In the wake of the Heartbleed internet security bug, the public perception of information security has shifted to be more cautious, although probably not as much as it should. (If you’re still a password ‘123456’ person, it’s time to move on.)
But genetic information is probably the most sensitive data that some people have stored online, and that number is growing.
In many states, you can submit DNA for analysis, even if it isn’t your own. Consider Sharon Moalem, a scientist and writer who ‘hacked’ his best friends DNA and wrote about his experience:
“It was likely the easiest experiment I’ve ever conducted and with multiple companies offering genetic testing online, it’s very likely that I’m not the first to attempt to hack someone else’s genome. And boy did I ever uncover some provocatively revealing and dangerous health information about my friend. For one thing, it turns out he inherited over three dozen risk factors for schizophrenia, increased risk for prostate cancer, addiction to opiates and the list goes on and on.”
Although Moalem didn’t reveal how he collected the DNA sample or which direct to consumer genetic testing companies he used, the amount of information he received, no questions asked, about his friend’s health risks could have been extremely damaging had someone wanted to cause him harm.
In another example of the tenuousness of our genomic security, an MIT researcher at the Whitehead Institute matched five randomly selected anonymous participants who had submitted their DNA as part of research study to their actual identities using just their DNA, ages and the states where they lived. And it only took him a few hours.
His success was in part because the participants were men, who have easily identified Y chromosomes passed down for generations alongside surnames. But, it makes an important point.
“If you believe you can just encrypt terabytes of data or anonymize them, there will always be people who hack through that,” George Church, a Harvard geneticist told the New York Times. Church said people who have their genetics analyzed should be told a privacy breach is more likely than not.
Another issue is that genetic info isn’t just held by direct to consumer companies. For many people, genetic data is included in their medical records. Healthcare systems must struggle to determine whether they will parse out some genetic information to include for its utility, as healthcare technology expert Dixie Baker said:
“Whole genome sequences are also much more sensitive than genetic test results because sequences are unique to the individual and disclose personal information as well as information related to parents and siblings. ‘A whole genome sequence needs to be very strongly protected, separate from the individual’s demographic information and phenotypic information.’”
Baker indicated that a patient’s genome could be linked to their health record, but housed in a different system much like x-ray and other imaging results are currently.
Security should be discussed more openly and more often when considering genetic sequencing. It’s become clear that our credit card numbers, bank accounts and passwords are really only one curious and capable hacker’s mind away form exposure. We should try hard not to add our genomes to that list. As Moalem said:
“When it comes to genetics it seems, we’re not only behind the curve but not even aware of the existence of any of these complex issues. Until we have proper laws in place and even long after it may be prudent to choose your friends wisely and be sure to discard your tissues, used coffee cups and every other item that may house your DNA with extreme care.”
- Privacy and our genes: Is deCode’s DNA project ‘Big Brother’ or the gateway to a healthier future?, Genetic Literacy Project
- Guarantee Privacy to Ensure Proper Treatment, Jeremy Gruber, New York Times
- A genetic “Minority Report”: How corporate DNA testing could put us at risk, Benjamin Winterhalter, Salon