Genea Fertility cyber attack: Inquiry into IVF hack confirms details were published on to dark web

An IVF provider targeted in a cyber attack has written to patients confirming their stolen personal information has been posted on the dark net.

“The publication has occurred on a part of the dark web, which is a hidden part of the internet,” according to Genea chief executive Tim Yeoh.

“This data is not readily searchable or accessible.”

An investigation following a security breach at the company on February 14 determined its patient management systems were accessed by an unauthorised third party or “threat actor”.

The impacted servers were a store for a raft of personal information including full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, medical history, diagnoses, treatments, medications and prescriptions.

The health data included clinical information related to services provided by Genea and other companies.

There was no evidence the hackers stole financial information such as credit card details or bank account numbers.

An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days.

The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years.

Genea has not said how many customers have been impacted.

“We understand this news may be concerning for you,” Mr Yeo wrote to customers.

“We unreservedly apologise for any distress that this may cause you.”

He said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them.

The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data.

It has also partnered with national identity and cyber support service IDCare to guard against potential future lapses and to offer counselling to affected clients.