Latest news with #TimYeoh
West Australian
6 days ago
- Health
- West Australian
Genea data breach: Patient fury as IVF giant confirms personal details, medical records published on dark web
Horrified patients who accessed fertility care through an IVF giant are speaking out as the company confirms their data, including personal data and sensitive medical records, has been published on the dark web. Genea, Australia's third-largest IVF and fertility provider, has reached out to patients with an email confirming the horrific extent of a data breach which has left them vulnerable to cybercriminals. In February, a third party acting as a 'treat actor' managed to access the company's systems, exposing data of patients, an investigation has revealed. That data includes full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, defence DA number, medical record numbers, patient numbers, dates of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaires, pathology and diagnostic test results, notes from doctors and specialists, appointment details and schedules, emergency contacts and next of kin. It is understood that not each impacted patient had the same data breached. Confirming that the breached data had been published, Genea chief executive Tim Yeoh said: 'The publication has occurred on a part of the dark web, which is a hidden part of the internet.' 'This data is not readily searchable or accessible.' Genea says it has now 'concluded its investigation' into the incident. 'We are now starting to communicate with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information,' a Genea spokesperson told The Nightly. 'Genea expects to communicate with all impacted individuals over the coming weeks. 'We deeply regret that personal information was accessed and published and sincerely apologise for any concern this incident may have caused.' Emails sent to patients also included an apology, where Genea said: 'We unreservedly apologise for any distress that this may cause you.' It is understood this communication began up to two weeks ago, with many patients impacted speaking about about the ordeal. 'There is genetic information which really affects my family. There is information about mental health. It's your whole history,' the ABC reported a former patient saying after the received an email. Another impacted patient said they couldn't understand what Genea had been doing in the five months between the hack and the individual emails to those affected. 'The communication from Genea on this data breach has been appalling,' the woman told News Corp . 'We only found out about this data breach from an email notification at 11pm on last Friday, outside of business hours and telling impacted patients there was nobody available to respond to questions and concerns until 9am on Monday. 'The fact the breach occurred in February, and we are only now being notified, five months on, for the very first time that sensitive information such as our driver's licence, Medicare number, private health insurance number, all of which can be used for identify fraud, was stolen and is on the dark web is utterly unacceptable. 'What have they been doing for the past five months?' Genea has set up a 'dedicated call centre and email service' to offer 'support' to those impacted. 'We have partnered with IDCARE, Australia's national identity and cyber support service, which provides counselling and other services at no cost if patients wish to seek further support,' the cyber incident page on the Genea website says. It also tells impacted patients to 'be extra careful' with suspicious emails, texts or calls and 'remain vigilant' as identity theft could occur. Genea say there was no evidence the hackers stole financial information such as credit card details or bank account numbers. An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days. The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years. 'We understand this news may be concerning for you,' Mr Yeo wrote to customers in the latest round of communication. Genea has not said how many customers have been impacted, claiming they are unable to provide this information due to an ongoing AFP investigation. Mr Yeo said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them. The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data. - With AAP
Perth Now
6 days ago
- Health
- Perth Now
Patients horrified as IVF data published on dark web
Horrified patients who accessed fertility care through an IVF giant are speaking out as the company confirms their data, including personal data and sensitive medical records, has been published on the dark web. Genea, Australia's third-largest IVF and fertility provider, has reached out to patients with an email confirming the horrific extent of a data breach which has left them vulnerable to cybercriminals. In February, a third party acting as a 'treat actor' managed to access the company's systems, exposing data of patients, an investigation has revealed. That data includes full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, defence DA number, medical record numbers, patient numbers, dates of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaires, pathology and diagnostic test results, notes from doctors and specialists, appointment details and schedules, emergency contacts and next of kin. It is understood that not each impacted patient had the same data breached. Confirming that the breached data had been published, Genea chief executive Tim Yeoh said: 'The publication has occurred on a part of the dark web, which is a hidden part of the internet.' Genea Credit: Instagram 'This data is not readily searchable or accessible.' Genea says it has now 'concluded its investigation' into the incident. 'We are now starting to communicate with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information,' a Genea spokesperson told The Nightly. 'Genea expects to communicate with all impacted individuals over the coming weeks. 'We deeply regret that personal information was accessed and published and sincerely apologise for any concern this incident may have caused.' Emails sent to patients also included an apology, where Genea said: 'We unreservedly apologise for any distress that this may cause you.' It is understood this communication began up to two weeks ago, with many patients impacted speaking about about the ordeal. 'There is genetic information which really affects my family. There is information about mental health. It's your whole history,' the ABC reported a former patient saying after the received an email. Another impacted patient said they couldn't understand what Genea had been doing in the five months between the hack and the individual emails to those affected. 'The communication from Genea on this data breach has been appalling,' the woman told News Corp. 