If you had asked me a few years ago about my opinion on the security of my personal information, my response would have centered around my Social Security number or my credit card information. Like many of my federal colleagues, I have been impacted by several major data breaches involving government and commercial databases. Needless to say, it was not a fun experience and caused my mind to wander with worry, which kept me up at night wondering: Will this breach hurt my credit rating now? How will this impact me later when I retire? I enrolled in the offered free credit monitoring tools and do my own credit checks, but I still do not completely have that warm fuzzy feeling of being protected. However, as bad as my experience has been with those breaches, I shudder to think of the concerns of people who have had their personal health information compromised!
Our society is increasingly generating and relying on personal data in many aspects of everyday life. A more recent category of data at risk is genomic data, an individual’s genetic information. Due to technical advances in genetic sequencing, what was once a multimillion-dollar, decade-long effort to sequence a human genome now takes less than a week to complete and is a thousand-dollar endeavor. This data is being used by researchers, corporations and, amazingly enough, everyday people, just living life.
I remember hearing my friend, who was adopted, share with me that she submitted her sample to a direct-to-consumer DNA testing provider to learn about her health information and family heritage. Sounds simple, right? Nope, not at all. Hearing my good friend talk about what she went through to find out what types of illnesses she may experience during her lifetime triggered me to think about a few things. My process to get this information involves a conversation with people I know and trust. Her process required her to have another data type in a database, vulnerable to an unknown number of breaches. Yet there are no monitoring tools that can minimize the feelings that still haunt me from my own breach experiences.
There are real risks with genomic data if it falls into the wrong hands, such as the ability to discriminate against me or my children, create biological weapons or thwart businesses that rely on genomic data.
Credit cards, Social Security numbers, health information, genomic information. Data put into the world of information storage is always at a risk. It all needs to be protected … but I wondered if the same cybersecurity methods apply to each type of data.
Given my profession, I am fortunate to have an understanding of cybersecurity principles that many laypeople do not. Throughout my career in multiple federal government agencies, I have worked in information technology organizations and been able to be part of teams and task forces responsible for identifying cybersecurity risks and mitigating those issues.
Currently, in my role as a principal investigator at the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE), I am leading a project that is exploring an important question: Is genomic data distinct from other data types? How should cybersecurity protection be tailored to genomic data?
In August 2021, at the request of Congress, the NCCoE embarked on an effort to answer these questions. We created an interdisciplinary team that included NIST employees, subject matter experts from MITRE and members from both the University of Alabama in Huntsville and the HudsonAlpha Institute for Biotechnology, also in Huntsville. This team is examining the question of what is unique about genomic data, discovering the most common and pressing cybersecurity concerns specific to this data, and identifying and providing guidance around security and privacy practices to help protect it.
As a first step, we hosted the NCCoE Virtual Workshop on the Cybersecurity of Genomic Data on Jan. 26, 2022, during which we heard from 18 subject matter experts from around the world who discussed the unique challenges of securing genomic data. The speakers represented the U.S. government, public and private universities, industry and professional organizations. Speakers covered their experiences from the time data is created on sequencers through to when it is stored, shared and analyzed. We also heard from privacy experts.
Here are a few things I heard that confirmed my earlier suspicions and thoughts.
I encourage you to look at the workshop materials posted on our website, find the topics that interest you, and then write to our project’s email address genomic_cybersecurity_nccoe [at] nist.gov (genomic_cybersecurity_nccoe[at]nist[dot]gov) and let us know your thoughts on what you found and what would you like to hear more about.
We have a shared interest in providing the right cybersecurity for genomic data. Our future generations are counting on us to get this right!
El genoma humano esta estrechamente vinculado con las huellas dactilares, algo sorprendente, no existe en los millones de seres humanos de este planeta, que tengan igual huella dactilar.
Another very informative article
I am highly concerned about a large amount of genetic data being collected, harvested, and shared all through the world, and the changes in privacy legislation to be able to use that genomic data forever. I help victims of abuse relocate and change their names. Abusers can locate them, especially those that are connected to crimes and skip tracers and government. In addition, once the DNA is collected under "implied consent" or someone just does not read consent, and the GDPR changes, then yes, injections can be created to kill a certain selection of the world population. People are being fooled that the collection of their DNA or genetic code to their postal code is a good thing. It is a dangerous plan. As you stated which is true: There are real risks with genomic data if it falls into the wrong hands, such as the ability to discriminate against me or my children, create biological weapons or thwart businesses that rely on genomic data.
It is very interesting idea and solve a lot of problems on securing data , but if it is abused with better technology some one will control your life.
If eye recall correctly attempting to secure your DNA is futile if living within modern society.
See YouTuber Veratasiums coverage on the matter from late 2021:
I can imagine how many opportunities the legal industry is already banking on with all the legal fun they can have. I just want to track my DNA and it’s use and organizing with others under the same type of traits to manage securing it. I don’t see this ever happening after already attempting to get medical records with red tape by legal requirements. Only an authorized dealer or representative by law to administer and handle securing this information and it’s use for intellectual property rights to uphold.....or some mumbo jumbo legal-lingo to retain the rights in all transactions for your protection.
Enjoying the blog!