Cyberattack on Australian IVF Giant, Breaches Patient Data

Australian fertility provider Genea has confirmed it experienced a cyberattack that led to unauthorized access to its data, the disruption of patient services, and delays to critical fertility treatments. The company, which operates 21 clinics across Australia, stated that an “unauthorized third party” accessed its network, though the extent of the breach remains under investigation.

In a statement on its website, Genea said it took immediate action after detecting the suspicious activity, including taking some systems offline to secure its network. "We are urgently investigating the nature and extent of data that has been accessed and the extent to which it contains personal information” stated the company in an email to those affected. However, Genea has not yet disclosed whether sensitive patient information, including medical records, was compromised.

The breach led to communication outages, with patients unable to contact clinics for days. The company's MyGenea app, which allows patients to track their fertility cycles, was also taken offline. As reported by ABC News, some patients only learned about the breach from media reports, rather than directly from Genea.

One patient, identified as Chloe, said she had been waiting for a critical blood test but was unable to reach her clinic. "I tried to call Genea probably 20 times," she told ABC. By the time the clinic responded, it was too late to continue her cycle tracking.

Patients expressed frustration over the lack of transparency. Another patient, Annika, who had undergone an egg-freezing procedure, said she was unsettled by the breach. "It’s not a great feeling. You give them a lot of personal information and pay a lot of money to go through this process," she told ABC.

According to TechCrunch, Genea only publicly confirmed the incident after being contacted by reporters. The company has since engaged cybersecurity experts and is working with the Australian Cyber Security Centre. Genea CEO Tim Yeoh stated that the company was committed to minimizing disruption to patient treatments.

The Reproductive Technology Accreditation Committee (RTAC), which oversees fertility providers in Australia, confirmed it had been notified of the breach and emphasized the importance of transparency with patients. This incident follows a pattern of increasing cyberattacks targeting the healthcare industry.

As we reported earlier this year, UnitedHealth Group confirmed that a ransomware attack on its subsidiary Change Healthcare led to the theft of a “substantial proportion” of Americans' health data. Attackers had access to the company’s systems for over a week before deploying ransomware.