The Termite ransomware gang has taken responsibility for breaching Genea, one of Australia’s largest fertility service providers, and stealing sensitive patient data. The cybercriminals claim to have exfiltrated approximately 700GB of confidential information, including medical records, personal identifiers, and insurance details.
Major Cyberattack on Leading IVF Provider
Genea, formerly known as Sydney IVF, has been a leading fertility service provider since 1986, operating 22 clinics across New South Wales, South Australia, Western Australia, Melbourne, Canberra, and Queensland. Alongside Monash IVF and Virtus, Genea accounts for over 80% of Australia’s fertility treatment revenue.
The company initially reported detecting “suspicious activity” on its network last Wednesday and later confirmed that attackers had stolen data, subsequently leaking it online. Genea has since obtained a court-ordered injunction to prevent further sharing of the compromised data and is collaborating with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre to investigate the breach.
Nominations are open for Honouring Women in Cyberspace on International Women’s Day 2025- Nominate Now!
Details of the Breach
According to a redacted court order, cybercriminals infiltrated Genea’s network on January 31, 2025, through a Citrix server before gaining access to critical systems, including the company’s primary file server, domain controller, backup program, and BabySentry patient management system. By February 14, attackers had exfiltrated 940.7GB of data to a DigitalOcean cloud server under their control.
The investigation revealed that compromised patient management systems contained:
- Personal details: Full names, email addresses, phone numbers, home addresses, dates of birth, emergency contacts, and next of kin.
- Identification records: Medicare card numbers, private health insurance details, Defence DA numbers, medical record numbers, and patient IDs.
- Medical data: Patient history, diagnoses, treatments, prescriptions, pathology results, doctor and specialist notes, appointment details, and schedules.
Genea has reassured patients that, at this stage, no financial data—such as credit card details or bank account numbers—appears to be compromised, but the investigation remains ongoing.
Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation
Termite Ransomware Gang Takes Credit
While Genea has not officially attributed the breach to any specific group, the Termite ransomware gang claimed responsibility on Monday via their dark web leak site. The cybercriminals posted screenshots of allegedly stolen patient files and identification documents while boasting about obtaining confidential client data.
Termite is a relatively new ransomware operation that emerged in October 2024 and has since listed 18 victims from various industries worldwide. The group previously claimed responsibility for a December attack on Arizona-based SaaS provider Blue Yonder, which serves over 3,000 global clients, including Microsoft, Renault, Bayer, and 7-Eleven.
Ransomware Operations and Encryption Tactics
According to cybersecurity firms Cyjax and Trend Micro, Termite ransomware is based on a modified version of the Babuk encryptor, which leaked in September 2021. The gang is known for data theft, extortion, and encryption attacks, often leaving a ransom note titled “How To Restore Your Files.txt” on victims’ systems. However, researchers noted that Termite’s ransomware encryptor remains a work in progress, as it can terminate prematurely due to execution flaws.
Ongoing Investigation and Response
Genea has yet to respond to multiple media inquiries following the February 19 disclosure of the attack. The company continues to work with cybersecurity agencies to assess the full impact of the breach and provide updates to affected individuals. Meanwhile, the Termite ransomware gang remains active, posing a growing threat to businesses across healthcare and other critical industries.