DA numbers, medical record numbers, patient numbers, dates of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaire, pathology and diagnostic test results, notes from doctors, appointment details, emergency contacts and next of kin.

 

“At this stage there is no evidence that any financial information such as credit card details or bank account numbers have been impacted by this incident. The investigation is however ongoing, and we will keep you updated of any relevant further findings should they come to light,” Genea added. 

 

The fertility care provider has notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre of the incident and is working with them to resolve the incident at the earliest.

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on Genea. The healthcare company also did not share details on who was behind the cyber attack or whether it has received a ransom demand.