An international ransomware group has published a sample of highly confidential patient information from major Australian IVF provider Genea, after a cyber attack forced the company to shut down its systems for days.
The group claiming responsibility, which the ABC has decided not to name, posted screenshots on dark net data leak sites on Wednesday.
The group claimed to have 700GB of data from Genea's servers, including personal information spanning six years.
NSB Cyber director Evan Vougdis said such sample data posts were often a tactic to validate their claims and put pressure on victims to comply with ransom requests.
"This is what you normally see by ransomware gangs ... just to show and validate their claims of data exfiltration by showing some sample photos," he said.
"It isn't uncommon for ransomware groups to post [company information] without necessarily posting all the data at the same time."
Genea posted an update to its website on Wednesday, stating it has been granted an interim injunction in the NSW Supreme Court to prevent "any access, use, dissemination or publication of the impacted data by the threat actor and/or any third party who receives the stolen dataset".
By mid-Wednesday afternoon, the information remained on the dark web and patients had not been emailed by Genea to inform them that personal information had been publicly posted.
Mr Vougdis said while the injunction may deter regular Australians from accessing the data, ransomware groups were unlikely to abide by NSW Supreme Court orders.
The ABC understands the ransomware group claiming to be responsible are relatively new but were behind a major supply chain cyber attack last year.
The group has not publicly posted ransom requests or threatened further leaks of the Genea data.
'This is negligent'
Genea has been criticised for a lack of communication with affected patients who spent days struggling to get in touch with their local clinics for urgent medical enquires.
On Monday, the company wrote to patients warning their investigation had revealed that personal medical information had likely been accessed and taken by attackers.
One patient who asked not to be identified told the ABC she was devastated and frightened.
"The information that was stolen is profoundly private and sensitive. I feel like my personal safety could be at risk. I'm so angry at Genea," she said.
"People undergoing fertility treatment are vulnerable, particularly to negative mental health impacts. Genea knows this but hasn't offered any additional mental health care or resources to help their patients through the cyber attack. This is negligent."
Rebecca, a former patient of Genea, said she feared having her identity stolen.
"I'm quite anxious about it. This is not my first data breach. I was caught up in the Optus breach a few years ago," she said.
The 41-year-old from Melbourne said she'd received two emails from Genea but wanted more information about the extent of the breach.
"The medical history you give them is so thorough. It's not just you and your partner — they take into account parents' fertility and siblings' fertility."
Clients urged to remain vigilant
In a statement, a Genea spokesperson said the company was working to understand precisely what data has been published.
"We are urgently investigating the nature and extent of the data that has been published. We apologise to our patients for any concern this latest development may cause."
The spokesperson said Genea obtained the injunction to prohibit further spread of the impacted data and that it has support available to those impacted by the incident.
"We have also notified the Office of the Australian Information Commissioner of the latest development in this incident."
Genea patients have been advised to remain vigilant to identity theft or fraud and be cautious of suspicious emails, texts or phone calls, or any possible attempts to contact you from people or organisations they don't know.
Genea patients can contact cyber@genea.com.au and the government's IDCare program by calling 1800 595 160.
Michelle McGuinness, the National Cyber Security Coordinator, said she was deeply concerned by the latest developments.
"I am coordinating a whole of Australian government response to the cyber incident that has impacted Genea. As part of this, I have met directly with Genea to help them engage the full resources of the Australian government in their response to this incident," she said in a statement.
"No one should access stolen sensitive or personal information from the dark web — do not go looking for data. This only feeds the business model of cyber criminals."
[CONTACT SRT ZENDESK FORM]
