Australian IVF provider Genea confirms hackers accessed patients' healthcare data

One of Australia's largest fertility services providers, Genea, said on Wednesday that data stolen during a recent cyberattack on its systems had been published online by hackers.

According to the company’s investigation, the attackers accessed patient management systems that include personal information, private health insurance details, medical history and diagnoses and treatments, as well as pathology and diagnostic test results.

In its update on Wednesday, Genea did not specify what information the hackers published.

The company has not yet attributed the attack to a specific group. However, earlier this week, a ransomware gang known as Termite claimed responsibility for the attack, saying it had stolen approximately 700 gigabytes of confidential patient data.

The group reportedly posted screenshots of identification documents and patient records on its dark web leak site.

Termite has previously targeted government agencies, educational institutions, disability support services and companies in the oil and gas and water treatment sectors in France, Canada, Germany, Oman and the U.S. The group surfaced earlier this year, so its tools and tactics are still not well-researched.

Previous reports indicate that Termite appears to use a modified version of the infamous Babuk ransomware, which encrypts targeted files until a ransom is paid. 

Genea has not disclosed how much the hackers might have demanded for data decryption or whether the company plans to negotiate with them.

In December, Termite also claimed to have hacked Blue Yonder, an Arizona-based supply chain software provider with high-profile clients including Microsoft, Bayer, and DHL.

Genea first detected suspicious activity on its network two weeks ago. The cyber incident coincided with phone outages at several clinic branches and app disruptions. At that time, the company told Recorded Future News that it had engaged cyber experts to assist with the response and investigation.

In a statement on Monday, the company said that it had seen no evidence of any financial information, such as credit card details or bank account numbers, being impacted by the incident.

Following the data breach, Genea said it had obtained a court order prohibiting the access, use, or dissemination of the compromised data by the threat actors or any third party.

Genea promised to keep its patients updated about the attack, but some expressed frustration over a lack of communication from the company. According to local media reports, people struggled to reach the company for urgent clinical inquiries, while at least one patient said delays in communication prevented their fertility testing from being completed this month.

Earlier this week, the company published a letter to its patients explaining what is known about the incident and what measures they should take to protect their data.

“We understand that this development may be concerning for our patients, for which we unreservedly apologize,” Genea said, adding that its specialists are working to minimize any impact of the attack on patient treatment.