Australian IVF Giant Genea Discloses Cybersecurity Incident Exposing Company Data

• Australian IVF clinic Genea revealed that it suffered a data breach five days after the cybersecurity incident.
• While citing only unauthorized third-party access to its systems, the company did not disclose details on its nature and scope.
• On February 13, the firm’s phone services suffered disruptions, and some systems and servers were taken offline.

Genea, one of Australia’s leading fertility service providers, has revealed a cybersecurity breach that disrupted patient services and raised concerns about the potential exposure of sensitive information.  

The company, which operates 21 clinics nationwide, confirmed the incident in a statement on its website on Wednesday. While Genea confirmed that an unauthorized party accessed its data, the company has not specified which types of information were compromised. 

Genea collects highly sensitive patient data, including health records, scientific information, and details of medical procedures. It is currently unknown whether such information was accessed or stolen during the breach.

The breach reportedly came to light after inquiries from the Australian Broadcasting Corporation (ABC) prompted Genea to disclose the incident publicly.  

The cyberattack also caused significant disruptions to Genea’s operations. The attack led to outages in its phone lines, which was backed by their website’s pop-up and a February 13 post on the company’s Instagram page. 

The company’s MyGenea app, which allows patients to track their medical cycles and view fertility data, has also been taken offline, further impacting patients’ access to vital services. 

The IVF provider subsequently enlisted the aid of Porter Novelli, a public relations firm specializing in cybersecurity response, to manage the fallout. Genea has not disclosed the attacker's identity or the method used in the breach.

As the investigation continues, the affected parties remain in the dark regarding the extent of the potential data exposure. 

"We will communicate with any affected individuals if our investigation identifies any evidence that their personal information has been impacted, consistent with our legal and regulatory obligations,"  the website said.

The incident underscores the growing challenges fertility and health service providers face due to the increasing threat of cyberattacks targeting highly sensitive medical data.