Security Market Segment LS
Wednesday, 06 November 2019 12:10

Monash IVF Group hacked, phishing emails sent to patients Featured

Monash IVF Group hacked, phishing emails sent to patients Pixabay

Fertility business Monash IVF Group has had its internal email servers hacked, but has not made any public announcement about it yet.

The company, which has connections to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia and the Northern Territory, told the ABC that experts were working to determine the extent of the infirltration.

The hack appears to have come to light when patients received phishing emails from scammers and contacted the ABC to complain.

Monash IVF Group has no media contact listed on its website.

The ABC said Monash had contacted the Office of the Australian Information Commissioner about the breach. But the OAIC has made no public statement about it either.

The company's chief executive, Michael Knaap, claimed to the ABC that the patient database had not been touched.

But he said nothing about how patients had been sent emails by the scammer or scammers.

Knaap also claimed that the lack of definite information at this stage was because of the "the extremely complicated nature of these incidents".

But it was not pointed out to him that similar incidents happen all over the world every day and companies do react much faster in informing the public about them.

Commenting on the incident, Rob Dooley, country manager of data security firm Carbon Black A/NZ, said: "The breach on Monash IVF Group’s internal email servers only serves to highlight the vulnerability of Australia’s healthcare sector to cyber attacks. This sector has seen increased attacks over the course of the year from ransomware attacks on Barwon Health to the Melbourne Heart Group.

"Poor and inadequate security controls, outdated technology and the high quality of healthcare patient data are just some of the reasons why healthcare organisations have been hit so hard by security breaches.

"According to Carbon Black’s second Australian Threat Report, phishing attacks were the prime cause of these breaches according to 27% of Australian respondents who have had a cyber attack on their company, with phishing attacks having more than doubled in the last six months. Furthermore, 89% of Australian organisations reported that cyber attacks have grown more sophisticated.

"These results point to a need for Australia’s healthcare sector to adopt a comprehensive approach to cyber security, one that incorporates prediction, prevention, detection, and response to attempted attacks. Healthcare organisations need to make endpoint protection a top priority and be more pro-active about managing cyber risks so as to combat this crimewave.”

Mark Sinclair, ANZ regional director of WatchGuard Technologies, said: "This is an example of another security breach in the healthcare industry and backs up the data from the August OAIC Notifiable Data Breach Report that puts healthcare at the top of the industry list for reportable data breaches in Australia.

"The healthcare industry remains a top target for cyber criminals and companies need to be especially vigilant."

"It is a reminder of the value of personal data to criminals. A person’s name and email address may seem fairly innocuous on their own, but when coupled with a company, or in this case a specific form of medical treatment, it becomes a powerful weapon for those seeking to scam people online."

Alex Woerndle, principal adviser, Cyber Security – Risk & Governance at technology research and advisory firm Ecosystm, said: “Phishing, although not in the media as often as in the past, is still one of the most common sources of cyber-attacks.

"Situations like this often highlight a lack of readiness to deal with an incident. However, the response is equally as important as the incident itself. Ecosystm’s ongoing cyber security study shows that while 93% of Australian organisations have a breach notification process in place, only 28% continue to evolve the process.

"A strong and evolving communications strategy - both internally and externally - is crucial. Otherwise the media attention that arises from the breach gains its own steam and potentially makes the situation even worse for all concerned.”

Read 7741 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News