Genea, one of Australia’s biggest IVF clinics, is in the hot seat. A massive data breach has exposed the extremely sensitive medical information of its patients. Genea now runs 19 clinics in Australia and one in Thailand. Since their sensitive information made it onto the dark web earlier this year, they’ve been a huge asset for patients looking to hold these companies accountable—and get compensation.
On 20 October, VTTI lodged a representative complaint with the Office of the Australian Information Commissioner. This administrative complaint was filed on behalf of several aggrieved patients. Plaintiffs allege that Genea failed to take reasonable measures to safeguard their sensitive personally identifiable information. They are represented by Melbourne law firm Phi Finney McDonald in alleging that Genea did not notify them of the breach in a timely manner, breaching the Privacy Act 1988.
According to the notification sent by Genea, the company failed to delete or redact sensitive information after it was no longer necessary. This unfortunate oversight has led to grave concerns among patients regarding the clinic’s use and handling of data. Isabel Lewis created her twin boys through IVF at Genea eight years back. Today, she’s taking to the internet to vent her anger at how it all turned out.
“I’m not doing it for the money, although money is fine and all, but if there are damages that are significantly painful, hopefully — and maybe I’m deluded — the business will change their practices so that they don’t have damages like that again.” – Isabel Lewis
Isaac, a second impacted patient, expressed similar feelings about the breach. He remarked on the gravity of the situation, stating, “This is some of the most sensitive information about me.” Isaac further articulated the disheartening experience by saying, “It’s supposed to be a good deed. It’s almost like you’re being punished because your information was held on a computer system.”
After the breach, Genea has worked with IDCARE to make sure counselling and support are available to affected patients. The clinic has set up a specialized call centre and email support for people affected by the incident. A representative from Genea told us that as a dental data company, they understand that protecting patient information is their responsibility.
“Patients at Genea expected their highly sensitive medical, personal, and financial information on the company’s systems to remain private and confidential,” – Genea spokesperson
The incident is still under investigation, according to the spokesperson, who thanked the community for their patience while the cyber incident was investigated.
“We deeply regret that personal information was accessed and published and sincerely apologise for any concern this incident may have caused.” – Genea spokesperson
As investigations continue, Genea’s reputation hangs in the balance while its patients demand transparency and corrective actions to prevent future breaches. The outcomes of these complaints may significantly influence how IVF clinics manage sensitive data in an increasingly complex digital landscape.
