The Growing Importance of Bio-Cybersecurity
What is cyberbiosecurity?
Cyberbiosecurity is a new specialty at understanding and mitigating new biological security risks emerging at the interface between biosecurity and cybersecurity. Facilities that manufacture biologic drugs like vaccines are a critical part of the nation’s biodefense infrastructure.
Will blockchain prevent hacking and turn genome data into a currency?
In a world where more than 26 million people have taken an at-home DNA test, healthcare companies are soon going to have to face a new frontier of patient expectations for security. As patients increasingly want genetic screening to be part of preventative care, healthcare systems are responding by offering DNA sequencing—but nearly all are unprepared for the demands of bio-cybersecurity. As DNA sequencing becomes more common, healthcare providers, payers, vendors, and pharmaceutical companies need to ensure that patient genetic data is secure.
While genetic databases have been put to good use improving medicine and even tracking down serial killers, consumers are gradually becoming aware of why genetic data needs to be better protected. Stories of misuse are revealing how ill-prepared healthcare companies are for genetic sequencing. Between the national security threats of biological warfare and authoritarian states conducting massive surveillance programs (as is currently happening in northwest China), healthcare cybersecurity professionals need to think about how to protect their patients’ genetic information.
Most security breaches involving DNA to date has been testing companies experiencing the garden variety theft of emails and passwords. The risks begin to multiply though when DNA data itself is taken into consideration. Healthcare systems could experience a breach of genetic data from ransomware and be forced to purchase back patient data. Hackers might also use stolen genetic data to blackmail individuals who have compromising information embedded in their DNA. As consumer’s genetic identification becomes increasingly tied to standard forms of identification (e.g. driver’s license, birth certificate, passport, etc.), the opportunity for identity theft using stolen genetic data could become more prevalent. These are not far-fetched futuristic prognostications. Any of these scenarios could appear in the news tomorrow.
The shift to cloud services across healthcare has been a boon to the industry in terms of improving interoperability and accessibility – but it has also opened up greater bio-cybersecurity threats. Healthcare vendors and providers cited cybersecurity, privacy and security as their top concern according to the 2019 HIMSS U.S. Leadership and Workforce Survey. And for good reason: the average healthcare organization spends $1.4 million to recover from a cyberattack, so the cost of inaction is significant.
Allen School researchers expose cybersecurity risks of DNA sequencing software
When researchers from the University of Washington looked at the sort of open-source programs currently used by many DNA test companies, they found the DNA data process pipeline to be extremely vulnerable to hacking. This inherent vulnerability has given rise to a number of start-ups focused on offering secure genetic testing. For many, the future of protecting genetic data lies in blockchain.
Many open-source systems used in DNA analysis began in the cloistered domain of the research lab. As the cost of DNA sequencing has plummeted, new medical and consumer-oriented services have taken advantage, leading to more widespread use — and with it, potential for abuse. While there is no evidence to indicate that DNA sequencing software is at imminent risk, the researchers say now would be a good time to address potential vulnerabilities.
“One of the big things we try to do in the computer security community is to avoid a situation where we say, ‘Oh shoot, adversaries are here and knocking on our door and we’re not prepared,’” said professor Tadayoshi Kohno, co-director of the Security and Privacy Research Lab, in a UW News release.
Read full article