Australian IVF provider Genea confirms hackers accessed patients’ healthcare data

Avatar

One of Australia’s largest fertility services providers, Genea, said on Wednesday that data stolen during a recent cyberattack on its systems had been published online by hackers.

According to the company’s investigation, the attackers accessed patient management systems that include personal information, private health insurance details, medical history and diagnoses and treatments, as well as pathology and diagnostic test results.

In its update on Wednesday, Genea did not specify what information the hackers published.

The company has not yet attributed the attack to a specific group. However, earlier this week, a ransomware gang known as Termite claimed responsibility for the attack, saying it had stolen approximately 700 gigabytes of confidential patient data.

The group reportedly posted screenshots of identification documents and patient records on its dark web leak site.

Termite has previously targeted government agencies, educational institutions, disability support services and companies in the oil and gas and water treatment sectors in France, Canada, Germany, Oman and the U.S. The group surfaced earlier this year, so its tools and tactics are still not well-researched.

Previous reports indicate that Termite appears to use a modified version of the infamous Babuk ransomware, which encrypts targeted files until a ransom is paid. 

Genea has not disclosed how much the hackers might have demanded for data decryption or whether the company plans to negotiate with them.

In December, Termite also claimed to have hacked Blue Yonder, an Arizona-based supply chain software provider with high-profile clients including Microsoft, Bayer, and DHL.

Genea first detected suspicious activity on its network two weeks ago. The cyber incident coincided with phone outages at several clinic branches and app disruptions. At that time, the company told Recorded Future News that it had engaged cyber experts to assist with the response and investigation.

In a statement on Monday, the company said that it had seen no evidence of any financial information, such as credit card details or bank account numbers, being impacted by the incident.

Following the data breach, Genea said it had obtained a court order prohibiting the access, use, or dissemination of the compromised data by the threat actors or any third party.

Genea promised to keep its patients updated about the attack, but some expressed frustration over a lack of communication from the company. According to local media reports, people struggled to reach the company for urgent clinical inquiries, while at least one patient said delays in communication prevented their fertility testing from being completed this month.

Earlier this week, the company published a letter to its patients explaining what is known about the incident and what measures they should take to protect their data.

“We understand that this development may be concerning for our patients, for which we unreservedly apologize,” Genea said, adding that its specialists are working to minimize any impact of the attack on patient treatment.

CybercrimeNewsIndustry
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Previous Post

‘Cyber incident’ shuts down Cleveland Municipal Court for third straight day

Next Post

FBI urges crypto community to avoid laundering funds from Bybit hack

Related Posts

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.  This coverage is extremely valuable for the cybersecurity community as it raises
Avatar
Read More

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.
Avatar
Read More