Calls for privacy watchdog to formally investigate IVF giant Genea

ABC NEWS (Australia)

There are calls for Australia’s information commissioner to formally investigate the nation's third largest IVF provider, Genea fertility over concerns about its cyber-security. The company owned by a private equity group was hit by a cyber-attack in February.

Transcript

00:00Basically, they want Jenea Fertility to be accountable for what happened in February

00:07this year. There was a major cyber attack launched against the company and highly sensitive

00:14patient data, including full medical histories, psychological assessments, were stolen by

00:21cyber criminals and then posted to the dark web. Now, just to underscore the seriousness

00:28of this privacy breach, I've spoken to dozens of Jenea patients, actually, but one story

00:35in particular. Now, this is an egg donor. She donated eggs to her friend and her friend's

00:41husband. A child has been conceived as a result of her very generous gift. Now, that child

00:47doesn't yet know that they are donor conceived, yet this egg donor and her friend's medical

00:53data is now on the dark web. Now, I also spoke to Rebecca Craven. Now, she is a mother of

01:00three from Perth. In 2018, she went through Jenea for routine genetic testing. She now

01:07has a lovely, healthy daughter. She wasn't caught up in the data breach, but after it happened,

01:14she called Jenea and asked them if they could please delete her data. Now, they said no citing

01:19legal requirements, but she says that she should have the right to ask that company to delete her

01:27data. Let's have a listen to what she had to say. I think they've got an obligation to make sure

01:33that all the information that they're holding on people is secure so people can feel comfortable in

01:40approaching clinics. The ABC can reveal that researcher Jamison O'Reilly, so he's a highly

01:47respected cyber security researcher, he has lodged a report calling for a review of Jenea's

01:56cyber security, in particular a patient-facing application. He has lodged that with the Australian

02:03cyber security centre and with the company itself. This comes as the fallout from Jenea's

02:11February data breach continues. The ABC can also reveal that despite calls for the information

02:19commissioner to investigate, so far, they have not yet decided whether they will formally

02:26investigate Jenea over the data breach. Now, this has outraged cyber security experts.

02:32So the information commissioner here is our main line of defence. She has the power to enforce

02:38penalties and she sets the standards and the tone. I would love it if the information commissioner and

02:44the privacy commissioner sent a very strong signal here. The company is yet to respond to Jamison

02:50O'Reilly's report lodged with the Australian Cyber Security Centre, but it did address questions

02:57related to its February cyber attack. It says that it has engaged a team of cyber security experts to

03:05conduct a thorough investigation and review the impacted data. It also says that it's continuing

03:11to support customers and that it's committed to learning from this incident. It says it's already taken

03:18steps to further strengthen its security upon the advice of external experts. But we still don't know how many

03:28people were affected by this data breach and how the data breach occurred. The ABC did put those

03:35questions to Jenea again, but we did not get a response.

03:39We just want to get a response...

03:40We just wanted to get a response to the facts...

03:41We had time to evaluate the comments...

03:42...and we are giving tax response to the facts as well. We have made a response to the Rasag

03:57bri Vors metals. We have a response to the testimony of devils and questions. If you wanted to

Category

Transcript

Be the first to comment

Recommended