'We only found out about this data breach from an email notification at 11pm on last Friday, outside of business hours and telling impacted patients there was nobody available to respond to questions and concerns until 9am on Monday. 'The fact the breach occurred in February, and we are only now being notified, five months on, for the very first time that sensitive information such as our driver's licence, Medicare number, private health insurance number, all of which can be used for identify fraud, was stolen and is on the dark web is utterly unacceptable. 'What have they been doing for the past five months?' Genea has set up a 'dedicated call centre and email service' to offer 'support' to those impacted. 'We have partnered with IDCARE, Australia's national identity and cyber support service, which provides counselling and other services at no cost if patients wish to seek further support,' the cyber incident page on the Genea website says. It also tells impacted patients to 'be extra careful' with suspicious emails, texts or calls and 'remain vigilant' as identity theft could occur. Genea say there was no evidence the hackers stole financial information such as credit card details or bank account numbers. An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days. The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years. 'We understand this news may be concerning for you,' Mr Yeo wrote to customers in the latest round of communication. Genea has not said how many customers have been impacted, claiming they are unable to provide this information due to an ongoing AFP investigation. Mr Yeo said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them. The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data. - With AAP
ABC News
6 days ago
- Health
- ABC News
Genea IVF confirms sensitive patient health information on dark web
Patients of Australia's third-largest IVF provider, Genea, have been informed that their sensitive information — including medical history — has been posted on the dark web. The update comes more than five months after the ABC revealed cyber criminals had targeted the fertility clinic, which is used by tens of thousands of people across the country. In emails sent to affected patients over the past few days, Genea CEO Tim Yeoh confirmed the company had wrapped up its probe into the February cyber attack: "We are not notifying you about a new incident". Emails obtained by the ABC state the data includes patients' full names, addresses, dates of birth, and "clinical information related to the services that you received from Genea or other health service providers and/or medical treatment". A former Genea patient told ABC News the communications appeared to downplay the significance of the data leak. The email claimed information was found on "a part of the dark web, which is a hidden part of the Internet" and "not readily searchable or accessible on the Internet". "We understand that this news may be concerning for you, and we unreservedly apologise for any distress that this may cause you,' the email stated. The patient, who did not want to be named, had spent tens of thousands of dollars undergoing multiple unsuccessful rounds of IVF with the clinic between 2022 and 2024. She told the ABC Genea had obtained her full medical history as part of the onboarding process. "There is genetic information which really affects my family. There is information about mental health. It's your whole history. "That information could be used against you. And it could really change the course of your life." On Tuesday, Genea informed the patient her full name, phone number, address, date of birth, Medicare number, medical diagnosis and clinical information had been posted on the dark web, in an email she said was another example of the company minimising the breach. She said companies like Genea should be held accountable for allowing customer data to be stolen and she intended to seek compensation. "A lot of people chose Genea because they present themselves as personal, but except when something goes wrong, they just go quiet and close the doors and don't talk," she said. "You have got no rights. The big corporation is just going to steamroll everyone." Do you know more? Confidentially email rhianawhitson297@ Genea would not confirm how many patients were affected by the breach, the name of the cybercriminal group claiming responsibility, or whether a ransom was paid — in full or in part. Nor would the company provide a copy of the investigators' report into the breach. In a statement, a Genea spokesperson said the company had "concluded its investigation into the cyber incident which impacted our organisation in February". "This included a comprehensive analysis of the data published on the dark web to identify impacted individuals and the personal information relating to them." "We are now starting to communicate with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information. The company said the AFP was still investigating the cyber attack and it was working with the Office of the Australian Information Commissioner, the National Office of Cyber Security, the Australian Cyber Security Centre and relevant state departments. The spokesperson said: "Genea has partnered with IDCARE, Australia's national identity and cyber support service, to provide counselling and other services to patients at no cost if they wish to seek further support." The data breach at Genea is one of a string of incidents affecting Australian companies in recent years including Optus, Medibank, Latitude, and, most recently, Qantas. Like Qantas, Genea obtained a court-ordered injunction to prevent anyone from publishing or sharing the stolen data. However, cryptography expert Vanessa Teague criticised the use of such injunctions, saying they were ineffective at stopping cyber criminals. "It's really effective for preventing law-abiding journalists from publishing," she said. Dr Teague said the publication of sensitive medical records online highlighted the urgent need for stronger privacy protections in Australia. "It's important to recognise that if the data has been accessed, it could have financial value — to insurance companies, to advertising companies — both of those clusters of companies. "We need much stronger privacy laws that hold the source of the data breach accountable." Dr Teague said Australian companies handling personal data should face the same legal obligations as those in the European Union. "If you hold sensitive data from other people, you should have high obligations to keep it secure — like in Europe. And if you fail in that responsibility, you should be held accountable," she said. She also warned that Australia's current approach prioritised corporations over victims. "There's a continuing attitude that the companies are the victims. As long as we hold that view, we'll never hold them to account."
