Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hundreds of Genea patients are seeking compensation from the Australian fertility clinic following the February breach of medical and personal data.
Lawyers have lodged a representative complaint with the Office of the Australian Information Commissioner in relation to a ransomware attack that targeted the Sydney-based Genea fertility clinic in early 2025.
Melbourne-based law firm Phi Finney McDonald said it had been contacted by “several hundred current and former Genea patients” who said the incident had caused them considerable distress, both due to the unauthorised access of their medical data, and its subsequent publication on the darknet by the perpetrators of the breach, the Termite ransomware group.
“Patients at Genea expected their highly sensitive medical, personal, and financial information on the company’s systems to remain private and confidential,” Olivia Mcmillan, principal lawyer at Phi Finney McDonald, said in a 3 November statement.
“Phi Finney McDonald lodged a representative complaint with the Office of the Australian Information Commissioner against Genea after being contacted by hundreds of impacted people who were distressed that their personal information had been accessed by unauthorised third parties.”
The complaint being filed alleges that Genea “failed to take reasonable steps to protect information from misuse, interference, loss, and unauthorised access, modification or disclosure”.
The complaint also alleges that Genea failed to “destroy or remove information when no longer required”.
Phi Finney McDonald is encouraging other individuals impacted by the incident to register their interest in receiving updates concerning the representative complaint.
For its part, Genea told Cyber Daily it is continuing to support impacted individuals “following the conclusion of our investigation into the cyber incident, which occurred in February of this year”.
“This includes partnering with IDCARE, Australia’s national identity and cyber support service, to provide counselling and other assistance at no cost for those who wish to seek further support. We also have a dedicated call centre and email service (mailto:[email protected]) to support impacted individuals.
“We thank our community for their understanding during our investigation into this cyber incident. We deeply regret that personal information was accessed and published, and sincerely apologise for any concern this incident may have caused.”
Genea first confirmed it had experienced a cyber incident on 14 February, when it first informed patients that its phone lines were down and that some of its systems were taken offline “out of an abundance of caution”.
On 24 February, the clinic confirmed that it was continuing to investigate, but also said that patient data had been compromised in the attack, including “full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, Defence DA number, medical record numbers, patient numbers, date of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaire, pathology and diagnostic test results, notes from doctors and specialists, appointment details and schedules, emergency contacts and next of kin”.
Later that same month, the Termite ransomware gang claimed responsibility for the attack, publishing several samples of stolen data. Genea obtained an injunction preventing anyone, including journalists and researchers, from accessing or disseminating the data.
Genea began notifying impacted customers and patients in July.
Phi Finney McDonald first began an investigation into the possibility of a class action regarding the incident in August.
“Patients at Genea are entitled to the highest levels of privacy and safety to ensure their personal details and medical histories remain secure,” Phi Finney McDonald principal lawyer Tania Noonan said at the time.
UPDATED 03/11/25 to add Genea’s comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
