Cyber Incident Victim: Liver Wellness

The data breach involving Liver Wellness, a Dublin-based company specializing in liver scanning procedures, occurred when unauthorized actors compromised the company's email system. Patients were notified via letters sent in October 2019, approximately one month prior to public reporting of the incident on November 17, 2019. The attacker gained control of Liver Wellness's corporate email account and used this access to directly contact patients while impersonating the company. In these fraudulent communications, the hacker solicited sensitive personal information from patients under the guise of legitimate business correspondence. Liver Wellness did not publicly disclose the exact number of affected individuals or the specific timeframe during which the email account was compromised. The company confirmed the breach stemmed from unauthorized access to its email infrastructure but did not elaborate on the intrusion method or whether other systems were involved.

The incident exposed patients to potential identity theft and financial fraud due to the sensitive nature of the information targeted in the phishing attempts. Liver Wellness's notification letter constituted its primary confirmed response action, though the company did not specify whether it involved external cybersecurity consultants, law enforcement, or regulatory bodies. Public awareness of the breach emerged through RTÉ's This Week programme, which obtained details from the company's customer correspondence. No further public statements from Liver Wellness regarding remediation steps, system security enhancements, or patient support measures were documented in the available report. The breach highlighted risks associated with email system compromises in healthcare-adjacent services, particularly the exploitation of patient trust to harvest sensitive data through impersonation attacks.