Governance & Risk Management , Healthcare , Industry Specific
NIST Report Spotlights Cyber, Privacy Risks in Genomic Data
A Multitude of Considerations for Entities As Use of Genomic Data AdvancesThe explosion in applications using genomic data - from drug and vaccine development and consumer ancestry testing to law enforcement work - is heightening the need to carefully address critical privacy and security concerns around this sensitive data, government authorities say in a new report.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The National Institute for Standards and Technology in a report published Wednesday spotlights the risks facing genomic data as the uses - and potential misuses - of this highly valuable information grows.
"Genomic data has enabled the rapid growth of the U.S. bio-economy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties," NIST said.
Genomic data has unique cybersecurity and privacy concerns inadequately addressed with current policies, guidance documents and technical controls, NIST added.
"At each stage in the genomic data life cycle, from creation to storage and analysis to dissemination, the data can be at risk of being intercepted, corrupted, overwritten, or deleted."
Cyberattacks targeted at genomic data can threaten its confidentiality, integrity and availability, as well as result in intellectual property theft from the U.S. biotechnology industry.
The stakes go beyond loss of privacy, since stolen genomic data could lead foreign powers to extort military and intelligence personnel based on their DNA - or use it to develop biological weapons.
NIST said findings in the report - gleaned from NIST workshops with industry stakeholders as well as other research - also informed the development of NIST draft guidance issued this summer that proposes a framework for protecting the cybersecurity of genomic data.
Experts said guidance from NIST addressing genomic data privacy and security concerns comes at a critical time.
Among many use cases, genomic data is being used to enhance the ability to predict disease, conduct forensic investigations and design pharmaceutical drugs for personalized healthcare, said Dave Bailey, vice president at privacy and security consultancy Clearwater.
"As such, it has significant financial value, and many of the cyberattacks on the healthcare sector are conducted by financially motivated actors," he said. "The value of genomic data to governments and state-sponsored actors will provide additional motivation and increase the likelihood and frequency of attacks on the healthcare sector."
The release of the NIST report comes weeks after the recent disclosure by consumer ancestry and genetics testing firm 23andMe of a credential stuffing attack that affected nearly 7 million individuals (see: 23andMe Says Hackers Stole Ancestry Data on 6.9M Users).