Genea Fertility

Summary

Genea Fertility, a major Australian IVF provider, suffered a significant cyber attack on 14 February 2025 that disrupted critical fertility treatment services and resulted in unauthorised access to patient data. The Termite ransomware group later exposed nearly 1 terabyte of sensitive data from 27 servers, including Medicare numbers, health insurance details, treatment histories, and personal information of thousands of patients.

What Happened

On 14 February 2025, Genea discovered suspicious activity on its network and immediately disabled some systems to contain the breach. The attack caused phone lines to go down and rendered the company's patient app unavailable, preventing patients from tracking fertility cycles and accessing medical data. The Termite ransomware group was later identified as responsible for the attack, claiming to have accessed nearly 1 terabyte of sensitive patient data across 27 servers.

Impact on Individuals

The breach had severe consequences for patients undergoing time-sensitive IVF treatment. Patients struggled to reach the company for urgent clinical enquiries, with at least one patient unable to complete fertility testing that month due to communication delays. The timing was critical as IVF treatment requires precise scheduling, and missed medications, egg retrievals, blood tests, or embryo implantations can result in unsuccessful treatment cycles. The stolen data includes highly sensitive medical information such as Medicare numbers, health insurance details, treatment histories, and personal information affecting thousands of patients.

Organisational Response

Genea disclosed the incident to patients and confirmed that an unauthorised third party accessed company data. The organisation launched an investigation to determine the full nature and extent of the accessed data and contacted the Australian Cyber Security Centre. The company continues to investigate the scope of personal information compromised in the breach.