The Termite ransomware group has allegedly leaked sensitive patient data following the Genea cyberattack, targeting one of Australia’s leading fertility providers. On February 26, 2025, the Termite ransomware group claimed responsibility for breaching Genea Pty Ltd’s systems.
The group alleges to have stolen 700GB of data from 27 of the company’s servers, potentially compromising sensitive personal information. The released data, which includes financial documents, invoices, medical reports, personal identification records, and questionnaires, appears to contain Protected Health Information (PHI), including medical histories and personal details.
The Genea cyberattack comes just days after the company confirmed a cybersecurity incident on February 19, 2025. At the time, Genea disclosed that the incident had affected its network, caused system outages and disrupted operations. The breach was investigated internally, with the company working closely with cybersecurity experts to determine the full scope of the attack.
Genea’s Response and Public Disclosure
Genea’s initial response to the cyberattack was prompt, as the company quickly launched an investigation to assess the nature and extent of the damage. In an update released on February 24, 2025, Genea reassured patients that the cybersecurity breach was being handled with utmost urgency. The company acknowledged that the attack had resulted in unauthorized access to its patient management systems.
In a statement issued on February 26, 2025, Genea confirmed that some of the stolen data had indeed been published online. Genea’s statement read, “Our ongoing investigation has established that on the 26th of February, data taken from our systems appears to have been published externally by the threat actor. We understand that this development may be concerning for our patients for which we unreservedly apologize.”
To mitigate further risks, Genea took immediate action. The company secured a court-ordered injunction on February 26, 2025, aimed at preventing any further dissemination, use, or access to the stolen data. This legal measure was part of Genea’s ongoing commitment to safeguard patient information.
Genea has also offered support to affected patients by partnering with IDCARE, Australia’s national identity and cyber support service. The company’s representatives urged individuals impacted by the Genea cyberattack to reach out for assistance and take steps to secure their personal data.
Timeline of Genea Cyberattack and Impact on Patients
The Genea cyberattack began to unfold on February 14, 2025, when suspicious activity was detected on the company’s network. Upon further investigation, it was revealed that Genea had fallen victim to a cyberattack. Although the breach was initially believed to involve unauthorized access to its systems, further inquiries suggested that patient data had been taken.
Genea’s patient management system was identified as a primary target, with attackers reportedly gaining access to folders containing sensitive patient details. These files included full names, contact information, medical histories, treatment details, Medicare card numbers, and private health insurance information. However, as of the last update, there was no evidence that financial data, such as credit card numbers or bank account details, had been compromised.
Despite the severity of the situation, Genea stressed that its medical and administrative teams were working around the clock to restore its systems and ensure minimal disruption to patient care. The company’s commitment to providing uninterrupted fertility services remained a top priority while also mitigating the Genea cyberattack.
Data Security and Ongoing Investigation
Considering the Genea cyberattack and the subsequent data breach, the company emphasized that it was taking all necessary steps to prevent future incidents. Genea has been working closely with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to address the breach.
The company’s ongoing investigation will continue to assess the full extent of the damage and determine whether additional data has been compromised. Genea has also promised to keep affected individuals informed about any new developments as they emerge.
Genea has advised affected patients to remain vigilant for signs of identity theft or fraud. The company warned patients to be cautious about unsolicited communications, particularly emails, texts, or phone calls that may be attempts to exploit personal information. Additionally, patients are encouraged to visit official government websites, such as the Australian Cyber Security Centre and the ACCC’s Scamwatch, for guidance on protecting themselves from further harm caused by the Genea cyberattack.
For those concerned about potential identity theft, Genea has arranged for the support of IDCARE, which is offering free assistance to impacted individuals. IDCARE provides expert advice on how to protect personal information and mitigate risks associated with cybercrime.
