Unauthorised activity targeting the email system of Monash IVF
Monash IVF was recently the subject of a malicious cyberattack, which resulted in some of our patients receiving spam emails pretending to be from Monash IVF. We have been working with external forensic IT experts and regulators to investigate the incident thoroughly.
These investigations are now complete and our forensic IT investigation have concluded that Monash IVF did experience a targeted phishing attack, where scammers accessed emails, email addresses and address books belonging to a number of our staff members. We were able to detect the attack quickly and our security arrangements prevented the attack affecting our other systems. Importantly, we can confirm that our confidential patient database was not compromised and remains safe and secure. The confidential patient database is where Monash IVF stores key patient information.
We believe that the personal information accessed by scammers is mostly limited to an individual’s email address. At this stage our investigation has revealed no evidence of any misuse of personal information other than email addresses.
We have been in contact with the small number of people who we believe may have been directly affected by this incident, and will continue to work with them to resolve this issue.
The Monash IVF team