Researchers Say Genomic Data Can Be Hacked !

Good Afternoon All !

Genomic information is shared among researchers for the advancement of biomedical research. Genomic data contains identifiable information which could pose a risk to individual privacy if leaked.

If access is gained to genome sequence whether directly from your saliva or other tissues, or from a popular genomic information service, this information can be used to see if you appear in a database of people with certain medical conditions, such as heart disease, lung cancer or autism.

Two researchers at the Stanford University School of Medicine,  Suyash Shringarpure, PhD, a postdoctoral scholar in genetics, and Carlos Bustamante, PhD, a professor of genetics, have demonstrated a technique for hacking a network of global genomic databases and how to prevent it. Investigators from the Global Alliance for Genomics and Health are working with the researchers on preventive measures.

On  Oct. 29, The American Journal of Human Genetics published the work that discusses the larger question of how to analyze mixtures of genomes, such as those from different people at a crime scene.

A network of genomic data sets on servers, or beacons, organized by the National Institutes of Health-funded Global Alliance for Genomics and Health, allows researchers to look for a particular genetic variant in a multitude of genomic databases. The networking of genomic databases is part of a larger movement among researchers to share data.

“The beacon system is an elegant solution that allows investigators to ‘ping’ collections of genomes,” said Bustamante. Investigators on the outside of a data set can ping and ask which data set has a particular mutation. “This allows people studying the same rare disease to find one another to collaborate.”

Most of the genomic data sets are specific to a condition or disease. For instance, if  hacker finds an individual’s genome in a heart disease beacon, he can infer that the individual or one of their  relatives is likely to affected by the same. By “pinging” enough beacons in the network of beacons, the hacker could construct a limited profile of the individual.

“Working with the Global Alliance for Genomics and Health, we’ve been able to demonstrate that vulnerability and, more importantly, how to put policy changes in place to minimize the risk,” said Bustamante.

the Beacon Project is a network set up to protect the donors’ identities. Through this, beacon operators are encouraged to “de-identify” individual genomes, so that names or other identifying information are not connected to the genome.

However, Shringarpure and Bustamante said that with just an individual’s genome, that individual can be located within the beacon network.

The federal law that protects health information doesn’t completely cover Genomic information. For example, although the national Genetic Information Nondiscrimination Act prevents health insurers from denying someone coverage or raising someone’s premiums because they have a particular genetic variant, the Act does not apply to other forms of insurance, such as long-term care, disability or life insurance.
'Sequencing? No, this baby tells us how much we can charge for genome data.'
In the paper, various approaches including banning anonymous researchers from querying the beacons; merging data sets to make it harder to identify the exact source of the data; requiring that users be approved; and limiting access in a beacon to a smaller region of the genome are suggested by researchers to secure the data.

“We welcome the paper and look forward to ongoing interactions with the authors and others to ensure beacons provide maximum value while respecting privacy,” Peter Goodhand, executive director of the Global Alliance for Genomics and Health, said

He explained that the organization’s mitigation efforts are in-line with the best practices outlined in its privacy and security policy and include, aggregating data among multiple beacons to increase database size and obscure the database of origin; creating an information-budgeting system to track the rate at which information is revealed and to restrict access when the information disclosed exceeds a certain threshold; and introducing multiple tiers of secured access, including requiring users to be authorized for data access and to agree not to attempt specific risky scenarios.

Shringarpure and Bustamante is interested in applying the technique presented in the paper for DNA mixture interpretation, in which investigators seek to identify one DNA sequence in a mixture of many similar ones. Bustamante explained how this can be useful in crime scenes where DNA from several people is present in one piece of evidence.

This research was partially supported by the National Institutes of Health(grant U01HG007436). Stanford’s Department of Genetics also supported the work.  Stanford University’s Office of Technology Licensing has evaluated the work presented in the paper for potential intellectual property and commercial rights.


Source: Akati

Comments are closed.