- An Australian IVF clinic has been hit by a ‘cyber incident’
- Patient data and information may be exposed in Genea breach
- Healthcare is an attractive industry for cybercriminals
A leading fertility clinic in Australia has been hit by a ‘cyber incident’ which has reportedly breached internal networks.
Genea confirmed suspicious activity was identified on its systems, and that some systems and servers have been taken offline ‘out of an abundance of caution’.
Genea is ‘urgently investigating’ the scale of the breach and the data that has been accessed, here’s what we know so far.
Sensitive information
The clinic has not yet confirmed the scope of the data accessed, and whether personal, health, or financial information has been compromised in the incident, but has promised to “communicate with relevant individuals if our investigation identifies any evidence that their personal information has been impacted.”
Genea told TechRadar Pro that the organization is working with the Australian Cyber Security Centre, and that all affected individuals will be notified if their information has been impacted consistent with legal and regulatory obligations,
“We are urgently investigating a cyber incident after identifying suspicious activity on our network,” the spokesperson confirmed.
“As soon as we detected the incident, we took immediate steps to contain the incident and secure our systems.”
The timing of treatment, blood tests, and medications are crucial in IVF cycles, and the delay of any appointments could be detrimental to the treatments, but the clinic said it was, “working hard to ensure that there is minimal disruption to treatment being provided to our patients. If you do not hear from your local Genea clinic, there is no change to your current treatment schedule.”
Healthcare providers have been increasingly targeted by cyberattacks, thanks to the sensitive nature of the data they hold and the critical service they provide. In fact, a United Healthcare data breach may have impacted 190 million customers at the end of 2024, showing the scale of the issue.
Research has revealed healthcare organizations are being hit hard by cyberattacks, and 92% of companies have experienced at least one cyberattack in the last 12 months – with 69% of those attacks caused serious disruptions to patient care.
One in every 18 births in Australia is a product of IVF, and Genea, along with Monash IVF and Virtus, account for 80% of the industry’s total revenue – which will reach an estimated $810 million in 2025, ABC confirms.
The clinic has confirmed any patients affected should reach out with any concerns – but that patient impact should be minimal.
“The protection of our staff and patients’ information is our utmost priority. We apologise for any concern or inconvenience that this incident has caused and will provide patients with relevant updates as we learn more,” the spokesperson said.
Patients at risk
Whilst there’s no confirmation yet what information was accessed, the clinic will naturally hold financial, health, and personally identifiable data. That puts those exposed potentially at risk of fraud, identity theft, or social engineering attacks.
The key to protecting against all three of these is staying vigilant and spotting the signs – if you know what you’re looking for, you can mitigate the risks.
Monitor your accounts, bank statements, and transactions for suspicious or fraudulent activity and be sure to immediately reach out to your bank if you spot anything.
Social engineering attacks like phishing are tricky because criminals use the information they gain from the cyberattack (like the IVF clinic you go to, the bank you use, or medication you are using) to impersonate a trusted source and trick victims into handing over their information or access to their accounts.
Make sure you thoroughly assess any unexpected communication, especially if you use a service you know has experienced a breach. Look out for suspicious mismatched email addresses, like Micr0soft or G00Gle – and if you’re not sure, just search up the real email address or phone number this should come from.
Another thing to look for is odd attachments – if the sender is unknown and the email contains links, images, or documents – this is suspicious. QR codes are particularly dangerous, so don’t scan anything you’re not certain is safe.
You can also keep you and your family safe with identity theft protection services – these will provide you with dark web monitoring, credit monitoring, antivirus, and often identity theft insurance – all through one software.
If you want to just stay on top of it yourself, create a strong and secure password that is unique – especially for sites that hold health or financial information, and immediately change any password which may have been compromised in a breach.
Next, you should enable multi-factor authentication or MFA to provide an extra layer of defense against threat actors.
You might also like
- Check out our list of the best firewall software around today
- Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
- We’ve also rounded up the best malware removal software on offer right now