February 26 | 2019
Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
Emily Mullin is a science and biotech journalist whose work has appeared in The Washington Post, New York Times, Wall Street Journal, Scientific American, National Geographic and Smithsonian Magazine.
A hacker activating a 3D rendering of DNA data.
(© Production Perig/Fotolia)
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
Emily Mullin is a science and biotech journalist whose work has appeared in The Washington Post, New York Times, Wall Street Journal, Scientific American, National Geographic and Smithsonian Magazine.
Dr. Robert Montgomery, the director of NYU Langone's Transplant Institute, is ironically the recipient of a heart transplant.
[Ed. Note: This is the fourth episode in our Moonshot series, which explores four cutting-edge scientific developments that stand to fundamentally transform our world.]
Keep Reading
Keep Reading
Kira Peikoff was the editor-in-chief of Leaps.org from 2017 to 2021. As a journalist, her work has appeared in The New York Times, Newsweek, Nautilus, Popular Mechanics, The New York Academy of Sciences, and other outlets. She is also the author of four suspense novels that explore controversial issues arising from scientific innovation: Living Proof, No Time to Die, Die Again Tomorrow, and Mother Knows Best. Peikoff holds a B.A. in Journalism from New York University and an M.S. in Bioethics from Columbia University. She lives in New Jersey with her husband and two young sons. Follow her on Twitter @KiraPeikoff.
December 13 | 2019
A Single Blood Test May Soon Replace Your Annual Physical
The measurement of proteins in one blood test could provide a comprehensive snapshot of a person's health in the near future.
(Photo by LuAnn Hunt on Unsplash)
For all the excitement over "personalized medicine" in the last two decades, its promise has not fully come to pass. Consider your standard annual physical.
Scientists have measured thousands of proteins from a single blood test to assess many individualized health conditions at once.
Your doctor still does a blood test to check your cholesterol and gauge your risk for heart disease by considering traditional risk factors (like smoking, diabetes, blood pressure) — an evaluation that has not changed in decades.
But a high-risk number alone is not enough to tell accurately whether you will suffer from heart disease. It just reflects your risk compared to population-level averages. In other words, not every person with elevated "bad" cholesterol will have a heart attack, so how can doctors determine who truly needs to give up the cheeseburgers and who doesn't?
Now, an emerging area of research may unlock some real-time answers. For the first time, as reported in the journal Nature Medicine last week, scientists have measured thousands of proteins from a single blood test to assess many individualized health conditions at once, including liver and kidney function, diabetes risk, body fat, cardiopulmonary fitness, and even smoking and alcohol consumption. Proteins can give a clear snapshot of how your body is faring at any given moment, as well as a sneak preview at what diseases may be lurking under the surface.
"Years from now," says study co-author Peter Ganz of UCSF, "we will probably be looking back on this paper as a milestone in personalized medicine."
We spoke to Ganz about the significance of this milestone. Our interview has been edited and condensed.
Is this the first study of its kind?
Yes, it is. This is a study where we measured 5,000 proteins at once to look for patterns that could either predict the risk of future diseases or inform the current state of health. Previous to this, people have measured typically one protein at a time, and some of these individual proteins have made it into clinical practice.
An example would be a protein called C-reactive protein, which is a measure of inflammation and is used sometimes in cardiology to predict the risk of future heart attacks. But what's really new is this scale. We wanted to get away from just focusing on one problem that the patient may have at a time, whether it's heart disease or kidney disease, and by measuring a much greater number of proteins, the hope is that we could inform the health of ultimately just about every organ in the body or every tissue. It's a step forward for what I would call "a one-stop shop."
"I'm very excited about personalized medicine through proteins as opposed to genes because you get both the nature and nurture."
Three things get me excited about this. One is the convenience for the patient of a single test to determine many different diseases. The second thing is the healthcare cost savings. We estimated what the cost would be to get these 11 healthcare measures that we reported on using traditional testing and the cost was upwards of 3,000 British pounds. And even though I don't know for sure what the cost of the protein tests would ultimately be, [it could come down to about $50 to $100].
The last thing is that the measurement of proteins is part of what people have called personalized medicine or precision medicine. If you look at risk factors across the population, it may not apply to individuals. In contrast, proteins are downstream of risk factors. So proteins actually tell us whether the traditional risk factors have set in motion the necessary machinery to cause disease. Proteins are the worker bees that regulate what the human body does, and so if you can find some anomalies in the proteins, that may inform us if a disease is likely to be ongoing even in its earliest stages.
Does protein testing have advantages over genetic testing for predicting future health risks?
The problem with genomics is that genes usually don't take care of the environment. It's a blueprint, but your blueprint has no idea what you will be exposed to during your lifetime in terms of the environment and lifestyle that you may choose and medications that you may be on. These are things that proteins can account for. I'm very excited about personalized medicine through proteins as opposed to genes because you get both the nature and nurture as opposed to genomics, which only gives you nature but doesn't account for anything else.
Proteins can also be tracked over time and that's not something you can do with genes. So if your behavior improves, your genes won't change, but your proteins will.
Could this new test become a regular feature of your annual physical?
That's the idea. This would be basically almost a standalone test that you could have done every year. And hopefully you wouldn't need other tests to complement this. This could be your yearly physical.
How much more does it need to be validated before it can enter the clinic and patients can trust the results?
This was a proof-of concept study. To really make this useful, we need to expand from 11 measures of health to a hundred or more health insights, to cover the whole body. And we need to expand this to all racial groups. Three of the five centers in the study were European – all Caucasian – so it's one of our high priorities to find groups of patients with better representation of minorities.
When do you expect doctors to be routinely giving this test to patients?
Much closer to five years than 20 years. We're scaling up from 11 disease states to 100, and many of those studies are underway. Results should be done within three to five years.
Do you think insurance will cover it?
Good question. I have been approached by an insurance company that wanted to understand the product better – a major insurer, with the possibility that this could actually be cost saving.
I have to ask you a curveball -- do you think that the downfall of Theranos will make consumers hesitant to trust a new technology that relies on using a single blood sample to screen for multiple health risks?
[Laughs] You're not the first person to ask me that today. I actually got a call from Elizabeth Holmes [in 2008 when I was at Harvard]. I met with her for an afternoon and met her team two more times. I gave them advice that they completely disregarded.
In many ways, what we do is diametrically opposite to Theranos. They had a culture of secrecy, and what we do is about openness. We publish, like this paper in Nature Medicine, to show the scientific details. Our supplement is much longer than the typical academic paper. We reveal everything we know. A lot of the research we do is funded by [the National Institutes of Health], and they have strict expectations about data sharing. So we agree to make the data available on a public website. If there is something we haven't done with the data, others can do it.
So you're saying that this is not another Theranos.
No, God forbid. We hope to be the opposite.
Keep Reading
Keep Reading
Kira Peikoff was the editor-in-chief of Leaps.org from 2017 to 2021. As a journalist, her work has appeared in The New York Times, Newsweek, Nautilus, Popular Mechanics, The New York Academy of Sciences, and other outlets. She is also the author of four suspense novels that explore controversial issues arising from scientific innovation: Living Proof, No Time to Die, Die Again Tomorrow, and Mother Knows Best. Peikoff holds a B.A. in Journalism from New York University and an M.S. in Bioethics from Columbia University. She lives in New Jersey with her husband and two young sons. Follow her on Twitter @KiraPeikoff.