Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
Since the early 2000s, AI systems have eliminated more than 1.7 million jobs, and that number will only increase as AI improves. Some research estimates that by 2025, AI will eliminate more than 85 million jobs.
But for all the talk about job security, AI is also proving to be a powerful tool in healthcare—specifically, cancer detection. One recently published study has shown that, remarkably, artificial intelligence was able to detect 20 percent more cancers in imaging scans than radiologists alone.
Published in The Lancet Oncology, the study analyzed the scans of 80,000 Swedish women with a moderate hereditary risk of breast cancer who had undergone a mammogram between April 2021 and July 2022. Half of these scans were read by AI and then a radiologist to double-check the findings. The second group of scans was read by two researchers without the help of AI. (Currently, the standard of care across Europe is to have two radiologists analyze a scan before diagnosing a patient with breast cancer.)
The study showed that the AI group detected cancer in 6 out of every 1,000 scans, while the radiologists detected cancer in 5 per 1,000 scans. In other words, AI found 20 percent more cancers than the highly-trained radiologists.
Scientists have been using MRI images (like the ones pictured here) to train artificial intelligence to detect cancers earlier and with more accuracy. Here, MIT's AI system, MIRAI, looks for patterns in a patient's mammograms to detect breast cancer earlier than ever before. news.mit.edu
But even though the AI was better able to pinpoint cancer on an image, it doesn’t mean radiologists will soon be out of a job. Dr. Laura Heacock, a breast radiologist at NYU, said in an interview with CNN that radiologists do much more than simply screening mammograms, and that even well-trained technology can make errors. “These tools work best when paired with highly-trained radiologists who make the final call on your mammogram. Think of it as a tool like a stethoscope for a cardiologist.”
AI is still an emerging technology, but more and more doctors are using them to detect different cancers. For example, researchers at MIT have developed a program called MIRAI, which looks at patterns in patient mammograms across a series of scans and uses an algorithm to model a patient's risk of developing breast cancer over time. The program was "trained" with more than 200,000 breast imaging scans from Massachusetts General Hospital and has been tested on over 100,000 women in different hospitals across the world. According to MIT, MIRAI "has been shown to be more accurate in predicting the risk for developing breast cancer in the short term (over a 3-year period) compared to traditional tools." It has also been able to detect breast cancer up to five years before a patient receives a diagnosis.
The challenges for cancer-detecting AI tools now is not just accuracy. AI tools are also being challenged to perform consistently well across different ages, races, and breast density profiles, particularly given the increased risks that different women face. For example, Black women are 42 percent more likely than white women to die from breast cancer, despite having nearly the same rates of breast cancer as white women. Recently, an FDA-approved AI device for screening breast cancer has come under fire for wrongly detecting cancer in Black patients significantly more often than white patients.
As AI technology improves, radiologists will be able to accurately scan a more diverse set of patients at a larger volume than ever before, potentially saving more lives than ever.
Here's how one doctor overcame extraordinary odds to help create the birth control pill
Dr. Percy Julian had so many personal and professional obstacles throughout his life, it’s amazing he was able to accomplish anything at all. But this hidden figure not only overcame these incredible obstacles, he also laid the foundation for the creation of the birth control pill.
Julian’s first obstacle was growing up in the Jim Crow-era south in the early part of the twentieth century, where racial segregation kept many African-Americans out of schools, libraries, parks, restaurants, and more. Despite limited opportunities and education, Julian was accepted to DePauw University in Indiana, where he majored in chemistry. But in college, Julian encountered another obstacle: he wasn’t allowed to stay in DePauw’s student housing because of segregation. Julian found lodging in an off-campus boarding house that refused to serve him meals. To pay for his room, board, and food, Julian waited tables and fired furnaces while he studied chemistry full-time. Incredibly, he graduated in 1920 as valedictorian of his class.
After graduation, Julian landed a fellowship at Harvard University to study chemistry—but here, Julian ran into yet another obstacle. Harvard thought that white students would resent being taught by Julian, an African-American man, so they withdrew his teaching assistantship. Julian instead decided to complete his PhD at the University of Vienna in Austria. When he did, he became one of the first African Americans to ever receive a PhD in chemistry.
Julian received offers for professorships, fellowships, and jobs throughout the 1930s, due to his impressive qualifications—but these offers were almost always revoked when schools or potential employers found out Julian was black. In one instance, Julian was offered a job at the Institute of Paper Chemistory in Appleton, Wisconsin—but Appleton, like many cities in the United States at the time, was known as a “sundown town,” which meant that black people weren’t allowed to be there after dark. As a result, Julian lost the job.
During this time, Julian became an expert at synthesis, which is the process of turning one substance into another through a series of planned chemical reactions. Julian synthesized a plant compound called physostigmine, which would later become a treatment for an eye disease called glaucoma.
In 1936, Julian was finally able to land—and keep—a job at Glidden, and there he found a way to extract soybean protein. This was used to produce a fire-retardant foam used in fire extinguishers to smother oil and gasoline fires aboard ships and aircraft carriers, and it ended up saving the lives of thousands of soldiers during World War II.
At Glidden, Julian found a way to synthesize human sex hormones such as progesterone, estrogen, and testosterone, from plants. This was a hugely profitable discovery for his company—but it also meant that clinicians now had huge quantities of these hormones, making hormone therapy cheaper and easier to come by. His work also laid the foundation for the creation of hormonal birth control: Without the ability to synthesize these hormones, hormonal birth control would not exist.
Julian left Glidden in the 1950s and formed his own company, called Julian Laboratories, outside of Chicago, where he manufactured steroids and conducted his own research. The company turned profitable within a year, but even so Julian’s obstacles weren’t over. In 1950 and 1951, Julian’s home was firebombed and attacked with dynamite, with his family inside. Julian often had to sit out on the front porch of his home with a shotgun to protect his family from violence.
But despite years of racism and violence, Julian’s story has a happy ending. Julian’s family was eventually welcomed into the neighborhood and protected from future attacks (Julian’s daughter lives there to this day). Julian then became one of the country’s first black millionaires when he sold his company in the 1960s.
When Julian passed away at the age of 76, he had more than 130 chemical patents to his name and left behind a body of work that benefits people to this day.