Security Market Segment LS
Wednesday, 06 November 2019 12:10

Monash IVF Group hacked, phishing emails sent to patients Featured

Monash IVF Group hacked, phishing emails sent to patients Pixabay

Fertility business Monash IVF Group has had its internal email servers hacked, but has not made any public announcement about it yet.

The company, which has connections to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia and the Northern Territory, told the ABC that experts were working to determine the extent of the infirltration.

The hack appears to have come to light when patients received phishing emails from scammers and contacted the ABC to complain.

Monash IVF Group has no media contact listed on its website.

The ABC said Monash had contacted the Office of the Australian Information Commissioner about the breach. But the OAIC has made no public statement about it either.

The company's chief executive, Michael Knaap, claimed to the ABC that the patient database had not been touched.

But he said nothing about how patients had been sent emails by the scammer or scammers.

Knaap also claimed that the lack of definite information at this stage was because of the "the extremely complicated nature of these incidents".

But it was not pointed out to him that similar incidents happen all over the world every day and companies do react much faster in informing the public about them.

Commenting on the incident, Rob Dooley, country manager of data security firm Carbon Black A/NZ, said: "The breach on Monash IVF Group’s internal email servers only serves to highlight the vulnerability of Australia’s healthcare sector to cyber attacks. This sector has seen increased attacks over the course of the year from ransomware attacks on Barwon Health to the Melbourne Heart Group.

"Poor and inadequate security controls, outdated technology and the high quality of healthcare patient data are just some of the reasons why healthcare organisations have been hit so hard by security breaches.

"According to Carbon Black’s second Australian Threat Report, phishing attacks were the prime cause of these breaches according to 27% of Australian respondents who have had a cyber attack on their company, with phishing attacks having more than doubled in the last six months. Furthermore, 89% of Australian organisations reported that cyber attacks have grown more sophisticated.

"These results point to a need for Australia’s healthcare sector to adopt a comprehensive approach to cyber security, one that incorporates prediction, prevention, detection, and response to attempted attacks. Healthcare organisations need to make endpoint protection a top priority and be more pro-active about managing cyber risks so as to combat this crimewave.”

Mark Sinclair, ANZ regional director of WatchGuard Technologies, said: "This is an example of another security breach in the healthcare industry and backs up the data from the August OAIC Notifiable Data Breach Report that puts healthcare at the top of the industry list for reportable data breaches in Australia.

"The healthcare industry remains a top target for cyber criminals and companies need to be especially vigilant."

"It is a reminder of the value of personal data to criminals. A person’s name and email address may seem fairly innocuous on their own, but when coupled with a company, or in this case a specific form of medical treatment, it becomes a powerful weapon for those seeking to scam people online."

Alex Woerndle, principal adviser, Cyber Security – Risk & Governance at technology research and advisory firm Ecosystm, said: “Phishing, although not in the media as often as in the past, is still one of the most common sources of cyber-attacks.

"Situations like this often highlight a lack of readiness to deal with an incident. However, the response is equally as important as the incident itself. Ecosystm’s ongoing cyber security study shows that while 93% of Australian organisations have a breach notification process in place, only 28% continue to evolve the process.

"A strong and evolving communications strategy - both internally and externally - is crucial. Otherwise the media attention that arises from the breach gains its own steam and potentially makes the situation even worse for all concerned.”


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments