Genea cyber incident - update, support resources & data breach notification

Updated: 4 hours ago

UPDATED 5TH MARCH 2025

UPDATE: 5TH MARCH 2025

Genea can confirm that additional stolen data from our systems has been published on the dark web by the threat actor.

This is not a new incident. To as best as possible safeguard our patients and our team, Genea has taken several steps ahead of and following the publication of this data, including:

Working to understand precisely what data has been published.
Obtaining a court-ordered injunction to prohibit any access, use, dissemination or publication of the impacted data by the threat actor and any third party.
Notifying our affected patients and staff of the cyber incident and providing information in relation to mitigating the risks.
Ensuring that our support package is available to those impacted by this incident. This includes the support of IDCARE, Australia’s national identity and cyber support service which includes counselling.

Additionally, the cyber incident and the publication of Genea’s stolen data has been reported to the Australian Federal Police, and an investigation is underway.

We are continuing to engage with the Office of the Australian Information Commissioner, the Australian Federal Police, the National Cyber Security Coordinator and the Australian Cyber Security Centre in relation to this incident.

We thank our community for their patience and understanding as we continue to respond to this incident and apologise for any concern that this development may cause.

If you have any further questions or would like further information, please email cyber@genea.com.au.

UPDATE: 26TH FEBRUARY 2025

Our ongoing investigation has established that on the 26 of February, data taken from our systems appears to have been published externally by the threat actor. We understand that this development may be concerning for our patients for which we unreservedly apologise.

To as best as possible safeguard our patients and our team, Genea has taken several steps ahead of and following the publication of this data, including:

Obtaining a court-ordered injunction to prohibit any access, use, dissemination or publication of the impacted data by the threat actor and any third party.
Working to understand precisely what data has been published.
Ensuring that our support package is available to those impacted by this incident. This includes the support of IDCARE, Australia’s national identity and cyber support service.

We are continuing to engage with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre in relation to this incident.

If you have any further questions or would like further information, please email cyber@genea.com.au.

Resources available for further information:

If you have any questions about government-issued identity document information (such as your driver licence, Medicare card or passport), please contact the agency that issued the identity document for advice.
Read more information about protecting yourself from identity fraud here.
If you have any questions related to your health or medical treatment, contact your doctor immediately.
Mental health and wellbeing support is available through our patient support partnership with IDCare.

We are endeavouring to communicate with all current and former Genea patients the latest updates of our investigation into the incident. A copy of our communication is included below.

Thank you for your patience as we investigate the cyber incident that has impacted our organisation (Genea Pty Limited). We understand that hearing about an incident like this can cause concern and we sincerely apologise for this. We want to reassure you that our teams of specialists, nurses, scientists and support staff are working tirelessly to minimise any impact to the treatment of our patients which is always our highest priority. Our technology teams have also been working around the clock with cyber security professionals to securely restore our systems while progressing our investigation.

We are committed to doing all we can to protect your privacy. In this letter, we’ll step you through what happened, what types of personal information relating to you may have been involved in the incident and identify clear steps you can take to help ensure your information is protected.

What has happened?

On 14 February 2025, we became aware of suspicious activity on our network. Following this, we promptly launched an investigation to determine the nature and scope of the activity. In the course of these investigations, Genea discovered that it had been impacted by a cyber security breach.

Since the incident, we have undertaken extensive remediation efforts and actions in line with our incident response process to prevent reoccurrence. This has involved securing our networks in partnership with our cybersecurity partners and bringing our core systems online to ensure that we can continue to provide the very best care to our patients.

We advised in our prior communication that we were continuing to investigate the nature and extent of data that had been accessed and the extent to which it contained personal information. As a result of our ongoing investigation, we now believe the attacker may have accessed and taken personal information which we hold.

We have notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre of the incident. We are meeting with the National Office of Cyber Security, the Australian Cyber Security Centre and other government departments to discuss the incident with them.

Our investigation is ongoing, and we will continue to communicate any relevant updates you.

What personal information has been impacted?

Our investigation has identified that Genea’s patient management systems, which contain information about you, was accessed by an unauthorised third party. We stress that at this point in time it is unknown what personal information within the folders on the patient management system has been compromised. However, the folders on the patient management system include the following types of your information:

Full names, Emails, Addresses, Phone Numbers, Medicare Card Numbers, Private Health Insurance Details, Defence DA number, Medical Record Numbers, Patient Numbers, Date of Birth, Medical History, Diagnoses and Treatments, Medications and Prescriptions, Patient Health Questionnaire, Pathology and Diagnostic Test Results, Notes from Doctors and Specialists, Appointment Details and Schedules, Emergency Contacts and Next of Kin, although the information differs for different individuals.

At this stage there is no evidence that any financial information such as credit card details or bank account numbers have been impacted by this incident. The investigation is however ongoing, and we will keep you updated of any relevant further findings should they come to light.

Support available to you

We know that an incident like this is concerning and as part of our support to you we would like to offer you the support of a specialist provider, IDCARE, who can work with you to safeguard your personal information without any charge to you.

IDCARE Case Managers are available Monday to Friday from 9am to 5pm (AEDT) and a preferred time can be booked online via their Individual Get Help Form at https://www.idcare.org/contact/get-help#form or by calling 1800 595 160. To get our dedicated Genea referral code, please email cyber@genea.com.au.

Additional recommendations for you

While we are undertaking a full assessment of the incident and taking all necessary precautions to mitigate any risk of harm, we recommend that you:

Be extra careful about opening any suspicious emails, texts or phone calls, or any possible attempts to contact you from people or organisations you don’t know.
Remain vigilant as to any other attempts that might relate to possible identity theft or fraud using your personal information.
Visit the Australian Cyber Security Centre website or the ACCC’s Scamwatch for further information about online safety, cyber security and other helpful tips.

We deeply regret that your personal information may have been accessed by reason of this incident and sincerely apologise for any concern this incident may have caused. Our teams of specialists, nurses and office support staff are working tirelessly to ensure that there is minimal disruption to your treatment, which is of our utmost priority and importance.