Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
A hacker activating a 3D rendering of DNA data.
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
Today’s more than 20,000 mental health apps have a wide range of functionalities and business models. Many of them can be useful for depression.
Even before the pandemic created a need for more telehealth options, depression was a hot area of research for app developers. Given the high prevalence of depression and its connection to suicidality — especially among today’s teenagers and young adults who grew up with mobile devices, use them often, and experience these conditions with alarming frequency — apps for depression could be not only useful but lifesaving.
“For people who are not depressed, but have been depressed in the past, the apps can be helpful for maintaining positive thinking and behaviors,” said Andrea K. Wittenborn, PhD, director of the Couple and Family Therapy Doctoral Program and a professor in human development and family studies at Michigan State University. “For people who are mildly to severely depressed, apps can be a useful complement to working with a mental health professional.”
Health and fitness apps, in general, number in the hundreds of thousands. These are driving a market expected to reach $102.45 billion by next year. The mobile mental health app market is a small part of this but still sizable at $500 million, with revenues generated through user health insurance, employers, and direct payments from individuals.
Apps can provide data that health professionals cannot gather on their own. People’s constant interaction with smartphones and wearable devices yields data on many health conditions for millions of patients in their natural environments and while they go about their usual activities. Compared with the in-office measurements of weight and blood pressure and the brevity of doctor-patient interactions, the thousands of data points gathered unobtrusively over an extended time period provide a far better and more detailed picture of the person and their health.
At their most advanced level, apps for mental health, including depression, passively gather data on how the user touches and interacts with the mobile device through changes in digital biomarkers that relate to depressive symptoms and other conditions.
Building on three decades of research since early “apps” were used for delivering treatment manuals to health professionals, today’s more than 20,000 mental health apps have a wide range of functionalities and business models. Many of these apps can be useful for depression.
Some apps primarily provide a virtual connection to a group of mental health professionals employed or contracted by the app. Others have options for meditation, sleeping or, in the case of industry leaders Calm and Headspace, overall well-being. On the cutting edge are apps that detect changes in a person’s use of mobile devices and their interactions with them.
Apps such as AbleTo, Happify Health, and Woebot Health focus on cognitive behavioral therapy, a type of counseling with proven potential to change a person’s behaviors and feelings. “CBT has been demonstrated in innumerable studies over the last several decades to be effective in the treatment of behavioral health conditions such as depression and anxiety disorders,” said Dr. Reena Pande, chief medical officer at AbleTo. “CBT is intended to be delivered as a structured intervention incorporating key elements, including behavioral activation and adaptive thinking strategies.”
These CBT skills help break the negative self-talk (rumination) common in patients with depression. They are taught and reinforced by some self-guided apps, using either artificial intelligence or programmed interactions with users. Apps can address loneliness and isolation through connections with others, even when a symptomatic person doesn’t feel like leaving the house.
At their most advanced level, apps for mental health, including depression, passively gather data on how the user touches and interacts with the mobile device through changes in “digital biomarkers” that can be associated with onset or worsening of depressive symptoms and other cognitive conditions. In one study, Mindstrong Health gathered a year’s worth of data on how people use their smartphones, such as scrolling through articles, typing and clicking. Mindstrong, whose founders include former leaders of the National Institutes of Health, modeled the timing and order of these actions to make assessments that correlated closely with gold-standard tests of cognitive function.
National organizations of mental health professionals have been following the expanding number of available apps over the years with keen interest. App Advisor is an initiative of the American Psychiatric Association that helps psychiatrists and other mental health professionals navigate the issues raised by mobile health technology. App Advisor does not rate or recommend particular apps but rather provides guidance about why apps should be assessed and how health professionals can do this.
A website that does review mental health apps is One Mind Psyber Guide, an independent nonprofit that partners with several national organizations. One Mind users can select among numerous search terms for the condition and therapeutic approach of interest. Apps are rated on a five-point scale, with reviews written by professionals in the field.
Do mental health apps related to depression have the kind of safety and effectiveness data required for medications and other medical interventions? Not always — and not often. Yet the overall results have shown early promise, Wittenborn noted.
“Studies that have attempted to detect depression from smartphone and wearable sensors [during a single session] have ranged in accuracy from about 86 to 89 percent,” Wittenborn said. “Studies that tried to predict changes in depression over time have been less accurate, with accuracy ranging from 59 to 85 percent.”
