Spear phishing for medical details

Next story
James Pavett

A hack into the World Anti-Doping Agency cause irreparable damage to professional athlete’s reputations.

Spear phishing is a more elaborate and more targeted version of traditional phishing, using many of the same techniques but with a very specific company, person, or goal in mind.

One example occurred last year when Olympic gold medallist Simone Biles, and Tennis champion Serena Williams, had their confidential medical files hacked into and released to the public.

The medical files in question put an unnecessary spotlight onto each of the athlete’s health, and, thankfully, in both cases the prescription medication were permitted by the World Anti-Doping Agency (Wada).

Mark James, ESET IT Security Specialist, explores whether Wada were doing enough to protect the sensitive, personal information they hold.

“Data breaches come in all shapes and sizes and can cause varying degrees of damage; the most common is of your private data (b>usernames, passwords, DOB, addresses etc.). Once hacked, this data then makes its way onto the internet.

“However, sometimes the data breaches are malicious in a different way, like this particular breach, which involved private medical information about athletes in the US.

“Any breach is of course bad, but when it comes to very personal information which could be potentially damaging to a career, it can have far reaching effects.

“Sadly once this information is released, there is no changing what is said, or indeed un-reading it.

“These types of attacks are often instigated through phishing attacks, and this one was believed to be a targeted version called Spear phishing.

“This is particularly difficult to combat against, as it’s tailored in such a way to target one or two individuals, and designed to fool you with a specific amount of information relevant to that person.

“Due to this, it has a high success rate, and it is extremely difficult to defend against. You have to be pro-active and treat emails and correspondence with a level of scepticism.

“These types of attacks are often done extremely well, and sometimes it’s only the smallest amount of information that will alert you.”


Have you ever spotted a spear phishing email? What gave it away? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.