Software Fault Leaves Patients’ Genetic Data Vulnerable to Cyber Attacks
Researchers have found a weakness in software used for genomics data storage, which could leave patients’ information vulnerable to cyber-attacks.
The increasing speed and availability of genetic sequencing technologies has enabled personalised medicine to make significant progress over the last few years. Patient’s genetic profiles are considered when choosing chemotherapy treatment and cures are being developed for rare genetic diseases.
Genetic sequencing works by determining the base sequence of short sections of DNA. A computer analysis programme links the DNA sections back to their locations on the genome before this information is transferred to a programme which compares the patient’s genome to the reference human genome. This enables any genetic variants that the patient has to be identified, showing what treatments will be most effective for them.
The weakness was identified in the widely used software programme Burrows-Wheeler Aligner (BWA). When the BWA programme imports the reference genome from government servers it is transmitted over insecure channels, leaving it vulnerable to cyber-attack. Hackers can plant malicious software on the reference genome, so both are downloaded onto the BWA programme. The malicious software then enables hackers to alter the patient’s genomic data stored on the programme.
Therefore, the results and recommendations from the comparison of the patients’ genome to the reference genome will be completely wrong. This could have extremely dangerous implications, including patients being prescribed drugs that are either ineffective for them or put them at risk or severe side-effects.
Once this weakness was identified, the researchers notified the software developers and the issue was fixed. However, as personalised medicine becomes more widespread, data security must be taken increasingly seriously. The risk of patients’ genetic data being altered could have unthinkable consequences and it is imperative that the healthcare industry takes action.