Introduction to the Cybersecurity Incident

Genea, a leading Australian IVF provider, has recently reported a cybersecurity incident that resulted in disruptions to patient services and potential unauthorized access to sensitive information.

Confirmation of the Incident

Genea, which operates 21 clinics across Australia, confirmed the incident in a statement published on its website. This confirmation came after the company was contacted by reporters from the national broadcaster ABC regarding the cyberattack.

Response to the Incident

Following inquiries from ABC, Genea engaged the services of Porter Novelli, a public relations firm specializing in handling cyberattacks and data breaches. Lauren Clancy, representing Genea via Porter Novelli, confirmed the incident to TechCrunch, stating that the company is “urgently investigating” the cybersecurity incident.

Measures Taken

According to the spokesperson, immediate actions were taken to contain the incident and secure the systems upon detection. The primary focus is on minimizing disruptions to the treatment provided to patients.

Data Access and Availability

Genea acknowledged that the cyberattack resulted in the hacker accessing the company’s data, but the types of data accessed were not disclosed. Prior to confirming the cyberattack, Genea had informed customers about outages in its phone lines on February 13. Additionally, the MyGenea app, used by patients to track their cycle and view fertility data, was taken offline due to the incident.

Data Collection and Potential Impact

Genea’s website indicates that the company collects highly sensitive health information, including medical, nursing, and scientific data, as well as details about procedures and tests conducted at Genea or other locations. It is currently unknown whether patients’ sensitive medical data was accessed or compromised during the incident.

Ongoing Investigation

Genea’s representative assured that the investigation is ongoing. If the investigation reveals that personal information has been impacted, affected individuals will be notified in accordance with legal and regulatory obligations.