WADA Hack Exposes Athletes’ Medical Records

The World Anti-Doping Agency has been charged with working to keep amateur and professional athletics free of performance enhancing drugs (PEDs), and as a result, free from scandal. PEDs not only cause potential harm or death to the athletes who are encouraged to use them, but they also strip away the element of fair play in competition.

Unfortunately, WADA has its work cut out for it in terms of keeping all sports clean while still acknowledging the unique physiological needs of each athlete. The agency has also suffered criticism from those who feel its practices aren’t beneficial to sports.

One Russian hacker group, Fancy Bear, set its sights on WADA’s stored medical records and managed to break into the network before releasing private information online. Several athletes have already been called out publicly for what those records contained, including cyclists Chris Froome and Sir Bradley Wiggins, track and field star Mo Farah, tennis champ Rafael Nadal, and several members of the Olympic champion women’s field hockey team, just to name a few.

Unfortunately, the athletes mentioned were not actually guilty of any wrongdoing under WADA’s guidelines. Their medical records contained evidence of TUEs, or therapeutic use exemptions. A banned painkiller or a steroid that could grow muscle tissue at an increased rate, for example, might be allowed in limited use if the athlete has suffered an injury. It just has to be filed with WADA and approved based on the evidence of medical need. Failure to provide that evidence and get clearance ahead of time would result in severe punishments if the athlete tested positive for the substance.

But that hasn’t stopped the court of public opinion from branding the named athletes as cheaters, which can potentially cost them in the long run. Even without proof of any wrongdoing, no team wants to pay an athlete who’s considered to be a cheater by their fans. Without full knowledge of the entire situation, it’s all too easy for an athlete to lose out when the public turns on him.

This is only one of the many reasons why medical records are highly protected, and why hackers love to get their hands on them. Medical offices, hospitals, and even the patients themselves might pay top dollar in ransom fees to keep hackers from releasing the information, especially if there are high stakes involved. In this particular case, there has been speculation that this was a revenge move after the Russian track and field team was barred from the Olympics in Rio and the entire Russian Paralympic team was barred from participation, both due to reports of state-supported doping.

So far, most of the medical-based ransomware attacks have focused on extorting money from medical facilities due to privacy violations. Several facilities have already opted to pay the hackers’ ransom because it would cost less in the long run than the HIPAA violation fines and the patients’ lawsuits. But this case highlights a whole new level of hacking tactic, which is just outright revenge.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

Pin It


ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.