Genea, a prominent Australian IVF provider, recently experienced a significant cybersecurity breach, potentially compromising sensitive patient data. The breach occurred on January 31, 2023, when hackers infiltrated Genea's Citrix environment. Subsequently, approximately 940 GB of data was extracted on February 14, 2023. The compromised patient management system holds critical information such as patients' contact details, Medicare card numbers, health insurance details, medical histories, test results, and medications.
The hackers, identified as the Termite ransomware gang, claimed to have published sensitive patient data on their dark web leak site. In response to this alarming development, Genea's MyGenea app, which allows patients to track their cycles and access fertility data, was taken offline as a precautionary measure.
Tim Yeoh, CEO of Genea, confirmed that the company had identified that data from their systems had been published externally. He underscored the company's commitment to addressing the breach and stated that Genea is "urgently investigating the nature and extent of the data that has been published."
Genea swiftly sought legal recourse and was granted a court injunction on Wednesday to prevent further disclosure of the stolen data. The court order aims to "prevent any access, use, dissemination or publication of the impacted data by the threat actor and/or any third party who receives the stolen dataset."
Despite the breach, there is currently no evidence to suggest that patients' financial information, such as credit card details or bank account numbers, had been compromised. Genea is actively working to "securely restore" its systems following the cyberattack.
In terms of communication with affected individuals, Genea has reached out to both current and former patients who may have been impacted by the breach. Although the incident is not known to have disrupted patient services, Genea has not confirmed whether the cyberattack continues to affect operations.
Leave a Reply