Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
A hacker activating a 3D rendering of DNA data.
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
Drugs That Trick Older People’s Bodies to Behave Younger Might Boost the Effectiveness of a COVID-19 Vaccine
Because vaccination may be less effective in older people, it is imperative to test now whether immune boosters could help the efficacy of a COVID-19 vaccine in the elderly.
In our April 23rd editorial for this magazine, we argued that addressing the COVID-19 pandemic requires that we both fight the SARS-CoV-2 virus and fortify the human hosts who are most vulnerable to it.
Two recent phase 2 studies in older adults have suggested that a new category of drugs called rapalogues can in some cases increase the immunization capacity of older adults.
Because people over 70 account for more than 80 percent of reported COVID-19 deaths globally, this means we must do everything possible to protect our elders.
A range of recent studies have suggested that systemic knobs might metaphorically be turned to slow the cellular aging process, making us better able to fight off the many diseases correlated with aging. These types of systemic changes might be used to stem the specific decline in immunity caused by aging and to increases the biological capacity of elderly people to effectively fight viral infection.
But while helping make older people more resilient in the face of a viral infection is critical, that's not the only way geroscience can help in our fight against this deadly pandemic.
As we move toward hopefully developing one or more COVID-19 vaccines, researchers must more fully appreciate the ways in which traditional vaccines can be less effective in older people than in younger ones.
Repeated studies have shown that the flu vaccine, for example, has lower efficacy in older people than in younger ones. Older people tend to develop fewer antibodies after being vaccinated because a subset of their white blood cells, called T cells, have become less responsive over time. Some inflammatory peptides that increase with aging are also preventing the action of those T cells.
This is why there's a distinct possibility that a future COVD-19 vaccine, particularly one utilizing the traditional attenuated virus approach, could be less effective in older people than in younger ones.
Given the extreme urgency of developing vaccines that work well for everyone, we need to make sure that researchers are exploring all of the ways our elders can be best protected. While generating a vaccine that works equally well for people of all ages would be ideal, we can't count on that.
One way to bridge this gap might be to trick the bodies of older people into behaving as if they are younger just at the moment what a vaccine is delivered by giving them pre-immunization boosters.
Two recent phase 2 studies in older adults have suggested that a new category of drugs called rapalogues can in some cases increase the immunization capacity of older adults. Use of the drug for a short time period before flu shot immunization increased the antibody production for the flu and resulted in a 52 percent decrease in the occurrence of severe diseases needing medical help or hospitalization. This short-term pre-immunization intervention can also decrease the severity of serious respiratory tract infections, the deadliest manifestations of COVID-19, by similar magnitude. These patients also had almost half the incidence of the non-COVID-19 coronaviruses associated with the common cold.
The fact that those people were protected by treatment before hospitalization suggests metformin may have a role in boosting the vaccination of older people.
An inexpensive generic drug called metformin similarly targets the decline in immunity and inflammation (and extends health span and lifespan) in animals and has been used for decades to protect against the flu. A recent paper from a hospital in Wuhan, China showed that mortality of elderly COVID-19 diabetic patients on metformin was 25 percent less than that of patients with diabetes but not on metformin.
Another study from the U.S. showed that COVID-19 patients on metformin had a 20 percent decrease in mortality and lower inflammation. The fact that those people were protected by treatment before hospitalization suggests metformin may have a role in boosting the vaccination of older people.
We don't yet know whether rapalogues or metformin could be used as COVID-19 immunization boosters, not least because we don't have those vaccines. But we can and should make sure that all vaccine trials including older subjects also consider offering a subset of those subjects appropriate doses of rapalogues or metformin to explore whether doing so can boost the efficacy of a given vaccine.
If we weren't in the middle of the worst pandemic in a century, we would have more time to test our vaccines slowly and sequentially. In the context of the current crisis, however, testing whether immunization boosters might increase the efficacy of potential COVID-19 vaccines for older adults is at the very least a hypothesis worth exploring.
How We Can Return to Normal Life in the COVID-19 Era
A crowded baseball stadium is the epitome of "getting back to normal."
I was asked recently when life might return to normal. The question is simple but the answer is complex, with many knowns, lots of known unknowns, and some unknown unknowns. But I'll give it my best shot.
To get the fatality rate down to flu-like levels would require that we cut Covid-19 fatalities down by a factor of 5.
Since I'm human (and thus want my life back), I might be biased toward optimism.
Here's one way to think about it: Is there another infection that causes sickness and death at levels that we tolerate? The answer, of course, is 'yes': influenza.
According to the Centers for Disease Control, from 2010 to 2019, an average of 30 million Americans had the flu each year, leading to an annual average of 37,000 deaths. This works out to an infection-fatality rate, or IFR, of 0.12 percent. We've tolerated that level of illness death from influenza for a century.
Before going on, let's get one thing out of the way: Back in March, Covid-19 wasn't, as some maintained, "like the flu," and it still isn't. Since then, the U.S. has had 3.9 million confirmed Covid-19 cases and 140,000 deaths, for an IFR of 3.6 percent. Taking all the cases — including asymptomatic patients and those with minimal symptoms who were never tested for Covid-19 — into account, the real IFR is probably 0.6 percent, or roughly 5 times that of the flu.
