A leading Australian IVF clinic suspects personal patient information may have been compromised during a cyber attack earlier this month.
On February 14, Genea suspended several services and launched an inquiry into suspicious activity discovered on its network. In an update, the health service provider stated, we now believe the attacker may have accessed and stolen personal information that we hold.
“Our investigation has identified that Genea’s patient management systems, which contain information about you, was accessed by an unauthorised third party,” Genea told patients. “We stress that at this point in time it is unknown what personal information within the folders on the patient management system has been compromised.”
The patient management system includes a goldmine of information, including names, emails, phone numbers, Medicare and private health insurance details, medical history, prescriptions, test results, and doctor's notes.
“At this stage there is no evidence that any financial information such as credit card details or bank account numbers have been impacted by this incident,” Genea noted. “The investigation is however ongoing, and we will keep you updated of any relevant further findings should they come to light.”
The IVF service claimed to have notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC). It will also meet with both the latter and the National Office of Cyber Security to "discuss the incident".
Given that the theft involves personal information that potentially causes harm to those it was stolen from, the OAIC will ensure Genea ticks all of the boxes under the notifiable data breaches program.
After several patients reported that the company's phone lines were down and that there were issues with its app and emails, Genea said last week that it had been obliged to take some systems and services offline "out of an abundance of caution" as it investigated the incident.
Patients should be on the lookout for unusual emails, texts, phone calls, and "any other attempts that might relate to possible identity theft or fraud using your personal information".
Genea, established in 1986 by Professor Robert Jansen, is one of Australia's top three IVF providers, with thousands of patients and 21 facilities across the country.