The Termite ransomware group has recently made headlines for its alleged leak of sensitive patient data in the wake of the Genea cyberattack, which targeted a prominent fertility provider in Australia. This cyberattack, which was reportedly orchestrated by the Termite ransomware group on February 26, 2025, involved the breach of Genea Pty Ltd’s systems, resulting in the theft of 700GB of data from 27 company servers.
The stolen data, which has now been made public, included a wide array of sensitive information such as financial documents, invoices, medical reports, personal identification records, and questionnaires. Of particular concern is the presence of Protected Health Information (PHI) within the leaked data, which encompasses medical histories and personal details of patients.
The incident at Genea unfolded shortly after the company had confirmed a cybersecurity breach on February 19, 2025, which caused network disruptions and system outages. Following this initial breach, Genea initiated an internal investigation in collaboration with cybersecurity experts to assess the extent of the attack and secure its systems.
In response to the cyberattack, Genea swiftly launched an investigation to determine the extent of the damage and reassure affected patients. In a public statement released on February 24, 2025, the company acknowledged the unauthorized access to its patient management systems and emphasized its commitment to addressing the breach promptly.
On February 26, 2025, Genea confirmed that some of the stolen data had been published online by the threat actor responsible for the cyberattack. In an effort to prevent further dissemination of the data, Genea obtained a court-ordered injunction to restrict access to the stolen information and protect patient privacy.
To support affected individuals, Genea partnered with IDCARE, Australia’s national identity and cybersecurity support service, urging impacted patients to seek assistance and take precautions to safeguard their personal data. The company’s collaboration with IDCARE aims to provide guidance on identity protection and mitigate the risks of identity theft resulting from the cyberattack.
The timeline of events surrounding the Genea cyberattack indicates that suspicious activity was first detected on February 14, 2025, leading to the discovery of the cyberattack on Genea’s patient management system. While sensitive patient details were compromised in the breach, including contact information, medical histories, and insurance information, Genea assured patients that financial data such as credit card information remained secure.
In light of the data breach, Genea has been working closely with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to address the incident and prevent future security breaches. The company’s ongoing investigation aims to assess the full extent of the damage and ensure that affected individuals are informed of any developments related to the breach.
As part of their efforts to protect patient information, Genea has advised affected individuals to remain vigilant for signs of identity theft or fraud. Patients are encouraged to prioritize cybersecurity measures and seek support from IDCARE to mitigate the risks associated with cybercrime and protect their personal information.
Overall, the Genea cyberattack serves as a stark reminder of the importance of robust cybersecurity measures and timely responses to data breaches in safeguarding sensitive information and maintaining trust with stakeholders. By prioritizing data security and working collaboratively with cybersecurity experts, organizations can enhance their resilience against cyber threats and protect the privacy of their customers.