A class action firm has filed a complaint on behalf of the hundreds of fertility patients impacted by the Genea data breach.
Lawyers have lodged a representative complaint with the Office of the Australian Information Commissioner in relation to a ransomware attack that targeted the Sydney-based Genea fertility clinic in early 2025.
“Phi Finney McDonald lodged a representative complaint with the Office of the Australian Information Commissioner against Genea after being contacted by hundreds of impacted people who were distressed that their personal information had been accessed by unauthorised third parties.”
The complaint being filed alleges that Genea “failed to take reasonable steps to protect information from misuse, interference, loss, and unauthorised access, modification or disclosure”.
The complaint also alleges that Genea failed to “destroy or remove information when no longer required”.
Phi Finney McDonald is encouraging other individuals impacted by the incident to register their interest in receiving updates concerning the representative complaint.
Genea first confirmed it had experienced a cyber incident on 14 February, when it first informed patients that its phone lines were down and that some of its systems were taken offline “out of an abundance of caution”.
On 24 February, the clinic confirmed that it was continuing to investigate, but also said that patient data had been compromised in the attack, including “full names, emails, addresses, phone numbers, Medicare card numbers, private health insurance details, Defence DA number, medical record numbers, patient numbers, date of birth, medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaire, pathology and diagnostic test results, notes from doctors and specialists, appointment details and schedules, emergency contacts and next of kin”.
Later that same month, the Termite ransomware gang claimed responsibility for the attack, publishing several samples of stolen data. Genea obtained an injunction preventing anyone, including journalists and researchers, from accessing or disseminating the data.
Genea began a second round of customer notifications in July.
Phi Finney McDonald first began an investigation into the possibility of a class action regarding the incident in August.
“Patients at Genea are entitled to the highest levels of privacy and safety to ensure their personal details and medical histories remain secure,” Phi Finney McDonald principal lawyer Tania Noonan said at the time.
In a statement to Cyber Daily, Genea said it continues to support those impacted by the breach.
“This includes partnering with IDCARE, Australia’s national identity and cyber support service, to provide counselling and other assistance at no cost for those who wish to seek further support. We also have a dedicated call centre and email service (mailto:
“We thank our community for their understanding during our investigation into this cyber incident. We deeply regret that personal information was accessed and published, and sincerely apologise for any concern this incident may have caused,” the company said.
This article was first published on Lawyers Weekly’s sister brand, Cyber Daily.