Nonetheless, even a partly effective vaccine, combined with moderately effective medications, could bring Covid-19 numbers down to a tolerable, flu-like, threshold. It's a goal that seems within our reach.
Chronic mask-wearing and physical distancing are not my idea of normal, nor, I would venture to guess, would most other Americans consider these desirable states in which to live. We need both now to achieve some semblance of normalcy, but they're decidedly not normal life. My notion of normal: daily life with no or minimal mask wearing, open restaurants and bars, ballparks with fans, and theaters with audiences.
My projection for when we might get there: perhaps a year from now.
To get the fatality rate down to flu-like levels would require that we cut Covid-19 fatalities down by a factor of 5, via some combination of fewer symptomatic cases and a lower chance that a symptomatic patient will go on to die. How might that happen?
First, we have to make some impact on young people – getting them to follow the public health directives at higher rates than they are currently. The main reason we need to push younger people to stay safe is that they can spread Covid-19 to vulnerable people (those who are older, with underlying health problems). But, once the most vulnerable are protected (through the deployment of some combination of effective medications and a vaccine), the fact that some young people aren't acting safely – or maybe won't take a vaccine themselves – wouldn't cause so much concern. The key is whether the people at highest risk for bad outcomes are protected.
Then there's the vaccine. The first principle: We don't need a 100 percent-effective vaccine injected into 320 million deltoid muscles (in the U.S. alone). Thank God, since it's fanciful to believe that we can have a vaccine that's 100 percent effective, universally available by next summer, and that each and every American agrees to be vaccinated.
How are we doing in our vaccine journey? We've been having some banner days lately, with recent optimistic reports from several of the vaccine companies. In one report, the leading candidate vaccine, the one effort being led by Oxford University, led to both antibodies and a cellular immune response, a very helpful belt-and-suspenders approach that increases the probability of long-lasting immunity. This good news comes on the heels of the positive news regarding the American vaccine being made by Moderna earlier in July.
While every article about vaccines sounds the obligatory cautionary notes, to date we've checked every box on the path to a safe and effective vaccine. We might not get there, but most experts are now predicting an FDA-approvable vaccine (more than 50 percent effective with no show-stopping side effects) by early 2021.
It is true that we don't know how long immunity will last, but that can be a problem to solve later. In this area, time is our friend. If we can get to an effective vaccine that lasts for a year or two, over time we should be able to discover strategies (more vaccine boosters, new and better medications) to address the possibility of waning immunity.
All things considered, I'm going to put my nickel down on the following optimistic scenario: we'll have one, and likely several, vaccines that have been proven to be more than 50 percent effective and safe by January, 2021.
If only that were the finish line.
Once we vaccinate a large fraction of high-risk patients, having a moderate number of unvaccinated people running around won't pose as much threat.
The investments in manufacturing and distribution should pay off, but it's still inconceivable that we'll be able to get vaccines to 300 million people in three to six months. For the 2009 Swine Flu, we managed to vaccinate about 1 in 4 Americans over six months.
So we'll need to prioritize. First in line will likely be the 55 million Americans over 65, and the six to eight million patient-facing healthcare workers. (How to sort priorities among people under 65 with "chronic diseases" will be a toughie.) Vaccinating 80-100 million vulnerable people, plus clinicians, might be achievable by mid-21.
If we can protect vulnerable people with an effective vaccine (with the less vulnerable waiting their turn over a subsequent 6-12 month period), that may be enough to do the trick. (Of course, vulnerable people may also be least likely to develop immunity in response to a vaccine. That could be an Achilles' heel – time will tell.)
Why might that be enough? Once we vaccinate a large fraction of high-risk patients, having a moderate number of unvaccinated people running around won't pose as much threat. Since they're at lower risk, they have a lower chance of getting sick and dying than those who received the vaccine first.
We're likely to have better meds by then, too. Since March, we've discovered two moderately effective medications for Covid-19 — remdesivir and dexamethasone. It seems likely that we'll find others by next summer, perhaps even a treatment that prevents patients from getting ill in the first place. There are many such therapies, ranging from zinc to convalescent plasma, currently being studied.
Moreover, we know that hospitals that are not overrun with Covid-19 have lower mortality rates. If we've gotten a fairly effective vaccine into most high-risk people, the hospitals are unlikely to be overwhelmed – another factor that may help lower the mortality rate to flu-like levels.
All of these factors – vaccination of most vulnerable people, one or two additional effective medications, hospitals and ICU's that aren't overwhelmed – could easily combine to bring the toll of Covid-19 down to something that resembles that of the flu. Then, we should be able to return to normal life.
Whatever the reason, if enough people refuse the vaccine, all bets are off.
What do I worry about? There's the growing anti-vaxxer movement, for one. On top of that, it seems that many Americans worry that a vaccine discovered in record speed won't be safe, or that the FDA approval process will have been corrupted by political influences. Whatever the reason, if enough people refuse the vaccine, all bets are off.
Assuming only high-risk people do get vaccinated, there will still be cases of Covid-19, maybe even mini-outbreaks, well into 2021 and likely 2022. Obviously, that's not ideal, and we should hope for a vaccine that results in the complete eradication of Covid-19. But the point is that, even with flu-like levels of illness and death, we should still be able to achieve "normal."
Hope is not a strategy, as the saying goes. But it is hope, which is more than we've had for a while.