Termite Ransomware Leaked IVF Clinic Genea Patient Data on the Dark Web

• One of Australia's leading fertility service providers suffered a security breach that resulted in patient details leakage.
• Initial assessments yielded that a third party gained unauthorized access to its company information.
• Announced on Termite Ransomware’s dark web portal, the leaked data reportedly includes patient IDs and more.

Genea has been targeted in a significant ransomware attack by the Termite gang, resulting in the theft of sensitive healthcare data. The attack began on January 31, 2025, when the attackers infiltrated Genea's network via a Citrix server. 

Termite, a ransomware gang that emerged in October 2024 and claimed responsibility for breaching Blue Yonder, now said it is behind the Genea attack. 

While the IVF (In Vitro Fertilization) facility initially stated that only company data is impacted, the compromised data reportedly includes personal information like full names, addresses, phone numbers, emails, and emergency contact details. 

The leak also appears to have exposed health-related data, including Medicare and private insurance details, medical history, diagnoses, treatments, prescriptions, pathology results, and doctor notes.

Government-issued identification documents and sensitive medical records were reportedly found in samples of the allegedly stolen data.

The hackers stated on their dark web portal they stole around 700GB of data from Genea's servers and shared screenshots of stolen details as proof. 

Over two weeks, the hackers accessed crucial systems, including Genea's main file server, domain controller, and BabySentry patient management system. By February 14, the attackers had exfiltrated 940.7GB of data to a cloud server under their control. 

Despite the severity of the attack, Genea has stated there is no evidence to suggest financial information, like credit card or bank account numbers, was impacted. 

The organization also obtained a court-ordered injunction to prohibit the leaked data from being further disseminated by third parties. Additionally, the Office of the Australian Information Commissioner has been notified.

Termite is believed to use a version of the Babuk encryptor, a ransomware tool leaked in 2021. While their encryption tool still has technical flaws, Termite's ability to breach networks and steal data has turned them into a rising threat.