Ransomware group claims responsibility for fertility clinic patient data breach

An international ransomware group has claimed responsibility for a cyber attack on Australian IVF provider Genea, as the fertility group is granted a Supreme Court injunction to protect patient data.

Amelia Swan

Genea is investigating a cyber incident after confirming an "unauthorised third party" accessed company data. The company is one of Australia's three largest IVF providers, with thousands of patients at clinics across the country. Picture: Supplied

less than 2 min read

9:17PMFebruary 26, 2025

An international ransomware group has claimed responsibility for a cyber attack on Australian IVF provider Genea, as a Supreme Court order reveals more than 940GB of patient data was extracted.

Ransomware group Termite claims to have carried out the attack, allegedly leaking scans of sensitive documents to their dark web site on Wednesday.

The group has not publicly issued a ransom for the data.

In a statement on Wednesday, Genea confirmed the stolen data was “published externally”.

“Our ongoing investigation has established that on the 26 of February, data taken from our systems appears to have been published externally by the threat actor,” it said.

Genea apologised “unreservedly” to affected patients.

Earlier on Wednesday, Genea said it had been granted an injunction by the Supreme Court of NSW to prohibit any access to or dissemination of the data.

The court order states the attackers had access to the clinic’s network for more than two weeks, had first been detected on January 31, and obtained 940.7GB of data from Genea’s systems on February 14.

The IVF provider said it became aware of “suspicious activity” in its network on February 14, launching an investigation and taking its servers offline to contain the breach.

Genea confirmed a threat actor had obtained personal patient data on Monday, telling patients they were unsure exactly what information had been compromised.

“Our investigation has identified that Genea’s patient management systems, which contain information about you, were accessed by an unauthorised third party,” it said.

“We stress that at this point in time it is unknown what personal information within the folders on the patient management system has been compromised.”

Genea told patients the folders that had been breached contained information including full names, emails, addresses, Medicare card numbers, medical history and Appointment schedules.

Patients were told there was “no evidence” that any financial information such as credit card details or bank account numbers were impacted.

Genea is offering patients specialist assistance to safeguard personal information through IDCARE, and urged them to “remain vigilant”.

“We are continuing to engage with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre in relation to this incident,” it said

Termite has previously been responsible for cyber attacks in France, Canada, Germany, Oman and the US.