Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
One of the Netherlands’ most famous pieces of pop culture is “Soldier of Orange.” It’s the title of the country’s most celebrated war memoir, movie and epic stage musical, all of which detail the exploits of the nation’s resistance fighters during World War II.
Willem Johan Kolff was a member of the Dutch resistance, but he doesn’t rate a mention in the “Solider of Orange” canon. Yet his wartime toils in a rural backwater not only changed medicine, but the world.
Kolff had been a physician less than two years before Germany invaded the Netherlands in May 1940. He had been engaged in post-graduate studies at the University of Gronigen but withdrew because he refused to accommodate the demands of the Nazi occupiers. Kolff’s Jewish supervisor made an even starker choice: He committed suicide.
After his departure from the university, Kolff took a job managing a small hospital in Kampen. Located 50 miles from the heavily populated coastal region, the facility was far enough away from the prying eyes of Germans that not only could Kolff care for patients, he could hide fellow resistance fighters and even Jewish refugees in relative safety. Kolff coached many of them to feign convincing terminal illnesses so the Nazis would allow them to remain in the hospital.
Despite the demands of practicing medicine and resistance work, Kolff still found time to conduct research. He had been haunted and inspired when, not long before the Nazi invasion, one of his patients died in agony from kidney disease. Kolff wanted to find a way to save future patients.
He broke his problem down to a simple task: If he could remove 20 grams of urea from a patient’s blood in 24 hours, they would survive. He began experimenting with ways to filter blood and return it to a patient’s body. Since the war had ground all non-military manufacturing to a halt, he was mostly forced to make do with material he could find at the hospital and around Kampen. Kolff eventually built a device from a washing machine parts, juice cans, sausage casings, a valve from an old Ford automobile radiator, and even scrap from a downed German aircraft.
The world’s first dialysis machine was hardly imposing; it resembled a rotating drum for a bingo game or raffle. Yet it carried on the highly sophisticated task of moving a patient’s blood through a semi-permeable membrane (about a 50-foot length of sausage casings) into a saline solution that drew out urea while leaving the blood cells untouched.
In emigrating to the U.S. to practice medicine, Kolff's intent was twofold: Advocate for a wider adoption of dialysis, and work on new projects. He wildly succeeded at both.
Kolff began using the machine to treat patients in 1943, most of whom had lapsed into comas due to their kidney failure. But like most groundbreaking medical devices, it was not an immediate success. By the end of the war, Kolff had dialyzed more than a dozen patients, but all had died. He briefly suspended use of the device after the Allied invasion of Europe, but he continued to refine its operation and the administration of blood thinners to patients.
In September 1945, Kolff dialyzed another comatose patient, 67-year-old Sofia Maria Schafstadt. She regained consciousness after 11 hours, and would live well into the 1950s with Kolff’s assistance. Yet this triumph contained a dark irony: At the time of her treatment, Schafstadt had been imprisoned for collaborating with the Germans.
With a tattered Europe struggling to overcome the destruction of the war, Kolff and his family emigrated to the U.S. in 1950, where he began working for the Cleveland Clinic while undergoing the naturalization process so he could practice medicine in the U.S. His intent was twofold: Advocate for a wider adoption of dialysis, and work on new projects. He wildly succeeded at both.
By the mid-1950s, dialysis machines had become reliable and life-saving medical devices, and Kolff had become a U.S. citizen. About that time he invented a membrane oxygenator that could be used in heart bypass surgeries. This was a critical component of the heart-lung machine, which would make heart transplants possible and bypass surgeries routine. He also invented among the very first practical artificial hearts, which in 1957 kept a dog alive for 90 minutes.
Kolff moved to the University of Utah in 1967 to become director of its Institute for Biomedical Engineering. It was a promising time for such a move, as the first successful transplant of a donor heart to a human occurred that year. But he was interested in going a step further and creating an artificial heart for human use.