News.com.au
7 days ago
- Health
- News.com.au
IVF giant Genea reveals dark web data breach impacting thousands
One of Australia's largest IVF clinics has refused to reveal how many patients had their personal information published to the dark web after its data was accessed by an 'unauthorised third party'. IVF giant Genea began emailing patients late last week letting them know they had been affected – more than five months after the breach in February 2025. One former patient received the email at 11pm on Friday. The notification email, obtained by is sent from chief executive Tim Yeoh and states 'personal information about you was taken and published on the dark web'. The worst-affected patients were those in category 'Annexure A' who, along with their personal identity information, had their 'medical diagnosis' and 'clinical information' published to the dark web. 'We deeply regret that your personal information has been accessed and published and sincerely apologise for any concern this incident may have caused you,' Mr Yeoh states in the email. However, Genea told it would not be disclosing the total number of patients hit by the leak, as the crime remains 'under investigation' by the AFP. 'Genea has concluded its investigation into the cyber incident which impacted our organisation in February. This included a comprehensive analysis of the data published on the dark web to identify impacted individuals and the personal information relating to them,' a statement from Genea said. 'We are now starting to communicate with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information. Genea expects to communicate with all impacted individuals over the coming weeks.' Patients furious over lack of communication One former patient, who wished to remain anonymous, said she was shocked to receive an email from Genea at 11pm on Friday revealing her data had been leaked after months of silence from the clinic. 'The communication from Genea on this data breach has been appalling,' the woman told 'We only found out about this data breach from an email notification at 11pm on last Friday, outside of business hours and telling impacted patients there was nobody available to respond to questions and concerns until 9am on Monday. 'The fact the breach occurred in February, and we are only now being notified, five months on, for the very first time that sensitive information such as our driver's licence, Medicare number, private health insurance number, all of which can be used for identify fraud, was stolen and is on the dark web is utterly unacceptable,' she said. 'What have they been doing for the past five months? And that isn't the half of it. We've also only been notified now that detailed and highly confidential personal medical information, which could easily be used by hackers to blackmail people, has also been stolen and is on the dark web. 'It beggars' belief that Genea even kept such sensitive information when we ceased any interaction with the company in 2013 – 12 years ago. Genea cannot claim that information was still needed for the purpose it was collected, and, as such, was legally required to have destroyed or de-identify it long before this breach even occurred,' the woman said. Dad Matthew Maher, who only learned about the leak back in February thanks to media reports, said he received an email on Thursday night telling him his number, name, address, phone number, Medicare number and private health insurance number had all been posted to the dark web. In February, the clinic issued a statement stating that they were 'urgently' investigating the incident. 'The last couple of weeks I've been getting a lot of weird phone calls,' he said. 'I can't fault Genea, we've got a daughter out of it, but this has just put a bad taste to it.' Mr Maher, who last used Genea six years ago, said he had tried to chase the clinic up in recent months but had been met with silence. 'I have told them if there is a class action or a claim of compensation, I'll be the first to sign up,' he said. Claire Tomlin said she had spent hundreds of thousands of dollars with Genea – and was still unsure whether her data had been compromised. She said she received two emails when the leak first occurred before the clinic 'went dark'. 'I've had no update. They've got to release something,' she said. 'You are really vulnerable when [you first go to Genea]. All the stuff you have to hand over.' Genea is one of Australia's three largest IVF providers, with thousands of patients at clinics across the country. One in every 18 births in Australia occurs with the help of IVF.
