Is a targeted phishing attack.12,13 Spear-phishing is a popular infection vector for malicious actors.14 Spear-phishing messages are tailored to the target recipient (e.g., individual or groups within an organization).15 There is a plethora of information available online about companies, their employees and contractors, current and past projects, policies and procedures, and their vendors and business associates. Spear-phishing messages may be particularly convincing when they contain “insider information” relevant to the targeted organization or individual. In addition, spear-phishing has been made more effective through the use of stolen vendor credentials.16 Thus, spear-phishing has been used to target healthcare organizations, either directly or indirectly (such as through vendors)