One of Australia’s largest IVF providers, Genea, is urgently investigating a cyber-attack that may have exposed the data of thousands of families and expectant parents.
One of the country’s three largest IVF providers, operating 21 clinics nationally, the company came under fire in 2019 after patients were artificially inseminated with ineffective sperm costing thousands of dollars but offering no real chance of conception.
Last year, several families spoke out against the company on national TV after their embryos became contaminated at Genea’s state-funded clinic at Sydney’s Royal Prince Alfred Hospital.
Regarding last week’s suspected breach, chief executive Tim Yeoh told past and present patients that the company had taken some of its systems and servers offline after it identified suspicious activity on its network.
“We are urgently investigating the nature and extent of data that has been accessed and the extent to which it contains personal information,” he said, adding that the company was working hard to prevent disruption to treatment being provided to patients.
The Sydney Morning Herald reports that Genea did not respond to questions about how many of its clients were potentially affected by the breach, but in a statement a spokesperson said the company had engaged cyber experts to assist in the investigation and was liaising with the Australian Cyber Security Centre.
Under Australian privacy law, unauthorised access or disclosure of personal information must be reported to the Office of the Australian Information Commissioner within 30 days if it is “likely to result in serious harm to one or more individuals”.
A Department of Home Affairs spokesperson said the National Office of Cyber Security was aware of the breach and was ready to assist Genea if needed.
See more from MedicalBrief archives:
Cyber-attacks on global healthcare industry red-flagged
Cyber thieves post patients’ data stolen from Australian medical insurer
Medical providers most likely to be the culprits in health data breaches