Exclusive: Genea Fertility hack claimed by Termite ransomware

“Malicious actors can exploit medical data in various ways, including identity theft, insurance fraud, and blackmail. Unlike financial data, which has a limited shelf life because it is relatively easy to change, leaked medical records are permanent and therefore hold long-term value,” Matt Green, principal threat analyst at Rapid7, told Cyber Daily.

“Medical records from specialised clinics, such as IVF, are highly prized by cybercriminals for their mix of medical and personal data. This data can fuel targeted scams, such as tailored phishing emails or identity theft, and supports direct extortion by threatening to expose sensitive conditions, exploiting victims’ emotions and finances. Often linked to patients perceived as affluent due to costly treatments, these records can fetch high prices on the black market, making them a lucrative target over more generic breaches.”

Termite has not publicly set a ransom for the data, nor revealed when it would publish the full dataset.

Genea has said it is aware of the ransomware actor's claims.

VIEW ALL

"Our ongoing investigation into the cyber incident has identified that data taken from our systems has been published externally. We are urgently investigating the nature and extent of the data that has been published. We apologise to our patients for any concern this latest development may cause," a Genea spokesperson told Cyber Daily.

In addition, Genea has taken the following steps ahead of and following the publication of this data:

• Obtaining a court-ordered injunction to prohibit any access, use, dissemination or publication of the impacted data by the threat actor and/or any third party who receives the stolen dataset.
• Working to understand precisely what data has been published.
• Ensuring that our support package is available to those impacted by this incident. This includes the support of IDCARE, Australia’s national identity and cyber support community service.

"We have also notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre of the latest development in this incident," Genea said.

In a statement on its website, Genea said it first discovered the incident on 14 February 2025 and has since identified that a threat actor accessed and likely exfiltrated personal data from its systems.

While the firm has not been able to confirm exactly what data was stolen, it said the data might include “full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, Defence DA number, medical record numbers, patient numbers, date of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaire, pathology and diagnostic test results, notes from doctors and specialists, appointment details and schedules, emergency contacts and next of kin,” it said on its website.

“At this stage, there is no evidence that any financial information such as credit card details or bank account numbers have been impacted by this incident. The investigation is, however, ongoing, and we will keep you updated of any relevant further findings should they come to light.”

The group also said it has notified both the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) and that it will be meeting with the National Office of Cyber Security, the ACSC, and other government departments to discuss the incident.

Following Genea’s disclosure earlier this month, concerned customers of the clinic took to Instagram to express their anxiety regarding the breach, with some concerned that their treatment would be impacted.

IVF treatment is expensive and requires specific timing. According to Genea, IVF treatment can cost between $12,395 and $13,095 per cycle, depending on the type of treatment.

Additionally, missed medication, egg retrieval, blood tests, and implanted embryos can result in an unsuccessful treatment.

“Hey I’ve tried contacting my clinic in Orange via the email above, and they still haven’t got back to me, my medication runs out on Thursday, sort of a desperate situation,” said one concerned Genea customer.

Another said: “App still down. Need my blood slip. No answer on emails. Hope this delay doesn’t affect my treatment plan.”

Genea Fertility responded to the customers, asking them to reply to direct messages so that they could be contacted by a nurse regarding their treatment.

UPDATED 26/02/2025 to add additional Rapid7 commentary.

UPDATED 26/02/2025 to add additional comment from Genea, and to remove information in order to comply with Genea's legal injunction.