The Food and Drug Administration encourages the development of apps and has approved a few of them—mostly ones used by health professionals—but it is generally “hands off,” according to the American Psychiatric Association. The FDA has published a list of examples of software (including programming of apps) that it does not plan to regulate because they pose low risk to the public. First on the list is software that helps patients with diagnosed psychiatric conditions, including depression, maintain their behavioral coping skills by providing a “Skill of the Day” technique or message.
On its App Advisor site, the American Psychiatric Association says mental health apps can be dangerous or cause harm in multiple ways, such as by providing false information, overstating the app’s therapeutic value, selling personal data without clearly notifying users, and collecting data that isn’t relevant to mental health.
Although there is currently reason for caution, patients may eventually come to expect mental health professionals to recommend apps, especially as their rating systems, features and capabilities expand. Through such apps, patients might experience more and higher quality interactions with their mental health professionals. “Apps will continue to be refined and become more effective through future research,” said Wittenborn. “They will become more integrated into practice over time.”
Podcast: Has the First 150-Year-Old Already Been Born
In today's podcast episode, Steven Austad explains why we should want to live a long time as long as that involves longer healthspans.
Steven Austad is a pioneer in the field of aging, with over 200 scientific papers and book chapters on pretty much every aspect of biological aging that you could think of. He’s also a strong believer in the potential for anti-aging therapies, and he puts his money where his mouth is. In 2001, he bet a billion dollars that the first person to reach 150-years-old had already been born. I had a chance to talk with Steven for today’s podcast and asked if he still thinks the bet was a good idea, since the oldest person so far (that we know of), Jeanne Calment, died back in 1997. A few days after our conversation, the oldest person in the world, Kane Tanaka, died at 119.
Steven is the Protective Life Endowed Chair in Health Aging Research, a Distinguished Professor and Chair of the Department of Biology at the University of Alabama Birmingham. He's also Senior Scientific Director of the American Federation for Aging Research, which is managing a groundbreaking longevity research trial that started this year. Steven is also a great science communicator with five books, including one that comes out later this year, Methuselah’s Zoo, and he publishes prolifically in national media outlets.
See the rest of his bio linked below in the show notes.
Listen to the Episode
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
Steven Austad is featured in the latest episode of Making Sense of Science. He's a distinguished professor of biology at the University of Alabama Birmingham and has a new book due to be published in August, Methuselah's Zoo.
Photo by Steve Wood
Show notes:
2:36 - Steven explains why a particular opossum convinced him to dedicate his career to studying longevity.
6:48 - Steven's billion dollar bet that someone alive today will make it to 150-years-old.
9:15 - The most likely people to make it to 150 (Hint: not men).
10:38 - I ask Steven about Elon Musk’s comments this month that if people lived a really long time, “we’d be stuck with old ideas and society wouldn’t advance.” Steve isn’t so fond of that take.
13:34 - Why women are winning maybe the most important battle of sexes: staying alive. This is an area that Steven has led research on (see show notes).
18:20 - Why women, on average, actually have more morbidities earlier than men, even though they live longer.
23:10 - How the pandemic could affect sex differences in longevity.
24:55 - How often should people work out and get other physical activity to maximize longevity and health span?
29:09 - Steven gave me the latest update on the TAME trial on metformin, and how he and others longevity experts designed this groundbreaking research on longevity not in their offices, not on a zoom call, but in a castle in the Spanish countryside.
32:10 - Which anti-aging therapies are the most promising at this point for future research.
39:32 - The drug cocktail approach to address multiple hallmarks of aging.
41:00 - How to read health news like a scientist.
45:38 - Should we try a Manhattan project for aging?
48:47 - Can Jeff Bezos and Larry Ellison help us live to 150?
Show links:
Steven Austad's bio
Pre-order Steven's new book, Methuselah's Zoo - https://www.amazon.com/dp/B09M2QGRJR/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1
Steven's journal article on Sex Differences in Lifespan - https://pubmed.ncbi.nlm.nih.gov/27304504/
Elon Musk's comments on super longevity "asphyxiating" society - https://www.cnbc.com/2022/04/11/elon-musk-on-avoid...
Steven's article on how to read news articles about health like a pro - https://www.nextavenue.org/how-to-read-health-news...
AFAR's research on Targeting Aging with Metformin (TAME) - https://www.afar.org/tame-trial