Australian IVF giant Genea has disclosed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information.
Genea, one of Australia’s three largest IVF providers with 21 clinics across the country, confirmed the incident in a statement on its website on Wednesday.
Australia’s national broadcaster ABC reports that Genea disclosed the incident after ABC reporters contacted the company about the cyberattack. ABC said after it inquired with Genea, the fertility giant engaged Porter Novelli, a public relations firm that specializes in helping companies respond to cyberattacks and data breaches.
When reached by TechCrunch, Lauren Clancy, representing Genea via Porter Novelli, confirmed the incident to TechCrunch, saying in an emailed statement that the company is “urgently investigating” the cybersecurity incident.
“As soon as we detected the incident, we took immediate steps to contain the incident and secure our systems,” said the spokesperson. “We are working hard to ensure that there is minimal disruption to treatment being provided to our patients.”
In its public statement, Genea confirmed that the hacker behind the cyberattack “accessed Genea” data, but the spokesperson declined to say what types of data were accessed when asked by TechCrunch.
Genea told customers on February 13 that it was experiencing outages with its phone lines prior to confirming the cyberattack, according to a post on Genea’s Instagram page, which TechCrunch has seen.
The company’s MyGenea app, which enables patients to track their cycle and view fertility data, was also taken offline as a result of the incident, according to ABC.
Genea says on its website that it collects patients’ highly sensitive health information; medical, nursing and scientific information; and procedures and tests carried out at Genea or elsewhere. It is not yet known whether patients’ sensitive medical data was accessed or taken.
“Our investigation is ongoing and we will communicate with any affected individuals if our investigation identifies any evidence that their personal information has been impacted, consistent with our legal and regulatory obligations,” Genea’s representative told TechCrunch.