The Advertiser
19-07-2025
- Health
- The Advertiser
IVF hack inquiry confirms details published on dark web
An IVF provider targeted in a cyber attack has written to patients confirming their stolen personal information has been posted on the dark net. "The publication has occurred on a part of the dark web, which is a hidden part of the internet," according to Genea chief executive Tim Yeoh. "This data is not readily searchable or accessible." An investigation following a security breach at the company on February 14 determined its patient management systems were accessed by an unauthorised third party or "threat actor". The impacted servers were a store for a raft of personal information including full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, medical history, diagnoses, treatments, medications and prescriptions. The health data included clinical information related to services provided by Genea and other companies. There was no evidence the hackers stole financial information such as credit card details or bank account numbers. An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days. The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years. Genea has not said how many customers have been impacted. "We understand this news may be concerning for you," Mr Yeo wrote to customers. "We unreservedly apologise for any distress that this may cause you." He said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them. The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data. It has also partnered with national identity and cyber support service IDCare to guard against potential future lapses and to offer counselling to affected clients. An IVF provider targeted in a cyber attack has written to patients confirming their stolen personal information has been posted on the dark net. "The publication has occurred on a part of the dark web, which is a hidden part of the internet," according to Genea chief executive Tim Yeoh. "This data is not readily searchable or accessible." An investigation following a security breach at the company on February 14 determined its patient management systems were accessed by an unauthorised third party or "threat actor". The impacted servers were a store for a raft of personal information including full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, medical history, diagnoses, treatments, medications and prescriptions. The health data included clinical information related to services provided by Genea and other companies. There was no evidence the hackers stole financial information such as credit card details or bank account numbers. An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days. The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years. Genea has not said how many customers have been impacted. "We understand this news may be concerning for you," Mr Yeo wrote to customers. "We unreservedly apologise for any distress that this may cause you." He said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them. The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data. It has also partnered with national identity and cyber support service IDCare to guard against potential future lapses and to offer counselling to affected clients. An IVF provider targeted in a cyber attack has written to patients confirming their stolen personal information has been posted on the dark net. "The publication has occurred on a part of the dark web, which is a hidden part of the internet," according to Genea chief executive Tim Yeoh. "This data is not readily searchable or accessible." An investigation following a security breach at the company on February 14 determined its patient management systems were accessed by an unauthorised third party or "threat actor". The impacted servers were a store for a raft of personal information including full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, medical history, diagnoses, treatments, medications and prescriptions. The health data included clinical information related to services provided by Genea and other companies. There was no evidence the hackers stole financial information such as credit card details or bank account numbers. An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days. The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years. Genea has not said how many customers have been impacted. "We understand this news may be concerning for you," Mr Yeo wrote to customers. "We unreservedly apologise for any distress that this may cause you." He said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them. The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data. It has also partnered with national identity and cyber support service IDCare to guard against potential future lapses and to offer counselling to affected clients. An IVF provider targeted in a cyber attack has written to patients confirming their stolen personal information has been posted on the dark net. "The publication has occurred on a part of the dark web, which is a hidden part of the internet," according to Genea chief executive Tim Yeoh. "This data is not readily searchable or accessible." An investigation following a security breach at the company on February 14 determined its patient management systems were accessed by an unauthorised third party or "threat actor". The impacted servers were a store for a raft of personal information including full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, medical history, diagnoses, treatments, medications and prescriptions. The health data included clinical information related to services provided by Genea and other companies. There was no evidence the hackers stole financial information such as credit card details or bank account numbers. An international ransomware group published what it claimed was a sample of the confidential data after the attack forced Genea to shut down for several days. The group claiming responsibility reportedly posted screenshots on dark net sites, boasting it had captured hundreds of gigabytes of patient data dating back more than five years. Genea has not said how many customers have been impacted. "We understand this news may be concerning for you," Mr Yeo wrote to customers. "We unreservedly apologise for any distress that this may cause you." He said Genea had undertaken a comprehensive analysis of the published stolen details to identify those impacted by the breach and the personal information relating to them. The provider has been granted a court-ordered injunction to prevent anyone from accessing, using, disseminating or publishing any of the illegally obtained data. It has also partnered with national identity and cyber support service IDCare to guard against potential future lapses and to offer counselling to affected clients.
