The International Association of Athletics Federations on April 3 notified more than 80 athletes their medical information may have been compromised in a recent cyberattack, IAAF told Becker's Hospital Review via email.
The cyberattack, which took place Feb. 21, was detected during a proactive investigation by Context Information Security, which Monaco-based IAAF contracted in early January, according to a statement posted on the IAAF website. Context Information Security identified unauthorized remote access to the IAAF network, including file servers storing athletes' Therapeutic Use Exemption applications dating back to 2012.
Here are three things to know.
1. Athletes submit TUEs to apply for eligibility for certain banned substances if they have a verified medical need, according to Reuters. Although IAAF cannot confirm whether this medical information was stolen from the network, the organization told Becker's Hospital Review: "We do believe their intent was to access the TUE data and this is what seems to have been removed from the server."
2. IAAF said the cyberattack was perpetrated by a Russian hacking group called Fancy Bear, also known as APT28. In the past, private security firms and U.S. officials have said "Fancy Bear works primarily on behalf of the GRU, Russia's military intelligence agency," according to Reuters. The news agency also reported Fancy Bear published athletes' medical records last year, after hacking into the World Anti-Doping Agency database.
3. Since learning about the attack, IAAF has consulted with the U.K. National Cyber Security Centre and Monaco's Agence Monégasque de Sécurité Numérique. The organization also worked with Context Information Security to remove hackers' access to the IAAF network, a project that was completed over the weekend.
"Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential," said IAAF President Sebastian Coe. "They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world's best organizations to create as safe an environment as we can."