Doctors warned of cyber security threats following IVF data breach

General practitioners and other medical specialists, pharmacists, and medical professionals have been advised to have robust cyber security measures to protect sensitive patient data and maintain patient trust.

The NOCS’s health sector industry working group has issued a fact sheet following Genea becoming aware on 14 February 2025 of an unauthorised third party accessing its systems.

“Following any data breach in the healthcare sector, healthcare providers should be especially vigilant when being asked to send sensitive healthcare information over the phone, email or fax,” the fact sheet says.

“This could require healthcare providers to call patients back on their known contact details          , or ask additional identifying questions to establish any individual’s identification.

“Maintaining robust cyber security in healthcare organisations is crucial, not only for protecting sensitive patient data, but also for ensuring the highest quality of patient care while maintaining patient trust.”

The following resources are available to support members improve their cybersecurity:

• The National Cyber Security Coordinator and the National Office of Cyber Security provide guidance on incident response, consequence management, and collaborative forums. The 2023-2030 Australian Cyber Security Strategy outlines various initiatives to improve cyber resilience across sectors. For inquiries contact the Cyber Security Engagement team at cse@homeaffairs.gov.au.
• The Trusted Information Sharing Network (TISN) is a network with a dedicated Health Sector Group fostering collaborative security improvement initiatives. Membership is non-competitive and non-regulatory. For details, contact cir@homeaffairs.gov.au.
• The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) leads the government's cybersecurity efforts and offer alerts, advisories, guidance, and tools via Cyber.gov.au. The Cyber Security Partnership Program provides organisations with threat intelligence, collaboration, and resilience-building opportunities.
• The Australian Security Intelligence Agency's (ASIO) Outreach Portal provides industry professionals with advice on emerging security threats, drawing from domestic and international sources. The ‘Protect Your Research’ booklet helps organisations secure research data and intellectual property. ContactOutreach via their website for more details.
• The Australian Digital Health Agency (ADHA) works with the healthcare sector to secure digital health information and assets. ADHA also convenes a Cyber Champions Network to promote cybersecurity culture and behaviours in healthcare organisations. For more information, contact cyber-enquiries@digitalhealth.gov.au.
• The Department of Health and Aged Care will be collaborating with software vendors in 2025 to develop a regulatory framework that enhances the cybersecurity of platforms handling sensitive health data. This will include implementing cyber security controls in line with the Information Security Manual (ISM).