It took more than a decade of tinkering and research, but in 1982, a team of physicians and engineers led by Kolff succeeded in implanting the first artificial heart in dentist Barney Clark, whose failing health disqualified him from a heart transplant. Although Clark died in March 1983 after 112 days tethered to the device, that it kept him alive generated international headlines. While graduate student Robert Jarvik received the named credit for the heart, he was directly supervised by Kolff, whose various endeavors into artificial organ research at the University of Utah were segmented into numerous teams.
Forty years later, several artificial hearts have been approved for use by the Food and Drug Administration, although all are a “bridge” that allow patients to wait for a transplant.
Kolff continued researching and tinkering with biomedical devices – including artificial eyes and ears – until he retired in 1997 at the age of 86. When he died in 2009, the medical community acknowledged that he was not only a pioneer in biotechnology, but the “father” of artificial organs.
The "Making Sense of Science" podcast features interviews with leading experts about health innovations and the ethical questions they raise. The podcast is hosted by Matt Fuchs, editor of Leaps.org, the award-winning science outlet.
My guest today is Nanea Reeves, the CEO of TRIPP, a wellness platform with some big differences from meditation apps you may have tried like Calm and Headspace. TRIPP's experiences happen in virtual reality, and its realms are designed based on scientific findings about states of mindfulness. Users report feelings of awe and wonder and even mystical experiences. Nanea brings over 15 years of leadership in digital distribution, apps and video game technologies. Before co-founding TRIPP, she had several other leadership roles in tech with successful companies like textPlus and Machinima. Read her full bio below in the links section.
Nanea Reeves, CEO of TRIPP.
TRIPP
Listen to the Episode
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
This conversation coincided with National Brain Awareness Week. The topic is a little different from the Making Sense of Science podcast’s usual focus on breakthroughs in treating and preventing disease, but there’s a big overlap when it comes to breakthroughs in optimal health. Nanea’s work is at the leading edge of health, technology and the science of wellness.
With TRIPP, you might find yourself deep underwater, looking up at the sunlight shimmering on the ocean surface, or in the cosmos staring down at a planet glowing with an arresting diversity of colors. Using TRIPP for the past six months has been a window for me into the future of science-informed wellness and an overall fascinating experience, as was my conversation with Nanea.
Show notes:
Nanea and I discuss her close family members' substance addictions and her own struggle with mental illness as a teen, which led to her first meditation experiences, and much more:
- The common perception that technology is an obstacle for mental well-being, a narrative that overlooks how tech can also increase wellness when it’s designed right.
- Emerging ways of measuring meditation experiences by recording brain waves - and the shortcomings of the ‘measured self’ movement.
- Why TRIPP’s users multiplied during the stress and anxiety of the pandemic, and how TRIPP can can be used to enhance emotional states.
- Ways in which TRIPP’s visuals and targeted sound frequencies have been informed by innovative research from psychologists like Johns Hopkins’ Matthew Johnson.
- Ways to design apps and other technologies to better fulfill the true purpose of mindfulness meditation. (Hint: not simply relaxation.)
- And of course, because the topic is mental wellness and tech, I had to get Nanea's thoughts on Elon Musk, Neuralink and brain machine interfaces.
Here are links for learning more about TRIPP:
- TRIPP website: https://www.tripp.com/about/
- Nanea Reeves bio: https://www.tripp.com/team/nanea-reeves/
- Study of data collected by UK's Office for National Statistics on behavior during the pandemic, which suggests that TRIPP enhanced users' psychological and emotional mindsets: https://link.springer.com/chapter/10.1007/978-3-03...
- Research that's informed TRIPP: https://www.tripp.com/research/
- Washington Post Top Pick at CES: https://www.washingtonpost.com/technology/2019/01/...
- TRIPP's new offering, PsyAssist, to provide support for ketamine-assisted therapy: https://www.mobihealthnews.com/news/tripp-acquires...
- Randomized pilot trial involving TRIPP: https://bmjopen.bmj.com/content/bmjopen/11/4/e0441...