December 9, 2018 at
A new announcement was made on Wednesday by the UK-based Genomics England. The project has set up a goal of mapping the DNA belonging to a million British citizens, and its announcement has declared that they have hit a big milestone on the road to completing the goal. As of Wednesday, the project has gathered 100,000 whole genomes.
While the goal is to collect 1 million samples, the true aim of the project is much bigger. It includes improving treatments for various patients that suffer from rare diseases, especially when it comes to inherited ones. Apart from that, it also aims to attempt and uncover new diagnoses.
As a result, around 13 NHS (National Health Service) Genomic Medicine Centers were created so far. These are completely new and technologically advanced sequencing centers that are used for analyzing whole genomes.
However, a new issue arose after the announcement was made, and it was quickly discovered that servers used for housing the data lack in terms of proper protection. According to reports, after the announcement, an entire swarm of hacking attacks hit the machines that were storing the data. The project had no choice but to turn to a properly protected entity, which ended up being a military base.
More specifically, the data is currently in the care of a Ministry of Defense-owned facility in Corsham, Wiltshire. This location is also known for being home to the Information Systems and Services unit of the Joint Forces Command.
The DNA data is extremely sought after
While the assault of this size was not expected, it is also not the first time that NHS was a target of a hacking attack. Just last year, the ransomware known as WannaCry 2.0 hit numerous UK hospitals before it started spreading to other locations around the world. The NHS suffered a lot of damage, as over one-third of it was disrupted for entire days following the attack. After the attack, the damage was estimated at around $117 million, or £92 million.
Furthermore, Sir John Chisholm, Genomic England Chair, stated that the attacks are not a rare occurrence. Because of that, the project took precautions in form of “de-identifying” the data, meaning that it cannot be traced to specific individuals. Considering the fact that the attacks do tend to happen, the project also tested its defenses in an attempt to ensure that none of the data is ever compromised.
As for the origin of the attacks, MedConfidential’s Phil Booth stated that at least some of the attacks are almost certainly originating from Russia and China. This is of a small surprise to the NHS, considering the fact that health data is more valuable than financial data. Obtaining such information would be of great benefit to criminals, companies, and even entire countries.
Furthermore, this type of data extracted from DNA collections and various genealogy websites is very sensitive in terms of privacy. It is said that it can be used for predicting future medical conditions of individuals and even entire families. While it can be used for saving lives, searching for DNA matches, and alike — it can also be misused for criminal profit.
It is because of this that the FBI has issued warnings to the US healthcare providers, stating that this type of data is likely to be targeted by crooks for faking medical claims, purchasing drugs based on fake records, and even obtaining medical equipment.
Underground markets were even paying $10 per record back in 2014, when an attack on Anthem, a known US health insurer, took place. On the occasion, around 80 million records were said to have been stolen. When the data was sold, its price was 10 times higher than credit card data.