Termite ransomware claims responsibility for the Genea attack

The Termite ransomware gang has claimed the recent data breach incident on the Australian fertility services provider.

Late last month, Genea disclosed that unknown threat actors compromised their networks, resulting in the alleged heist of sensitive healthcare data.

This affected IVF (in vitro fertilisation) provider, which has been in business since 1986 (under the name Sydney IVF), operates 22 fertility clinics in different regions of Australia, such as Western Australia, Melbourne, Canberra, New South Wales, South Australia, and Queensland. It provides various services, such as fertility treatments, tests, genetic services, preservation choices, and donation programs.

According to Australia’s national broadcaster, Genea and two other companies (Monash IVF and Virtus) generate more than 80% of the industry’s overall income.

 

The Termite ransomware claimed the attack that Genea announced last week.

 

According to reports, the Termite ransomware gang is responsible for Genea’s announcement of ‘suspicious activity’ last Wednesday.

The announcement came after the provider stated it was investigating a cyber incident on its network. In an amended statement, the fertility services admitted that hackers acquired data from its servers, which was later published online.

The company stated that it obtained a court-ordered injunction to prevent the disclosed data from being shared with others and is cooperating with the Australian Cyber Security Centre to investigate the issue.

Furthermore, a redacted court order showed that the threat actors accessed Genea’s network via a Citrix server on January 31, 2025.

They then acquired access to the company’s major file server, domain controller, backup software, and BabySentry primary patient management system. On February 14, the infiltrators allegedly transferred 940.7GB of data from Genea’s hacked computers to an attacker-controlled DigitalOcean cloud server.

The ongoing investigation revealed that Genea’s compromised patient management systems comprised the following sorts of personal and health data, with the exposed information differing for each impacted individual.

Still, the confirmed details may include complete names, emails, addresses, phone numbers, date of birth, emergency contacts, and next of kin. Additionally, details like Medicare card numbers, private health insurance information, Defense DA numbers, medical record numbers, and patient numbers are potentially compromised during the breach.

The campaign could have reached critical data, like medical history, diagnoses and treatments, drugs and prescriptions, a patient health questionnaire, pathology and diagnostic test results, doctor and specialist notes, appointment information, and timetables.

As of now, Genea has yet to attribute the attack to a specific threat organisation or criminal operation. However, the Termite ransomware gang have already claimed responsibility earlier this week.