Genea IVF confirms sensitive patient health information on dark web ABC News

pDark mode is hereIf you would like to change tap into the appearance drop down belowGo to appearanceppPersonalise the news andppstay in the knowppEmergencyppBackstoryppNewsletterspp中文新闻ppBERITA BAHASA INDONESIAppTOK PISINppFind any issues using dark mode Please let us knowppTopicCyber CrimeppA Genea spokesperson said as soon as the incident was detected immediate steps were taken to secure the network ABC News Patrick StoneppIVF giant Genea has written to patients to inform them their sensitive medical information has been posted on the dark webppThe move came five months after the company confirmed it had been targeted by cyber criminalsppPatients and cyber security experts are calling for laws to hold companies accountable for allowing customer information to be stolen The AFP is still investigating the incidentppPatients of Australias thirdlargest IVF provider Genea have been informed that their sensitive information including medical history has been posted on the dark webppThe update comes more than five months after the ABC revealed cyber criminals had targeted the fertility clinic which is used by tens of thousands of people across the countryppIn emails sent to affected patients over the past few days Genea CEO Tim Yeoh confirmed the company had wrapped up its probe into the February cyber attack We are not notifying you about a new incidentppEmails obtained by the ABC state the data includes patients full names addresses phone numbers dates of birth Medicare card numbers medical diagnosis and clinical information related to the services that you received from Genea or other health service providers andor medical treatmentppA former Genea patient told ABC News the communications appeared to downplay the significance of the data leakppThe email claimed information was found on a part of the dark web which is a hidden part of the Internet and not readily searchable or accessible on the InternetppWe understand that this news may be concerning for you and we unreservedly apologise for any distress that this may cause you the email statedppAn email by Genea to patients affected by the data breach Supplied ppThe patient who did not want to be named had spent tens of thousands of dollars undergoing multiple unsuccessful rounds of IVF with the clinic between 2022 and 2024ppShe told the ABC Genea had obtained her full medical history as part of the onboarding processppThere is genetic information which really affects my family There is information about mental health Its your whole history ppThat information could be used against you And it could really change the course of your lifeppOn Tuesday Genea informed the patient her full name phone number address date of birth Medicare number medical diagnosis and clinical information had been posted on the dark web in an email she said was another example of the company minimising the breachppShe said companies like Genea should be held accountable for allowing customer data to be stolen and she intended to seek compensationppA lot of people chose Genea because they present themselves as personal but except when something goes wrong they just go quiet and close the doors and dont talk she saidppYou have got no rights The big corporation is just going to steamroll everyoneppDo you know more Confidentially email rhianawhitson297protonmeppDo you know more Confidentially email rhianawhitson297protonmeppGenea would not confirm how many patients were affected by the breach the name of the cybercriminal group claiming responsibility or whether a ransom was paid in full or in partppNor would the company provide a copy of the investigators report into the breachppIn a statement a Genea spokesperson said the company had concluded its investigation into the cyber incident which impacted our organisation in FebruaryppThis included a comprehensive analysis of the data published on the dark web to identify impacted individuals and the personal information relating to themppWe are now starting to communicate with individuals about the findings from our investigation that are relevant to them and the steps and support measures in place to help them protect their personal informationppThe company said the AFP was still investigating the cyber attack and it was working with the Office of the Australian Information Commissioner the National Office of Cyber Security the Australian Cyber Security Centre and relevant state departmentsppThe spokesperson said Genea has partnered with IDCARE Australias national identity and cyber support service to provide counselling and other services to patients at no cost if they wish to seek further supportppCybersecurity expert Richard Buckland said the data stolen made the Genea cyber attack extremely seriousppMedical information is in the top category of sensitive information and it is shocking that it has been lost to criminals he saidppIt can lead to blackmail medical fraud attacks and shame and a loss of trust in the health systemppIVF is deeply personal and stressful for many people and many do not choose to share that they are using IVFppThis breach will cause personal stress to many people in a vulnerable stateppProfessor Buckland also criticised the delay in Genea notifying affected patientsppIt is deeply disappointing that the company has waited until the information has been published before telling affected customers what had been stolen he saidppI challenge business leaders to put the welfare of their customers first ahead of their concerns about bad publicityppThe data breach at Genea is one of a string of incidents affecting Australian companies in recent years including Optus Medibank Latitude and most recently QantasppLike Qantas Genea obtained a courtordered injunction to prevent anyone from publishing or sharing the stolen datappHowever cryptography expert Vanessa Teague criticised the use of such injunctions saying they were ineffective at stopping cyber criminalsppIts really effective for preventing lawabiding journalists from publishing she saidppDr Teague said the publication of sensitive medical records online highlighted the urgent need for stronger privacy protections in AustraliappIts important to recognise that if the data has been accessed it could have financial value to insurance companies to advertising companies both of those clusters of companiesppWe need much stronger privacy laws that hold the source of the data breach accountableppDr Teague said Australian companies handling personal data should face the same legal obligations as those in the European UnionppIf you hold sensitive data from other people you should have high obligations to keep it secure like in Europe And if you fail in that responsibility you should be held accountable she saidppShe also warned that Australias current approach prioritised corporations over victimsppTheres a continuing attitude that the companies are the victims As long as we hold that view well never hold them to accountppLIVEppTopicCyber CrimeppTopicCrimeppTopicSuperannuationppTopicRoyaltyppTopicCrimeppLIVEppTopicCyber CrimeppAustraliappBusiness and Industry RegulationppConsumer ProtectionppCyber CrimeppCyber SecurityppLIVEppTopicCyber CrimeppTopicCrimeppTopicSuperannuationppTopicRoyaltyppTopicCrimeppTopicRail Accidents and IncidentsppTopicCyber CrimeppTopicDomestic ViolenceppWe acknowledge Aboriginal and Torres Strait Islander peoples as the First Australians and Traditional Custodians of the lands where we live learn and workppThis service may include material from Agence FrancePresse AFP APTN Reuters AAP CNN and the BBC World Service which is copyright and cannot be reproducedppAEST Australian Eastern Standard Time which is 10 hours ahead of GMT Greenwich Mean Timep