‘Termite’ Claims Attack on Australian IVF Clinic Genea

The Genea fertility clinic in Australia has issued an update on its recent encounter with hackers, confirming that it was a targeted attack that resulted in data theft.

Genea, one of Australia's three largest in vitro fertilization services, first detected “suspicious activity” on Feb. 14, as customers were also suffering downtime on their end.

The IVF provider soon learned that whoever breached its servers likely made off with patient data.

Troves of patient data likely compromised

According to the notice, the threat actor made it inside Genea’s patient management system which, at the time, contained the following types of information:  

“Full names, Emails, Addresses, Phone Numbers, Medicare Card Numbers, Private Health Insurance Details, Defence DA number, Medical Record Numbers, Patient Numbers, Date of Birth, Medical History, Diagnoses and Treatments, Medications and Prescriptions, Patient Health Questionnaire, Pathology and Diagnostic Test Results, Notes from Doctors and Specialists, Appointment Details and Schedules, Emergency Contacts and Next of Kin, although the information differs for different individuals.”

According to the updated cyber incident notice, Genea found no evidence to suggest that clients’ credit card details or bank account numbers have been impacted.

“The investigation is however ongoing, and we will keep you updated of any relevant further findings should they come to light,” Genea said on Feb. 24.

Attack claimed by ‘Termite’ ransomware

As Bitdefender reported last week, Genea’s initial cybersecurity notice offered no suggestion that it had a run-in with ransomware operators. But the telltale signs were there: phone outages, app outages, unanswered emails, and an “urgent” data breach notice indicating a dire need for full disclosure.

As it turns out, the attack was indeed the work of financially motivated hackers.

Yesterday, Feb. 26, the “Termite” ransomware group started advertising hundreds of gigabytes worth of data allegedly stolen from the Australian IVF provider.

“We have ~700gb of data from [company] servers such as confidential, personal data of clients,” the group said, according to reports.

Genea is aware of the hackers’ claims. Its most recent update says that “Our ongoing investigation has established that on the 26 of February, data taken from our systems appears to have been published externally by the threat actor.”

The Termite crew, a relatively new brood of ransomware operations, has not said publicly when it would leak the dataset if negotiations for a ransom with Genea fail.

Urgent steps to safeguard patients and staff

Genea says it took precautions to safeguard patients and staff, even before confirming that hackers exfiltrated data, including obtaining a court-ordered injunction to prohibit any access, use, dissemination or publication of the impacted data by the threat actor and any third party; IDCARE support for impacted individuals; and working to understand precisely what data has been compromised.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.