Brand and communications specialists told The Australian the company’s recent security breach, which saw 700GB of confidential personal client data accessed by ransomware operation Termite and posted on the dark web, is “one of the most damaging” and will be extremely difficult to recover from.

One of Australia’s leading reputation advisers Robyn Sefiani told The Australian the importance of trust and privacy in the IVF sector made this breach significantly more high stakes than others.

“Trust and privacy is paramount (in the IVF sector),” said Ms Sefiani, who is the president ANZ & Reputation Counsel at Sefiani, part of Clarity Global.

“Genea’s lack of transparency and tardy communication to patients will have significantly eroded their trust bank and make reputation rehabilitation all the harder.”

Genea, which is one of the largest IVF companies in Australia, has been criticised by brand and communication specialists for its slow response to alerting patients about the security breach which occurred on February 14 but only communicated to patients by email one week later.

“While Genea informed patients on February 14 that the company’s ‘phone lines were down’, it took a call from an ABC journalist a whole five days later to prompt the company to issue a public notification about the cyber attack and email patients with the news,” Ms Sefiani said.

“This is frankly disgraceful and begs the question: if the enterprising ABC journalist hadn’t called, would Genea have waited even longer before telling their patients what had occurred?

“Because IVF treatment is a costly and extremely time-sensitive process, patients who were left in the dark about what was happening were rightly worried the outage could negatively impact their treatment.”

Ms Sefiani said immediately notifying stakeholders was a “golden rule” in such incidents and the prolonged delays in communications would “negatively impact the brand and corporate reputation of this company”.

Genea sent a second email to clients on February 24, to “update” on the “unauthorised access” of confidential patient information, which included medical and pathology records, medicare and private health details, next of kin and emergency contacts, among a host of other personal identification details.

A further email on February 26 apologised to patients after the data was posted on the dark web and advised that a court injunction had been granted.

Katie Barclay, the chief executive officer of creative agency Hopeful Monsters, said the brand would face “a monumental task” to recover from the breach of trust.

“While we’ve seen significant data breaches in Australia over the past year, the Genea hack stands out as one of the most damaging due to the sheer amount of personal information the brand holds.

“Patients choose an IVF provider based on trust. Alongside thousands of dollars, patients hand over hundreds of personal details from birth certificates and passports to medication, prescription and detailed health information — and with that, they expect the highest levels of security.

“When a breach like this happens and trust is broken, regaining it is a monumental task.

“The key to recovery lies in acting quickly and transparently and, based on what I’ve seen and heard knowing someone personally impacted, this hasn’t been the case with Genea’s response.”

A Genea spokesperson said: “We are urgently investigating the nature and extent of the data that has been published. We apologise to our patients for any concern this latest development may cause.”

The company has not disclosed precisely what data has been published or revealed the number of clients that have been impacted by the hack.

The Australian understands that due to medical regulations that require health providers to retain patient records for seven years, the potential number of people affected would run into the hundreds of thousands and could reach over one million.

The Australia and New Zealand Assisted Reproduction Database (ANZARD) reports there were 108,913 assisted reproductive treatments performed in Australia and New Zealand in 2022 and 20,058 babies born.

The cyber incident comes in the midst of reports that Genea owners Liverpool Partners, a private equity company, were likely to be seeking a financial backer for Genea as it does not have the capital to inject into the fertility business. The private equity firm purchased Genea for $215m in 2022.

More related stories

The Growth Agenda

HCF readies for ad agency review as Clems senior staff exodus continues

Health insurance company HCF has severed ties with ad agency Clemenger BBDO following an agency merger and an exodus of senior leadership staff.

Read more

The Growth Agenda

Cost-centre or growth driver? Creativity’s role in financial success

The empirical evidence is clear, writes Droga5’s Matt Michael, the companies that invest and prioritise creativity are financially more successful than their competitors.

Read more