In early February 2025, one of Australia’s leading IVF clinics, Genea Fertility, became the target of a sophisticated cyberattack by the ransomware group Termite. Nearly a terabyte of highly sensitive data was stolen, including full names, contact details, Medicare and private insurance details, doctor’s notes, prescriptions, test results, genetic information – you name it. Much of the data has since been posted to the dark web, solidifying the breach as one of the most severe in Australia’s healthcare sector.
Unfortunately, Genea was not an isolated incident. It was the latest in a string of major cyber-attacks in recent years that have affected millions of Australians in one way or another (see Optus, Medibank and Latitude Financial). The onus is ultimately on organisations to lift their game on cybersecurity and privacy safeguards. However, if your data was compromised in the Genea breach (or any other), there are several practical steps you can take now to reduce your exposure and minimise the risk of further damage.
1. Fully Understand the Extent of the Data Exposure
Your first step is to obtain a clear picture of exactly what information has been compromised. Carefully review all communications from Genea, IDCARE, or any official body involved in the breach response. Take note of whether your Medicare card number, date of birth, home address, email address, mobile number, clinical diagnoses, test results, treatment plans, or emergency contact details were included in the leaked dataset. The type of information exposed will directly influence the types of fraud or misuse you might be vulnerable to. For example, contact details can be exploited for targeted scams. If any medical information has been exposed, be aware that such details are extremely sensitive and can be leveraged for blackmail or harassment. Once you know exactly what’s out there, you can develop a focused action plan to secure those specific elements of your identity.
2. Inform Anyone Else Who May Be Affected
If the compromised information contains details about other people such as your partner, sperm/egg donor or family members, you should generally alert them as soon as possible. This includes cases where your medical records contain information about shared treatment plans or family medical history. For example, if a sperm donor’s medical background has been leaked, this could potentially affect the privacy of a donor-conceived child. Being upfront allows these individuals to take their own preventative measures. Having these conversations early not only helps them protect themselves but also ensures that everyone in your network is prepared for potential scams or identity fraud.
3. Secure All Online Accounts and Activate Robust Authentication
Act quickly to protect your online accounts, especially those connected to your personal identity or financial life. Begin by changing your passwords, making sure each one is strong, unique, and not reused across multiple platforms. Where available, enable 2FA using an authenticator app like Google or Microsoft Authenticator. For maximum security, you could even use a hardware security key such as YubiKey. Avoid SMS-based 2FA, which is vulnerable to SIM-swapping attacks. Log out of all devices, including phones, tablets, and computers, and review recent login histories for suspicious activity, wherever possible. This includes checking for unfamiliar IP addresses or logins from locations or devices you don’t recognise. By acting decisively, you reduce the likelihood of hackers using your breached credentials to access other accounts.
4. Check ‘Have I Been Pwned’ and Consider Dark Web Monitoring Tools
Visit haveibeenpwned.com and enter your email addresses and mobile numbers to see if they appear in any known data breaches. Sign up for the “Notify Me” option so that you’re automatically alerted if your credentials are exposed in future. Note however that this site shouldn’t be considered to be a comprehensive record of leaks or hacks of information, so it won’t necessarily pick up everything.
Leaks may also occur on the deep web or dark web so, if you’re capable of searching those resources safely, you should consider that course of action from time to time or hire an expert to perform searches. Subscription services like Norton Identity Advisor Plus are available as well, which can scan forums and marketplaces on the dark web for your personal information. This specific product also includes identity theft insurance coverage for expenses and losses related to identity theft. Services that provide an additional level of monitoring can give you early warning signs that your data is being actively sold or used, allowing you to act sooner.
5. Be Hypervigilant for Phishing, Fraud, or Blackmail Attempts
Cybercriminals often weaponise stolen medical data to create highly convincing scams. You may receive phone calls, emails, or text messages that appear to come from legitimate organisations like healthcare providers or government agencies. They may reference your medical history to establish credibility. Some may even attempt blackmail by threatening to release sensitive health details unless a ransom is paid. Treat any such communication with extreme caution. Never click on links, download attachments, or provide personal information unless you’ve verified the request through an official and trusted channel. In some cases, scammers may combine your stolen data with other publicly available information to make their approach appear even more legitimate. Staying sceptical and pausing before you respond can be your best defence.
6. Monitor Your Financial and Credit Activity Closely
Even if the Genea breach did not directly expose your banking or credit card details, the personal identifiers now in circulation could be used to impersonate you and enable bad actors to open accounts or loans in your name. Regularly review your bank statements and credit card activity for any suspicious or unfamiliar charges. In Australia, you’re entitled to a free credit report every three months from major credit reporting agencies such as Equifax, Experian, and Illion. Look out for new credit applications or enquiries that you didn’t initiate. If you detect anything suspicious, contact the relevant financial institution immediately and consider placing a credit ban to prevent new accounts being opened in your name without your consent.
7. Contact Institutions to Lock Down Security
Reach out to all relevant organisations including banks, Medicare, your private health insurer, superannuation funds, phone providers, and utility companies. Request the highest level of account security available. This could include:
- adding a unique verbal password setting
- additional identity verification questions
- enabling account alerts for any changes or access attempts.
By doing this, you make it significantly harder for criminals to impersonate you, even if they already have your information. Ask each provider what specific security enhancements they offer and make it clear that your data has been compromised in a major breach so they understand the urgency of your request.
8. Engage Professional Support Both Forensic and Emotional
Genea has partnered with IDCARE, Australia and New Zealand’s national identity and cyber support service, to provide counselling and practical advice for affected individuals. Take advantage of their resources to understand the full scope of the risks you face and get tailored guidance on mitigation steps. In addition, you may want to engage the services of a digital forensic expert or experienced private investigator, particularly if you suspect your data is being actively used or traded online.
These professionals can help trace the flow of your information across the dark web and other illicit channels, identify where and how it is being exploited, and advise on strategies to contain and shut down misuse before further harm occurs. At Lyonswood Investigations, we have over 40 years of experience assisting thousands of clients in Australia and overseas with sensitive cyber and privacy matters. Our team has a proven track record in tracking digital footprints and implementing practical countermeasures to help victims of data breaches regain control.
Emotional support is equally important as breaches involving deeply personal health data can be distressing. Don’t hesitate to seek help from qualified counsellors.
9. Reinforce Your Digital Hygiene and Device Security
This breach is a timely reminder to strengthen your overall cybersecurity position.
- Use strong passwords that are at least 14 characters long, mixing uppercase and lowercase letters, numbers, and symbols.
- Consider using a reputable password manager to generate and securely store these credentials.
- Ensure your devices are set to automatically update their operating systems so security patches are applied without delay and regularly turn off and restart your devices (ideally, each day).
- Turn on your device firewalls and install reputable anti-virus and anti-malware programs.
- If you have any reason to believe your devices have been compromised, consider performing a factory reset to remove any potential spyware or malicious code (but be aware that certain types of advanced malware, like rootkits, can persist after a factory reset).
Making these practices a habit will reduce your exposure to future attacks.
10. Lock Down Your Digital Footprint and Social Presence
In the wake of a breach, it’s important to minimise the amount of personal information available about you online. Review your social media profiles and set them to the highest privacy settings. Remove any posts, photos, or public comments that could reveal details about your location, health, or family. Be aware that even something as simple as a photo containing location metadata can be exploited by malicious actors. If you’ve been sharing your fertility journey or medical updates publicly, consider pausing this activity until you have greater control over your personal information. By reducing your online footprint, you make it harder for criminals to connect the dots between the breached data and your real-world identity.
