Patients of a Dublin-based liver health clinic, Liver Wellness, have been targeted in a phishing attack sent from the company’s email.
Liver Wellness, a Dublin-based medical testing company, has suffered a breach in which hackers accessed the company’s email system and used it to send out phishing messages to patients.
First reported by RTÉ, the hacker reportedly used the company’s email account to send out an email soliciting sensitive, personal information. The phishing emails were reportedly sent in mid-October, with a notification email sent out to customers alerting them of the unauthorised communications shortly after.
At time of reporting, Liver Wellness had not responded to requests for comment from Siliconrepublic.com. However, the Data Protection Commissioner confirmed that it received a breach notification from the health screening company and that it was engaging with the business to “further establish the facts”. It is not clear how the hacker managed to gain unauthorised access to the email account.
Liver Wellness provides a number of liver health screening services, including diabetes screening and testing for hepatitis infections.
Vulnerable to phishing
Phishing attacks are an extremely common, and often successful, data collection tool in a hacker’s arsenal. Recent research from Proofpoint found that as many as 99pc of cyberattacks require human interaction to succeed.
In fact, the report calls humans “the most effective vectors to infiltrate organisations and facilitate fraud and theft”.
Proofpoint notes that in most cases, cybercriminals will aggressively target people because this method of attack is easier, and more profitable, than creating exploits to worm through a system’s vulnerabilities.
Medical practices can be top targets for attack. Personal health data has been found to be three times more valuable to hackers than credit card info, according to a 2019 report published by Carbon Black.
Personal health information is, generally speaking, immutable, whereas online credit card information will invariably expire. This is coupled with how vulnerable many medical institutions are to cyberattacks.
Updated, 10.35am, 22 November 2019: A previous version of this article stated that Liver Wellness was based in Dublin’s Beacon Hospital. The article was amended to clarify that the testing company is not connected to the hospital.