'Termite' Gang licks Australian fertility clinic records

An Australian court has issued an injunction to stop further access, use, distribution or publication of the data by the threat player and all other third parties.

Genea, which has been in operation for 40 years and is one of the largest fertility clinics in Australia, announced in a statement that on February 14, it first became aware of suspicious activities in his network and immediately initiated an examination and renovation effort.

On February 26, the investigation found that threat players had started externally with the publication of data from Genea Patient Management Systems, according to the clinic.

The information concerned includes patient names, e -mails, addresses, telephone numbers, Australian Medicare card numbers, details on health insurance, medical numbers, patient numbers, date of birth, emergency contact and next to Kin.

The endangered medical information includes the patient's medical history, diagnoses and treatments, medication, health questionnaires, pathology and diagnostic test results, notes of doctors and terminals.

Financial information such as credit card data and bank account numbers do not appear affected, based on this phase of the examination, said Genea.

On February 26, Genea said that the Australian Supreme Court in New South Wales also provided an injunction against the threat players.

A copy of the court decision, in which certain information, including the identity of the hackers and their dark website, has been reduced, means that “accused or other person” is banned in publication, communication or disclosure of information or materials received from the genea record.

This data record refers to “all information or materials that are not authorized by the accused from the IT network and IT systems of the plaintiffs”.

The injunction covers data from the Citrix environment of Genea. The court document was initially accessed on January 31. About 940.7 GB data “leaves the IT network of the plaintiffs and IT systems, including one of the digitalocean on or around or around or up to the servers, which were hosted on or around or around February.”

The data was stolen from the genea application server for its primary patient management system Baby Sentry and other systems, including the primary file server of the clinic, according to the court document.

Until Friday, Terite's Dark website claimed that the group had at least 700 GB data from Genea's servers “such as confidential, personal data from customers”. The leakage point also showed several samples from Genea patient end documents, including health questionnaires and egg donor reports.

In his declaration, Genea said that the organization had informed the government agencies in addition to compliance with the interim arrangement of the court against the threat actors.

This included the office of the Australian information commissioner and the Australian cyber security center. “We meet with the National Office of Cyber ​​Security, the Australian cyber security center and other government departments to discuss the incident with you,” said the clinic.

Genea did not immediately respond to the request of the information security media group for comments and additional details about the incident.

Other infestation

Security researchers say that Termite is a group that occurred in the ransomware scene for the first time last autumn.

“Termite is an English-speaking extortion group that allegedly steals data from organizations and threatens to run it out on a goal-hosted data-leak site, unless a ransom is paid”

In a report in December 2024, researchers from the threat intelligence company Cymble said that Termite seems to be a new variant of Babuk Ransomware and that in November 2024 the group was behind an attack that appeared the platform of the Supply Chain Management Blue Yonder (see: Moody's: Hackers aim at large payments at Supply -chain attacks).

“Termite is essentially a renaming of the notorious Babuk ransomware,” wrote Cyble. “Termite ransomware represents a new and growing threat in the cyber landscape and uses advanced tactics such as double blackmail to maximize the effects on the victims.”