Latest news with #GeneaFertility
Daily Mail
23-07-2025
- Health
- Daily Mail
Patients of one of Australia's largest IVF clinics targeted in data web leak
Patients of a leading fertility clinic that charges $12,890 per IVF cycle have had their personal details and medical diagnoses leaked on the dark web. Genea said it became aware of suspicious activity on its network in February and launched an investigation, a statement on its website said. It discovered a cyber security breach had exposed patients' sensitive data. The fertility giant was granted a court-ordered injunction to stop access, use, dissemination or publication of the data by anyone who receives it. But, some patients have since claimed they were only told about the breach last week, five months on from the incident. A woman, who wished to remain anonymous, slammed Genea Fertility's communication about the leak as 'appalling'. 'We only found out about this data breach from an email notification at 11pm last Friday night, outside of business hours,' she told 'The fact the breach occurred in February, and we are only now being notified, five months on, for the very first time that sensitive information... was stolen and is on the dark web is utterly unacceptable.' Patients impacted by the data leak were sent tailored emails about the breach last week The woman said it 'beggars' belief' that the company still had her information when she stopped contact with the clinic more than a decade ago in 2013. A father and former customer, Matthew Maher, said he received an email on Thursday night saying his number, name, address, phone number, Medicare number and private health insurance number had all been leaked on the dark web. Mr Maher, whose daughter was conceived with the clinic, said he had been getting 'weird phone calls' the past few weeks. 'I have told them if there is a class action or a claim of compensation, I'll be the first to sign up,' he told the publication. Genea issued formal notifications to former and current patients in February in accordance with guidelines from the Australian Information Commissioner. Following a months-long investigation, the clinic then contacted patients with specific details on what personal information had been shared. Victims whose medical diagnosis and clinical information was at risk as well as their personal details were categorised as 'Annexure A'. Genea has not confirmed how many customers have been affected due to ongoing investigations by the Australian Federal Police. The company is one of Australia's three largest IVF providers and has clinics in Adelaide, Brisbane, Canberra, Melbourne, Sydney and Perth. A spokesperson for the clinic told Daily Mail Australia the company's own investigation has concluded. 'We are now starting to communicate with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information,' they said. 'Genea expects to communicate with all impacted individuals over the coming weeks.' The firm has partnered with IDCARE, Australia's national identity and cyber support service, and set up a dedicated call centre and email service. 'We thank our community for their patience and understanding during this cyber incident,' the spokesperson said. 'We deeply regret that personal information was accessed and published and sincerely apologise for any concern this incident may have caused.' Genea has also notified and is cooperating with the Office of the Australian Information Commissioner, the National Office of Cyber Security, the Australian Cyber Security Centre, and relevant state departments.
Techday NZ
11-05-2025
- Techday NZ
Privacy Week: Sensitive information stored online can hurt you
Have you ever stopped to think about how much of your personal information is stored online? You might be surprised to know that a considerable amount of your most sensitive information is has been filed away in the cloud by the companies and government departments you deal with your medical records, private conversations you've had with others, financial information, purchases you've made and more. This kind of data is routinely accessed by cybercriminals. In fact, it's possible some of your sensitive data is available on the dark web right now. It all comes down to what information you share with organisations and how they protect it. Do they take their role as guardian of your data seriously? The sad reality is, we live in a country where many businesses don't. And even the companies that do take cyber security seriously can't guarantee your data will be safe from a cyber-attack. As Privacy Week 2025 begins, it's a good reminder for you to be careful with the information you share, and who you share it with. The truth is, in the modern world you often have no choice but to share personal information. You may be able to limit what you share on social media or the number of online accounts you sign up to, but it's a lot more difficult to control how organisations store your essential records like your medical data or financial information. Privacy Week should really be less about individuals, and more about business leaders considering the data they hold and what they are doing to ensure it's protected. The personal impact of a cyber breach When personal data is leaked, depending how sensitive the information is, it can cause significant harm to victims. However, cybercriminals don't care about the damaged caused to individuals. For them, personal data is a valuable bargaining chip to force the companies they hack into paying an extortion demand. In February this year Genea Fertility in Australia was breached with up to 700GB of data stolen and listed on the dark web. It was reported that contact details, Medicare card numbers, medical histories, test results, and medications were compromised, although Genea is yet to confirm this. Genea's silence has only deepened the anxiety, adding stress and turmoil to what is already a deeply personal and emotional fertility journey. There are also growing international trends of cybercriminals blackmailing individuals. This can profoundly impact wellbeing and have harrowing consequences. Take the case of Swedish psychotherapy provider Vastaamo whose databases containing confidential mental health information were breached in 2020. When the company refused to pay the ransom demand, the hacker emailed thousands of patients asking for 200 Euros and threatening to publicly share their personal details. At least one suicide has been linked to the case, a devasting outcome of what can happen when private data is weaponised. It's about the stick So, what's going to get New Zealand businesses to take cyber security seriously? I think it's more about the stick than the carrot. In 2016, company directors became personally liable for health and safety negligence. This prompted a significant rise in due diligence and New Zealanders were better protected at work. Protecting personal data should be treated in the same regard as health and safety. At the very least, we need to look at the fines the government can issue to businesses hit by cyber-attacks. Currently in New Zealand, the maximum fine that can be issued is $10,000, and that's for not disclosing a data breach to the Privacy Commissioner. Compare that to Australia where their maximum fine for serious interference with privacy is $50 million. That's an incentive that would really get business leaders to take their responsibility seriously. What can individuals do? New Zealand legislation won't change overnight, but we should continue to put pressure on organisations collecting data to uphold our privacy. However, protecting yourself online can help you avoid, or better manage your affairs, if your personal or financial details are breached. Here are four basic tips: Never save your credit card details Sure, it's nice to have your credit card details saved into your browser, but it's not worth the risk. If your device or the shopping site is compromised, a hacker can easily steal your credentials and fraudulently charge your cards. Always use multi-factor authentication (MFA) Having to get your phone out each time you log in to an important app or website to verify yourself is a hassle, but it's one of the best ways to lock hackers out. It is easy to ignore device updates to your phone or computer, but you should install them as soon as they're available. Secure your most used apps. There are a range of built-in privacy tools from WhatsApp, Facebook, and Google that allow you to review and tighten your security settings. Be sure to do this! You might be surprised how much information can be scraped from public profiles. Only share what you need to. Limit what information you share online, whether that be on social media or through surveys, online forms, competitions or other mechanisms companies use to collect personal data. Only share what is necessary. My parting advice is to remember your private data is valuable, especially to cybercriminals.
