One of Australia’s largest IVF providers is urgently investigating a cyberattack that may have exposed the data of thousands of families and expectant parents.
Genea chief executive Tim Yeoh told past and present patients on Wednesday that the company had taken some of its systems and servers offline after it identified suspicious activity on its network.
Genea, one of Australia’s big three IVF providers, is investigating a data breach on its network. Credit: Istock
“We are urgently investigating the nature and extent of data that has been accessed and the extent to which it contains personal information,” Yeoh said.
Yeoh said the company was working hard to prevent disruption to treatment being provided to patients.
“If you do not hear from your local Genea clinic, there is no change to your current treatment schedule,” he said.
“We sincerely apologise for any concern this incident may cause you and want to reassure you that we take your privacy and the security of your data very seriously.”
The announcement came five days after Genea reported a phone outage at some of its clinics. A notice on the company’s website indicated the outage was still an issue on Wednesday afternoon.
Genea did not respond to questions about how many of its clients were potentially affected by the breach.
In a statement, a Genea spokesperson said the company had engaged cyber experts to assist in the investigation and was liaising with the Australian Cyber Security Centre.
“Our investigation is ongoing and we will communicate with any affected individuals if our investigation identifies any evidence that their personal information has been impacted, consistent with our legal and regulatory obligations,” the spokesperson said.
Under Australian privacy law, unauthorised access or disclosure of personal information must be reported to the Office of the Australian Information Commissioner within 30 days if it is “likely to result in serious harm to one or more individuals”.
A Department of Home Affairs spokesperson said the National Office of Cyber Security was aware of the breach and was ready to assist Genea if needed.
Genea is one of Australia’s three largest IVF providers, operating 21 clinics nationally. The company came under fire in 2019 after patients were artificially inseminated with ineffective sperm costing thousands of dollars but offering no real chance of conception.
Last year, several families spoke out against the company on the ABC’s Four Corners program after their embryos became contaminated at Genea’s state-funded clinic at Sydney’s Royal Prince Alfred hospital.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.