Bad Actors Getting Your Health Data Is the FBI’s Latest Worry
In February 2015, the health insurer Anthem revealed that criminal hackers had gained access to the company's servers, exposing the personal information of nearly 79 million patients. It's the largest known healthcare breach in history.
FBI agents worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks.
That year, the data of millions more would be compromised in one cyberattack after another on American insurers and other healthcare organizations. In fact, for the past several years, the number of reported data breaches has increased each year, from 199 in 2010 to 344 in 2017, according to a September 2018 analysis in the Journal of the American Medical Association.
The FBI's Edward You sees this as a worrying trend. He says hackers aren't just interested in your social security or credit card number. They're increasingly interested in stealing your medical information. Hackers can currently use this information to make fake identities, file fraudulent insurance claims, and order and sell expensive drugs and medical equipment. But beyond that, a new kind of cybersecurity threat is around the corner.
Mr. You and others worry that the vast amounts of healthcare data being generated for precision medicine efforts could leave the U.S. vulnerable to cyber and biological attacks. In the wrong hands, this data could be used to exploit or extort an individual, discriminate against certain groups of people, make targeted bioweapons, or give another country an economic advantage.
Precision medicine, of course, is the idea that medical treatments can be tailored to individuals based on their genetics, environment, lifestyle or other traits. But to do that requires collecting and analyzing huge quantities of health data from diverse populations. One research effort, called All of Us, launched by the U.S. National Institutes of Health last year, aims to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care.
Other initiatives are underway by academic institutions and healthcare organizations. Electronic medical records, genetic tests, wearable health trackers, mobile apps, and social media are all sources of valuable healthcare data that a bad actor could potentially use to learn more about an individual or group of people.
"When you aggregate all of that data together, that becomes a very powerful profile of who you are," Mr. You says.
A supervisory special agent in the biological countermeasures unit within the FBI's weapons of mass destruction directorate, it's Mr. You's job to imagine worst-case bioterror scenarios and figure out how to prevent and prepare for them.
That used to mean focusing on threats like anthrax, Ebola, and smallpox—pathogens that could be used to intentionally infect people—"basically the dangerous bugs," as he puts it. In recent years, advances in gene editing and synthetic biology have given rise to fears that rogue, or even well-intentioned, scientists could create a virulent virus that's intentionally, or unintentionally, released outside the lab.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that."
While Mr. You is still tracking those threats, he's been traveling around the country talking to scientists, lawyers, software engineers, cyber security professionals, government officials and CEOs about new security threats—those posed by genetic and other biological data.
Emerging threats
Mr. You says one possible situation he can imagine is the potential for nefarious actors to use an individual's sensitive medical information to extort or blackmail that person.
"If a foreign source, especially a criminal one, has your biological information, then they might have some particular insights into what your future medical needs might be and exploit that," he says. For instance, "what happens if you have a singular medical condition and an outside entity says they have a treatment for your condition?" You could get talked into paying a huge sum of money for a treatment that ends up being bogus.
Or what if hackers got a hold of a politician or high-profile CEO's health records? Say that person had a disease-causing genetic mutation that could affect their ability to carry out their job in the future and hackers threatened to expose that information. These scenarios may seem far-fetched, but Mr. You thinks they're becoming increasingly plausible.
On a wider scale, Kavita Berger, a scientist at Gryphon Scientific, a Washington, D.C.-area life sciences consulting firm, worries that data from different populations could be used to discriminate against certain groups of people, like minorities and immigrants.
For instance, the advocacy group Human Rights Watch in 2017 flagged a concerning trend in China's Xinjiang territory, a region with a history of government repression. Police there had purchased 12 DNA sequencers and were collecting and cataloging DNA samples from people to build a national database.
"The concern is that this particular province has a huge population of the Muslim minority in China," Ms. Berger says. "Now they have a really huge database of genetic sequences. You have to ask, why does a police station need 12 next-generation sequencers?"
Also alarming is the potential that large amounts of data from different groups of people could lead to customized bioweapons if that data ends up in the wrong hands.
Eleonore Pauwels, a research fellow on emerging cybertechnologies at United Nations University's Centre for Policy Research, says new insights gained from genomic and other data will give scientists a better understanding of how diseases occur and why certain people are more susceptible to certain diseases.
"As you get more and more knowledge about the genomic picture and how the microbiome and the immune system of different populations function, you could get a much deeper understanding about how you could target different populations for treatment but also how you could eventually target them with different forms of bioagents," Ms. Pauwels says.
Economic competitiveness
Another reason hackers might want to gain access to large genomic and other healthcare datasets is to give their country a leg up economically. Many large cyber-attacks on U.S. healthcare organizations have been tied to Chinese hacking groups.
"This is a biological space race and we just haven't woken up to the fact that we're in this race."
"It's becoming clear that China is increasingly interested in getting access to massive data sets that come from different countries," Ms. Pauwels says.
A year after U.S. President Barack Obama conceived of the Precision Medicine Initiative in 2015—later renamed All of Us—China followed suit, announcing the launch of a 15-year, $9 billion precision health effort aimed at turning China into a global leader in genomics.
Chinese genomics companies, too, are expanding their reach outside of Asia. One company, WuXi NextCODE, which has offices in Shanghai, Reykjavik, and Cambridge, Massachusetts, has built an extensive library of genomes from the U.S., China and Iceland, and is now setting its sights on Ireland.
Another Chinese company, BGI, has partnered with Children's Hospital of Philadelphia and Sinai Health System in Toronto, and also formed a collaboration with the Smithsonian Institute to sequence all species on the planet. BGI has built its own advanced genomic sequencing machines to compete with U.S.-based Illumina.
Mr. You says having access to all this data could lead to major breakthroughs in healthcare, such as new blockbuster drugs. "Whoever has the largest, most diverse dataset is truly going to win the day and come up with something very profitable," he says.
Some direct-to-consumer genetic testing companies with offices in the U.S., like Dante Labs, also use BGI to process customers' DNA.
Experts worry that China could race ahead the U.S. in precision medicine because of Chinese laws governing data sharing. Currently, China prohibits the exportation of genetic data without explicit permission from the government. Mr. You says this creates an asymmetry in data sharing between the U.S. and China.
"This is a biological space race and we just haven't woken up to the fact that we're in this race," he said in January at an American Society for Microbiology conference in Washington, D.C. "We don't have access to their data. There is absolutely no reciprocity."
Protecting your data
While Mr. You has been stressing the importance of data security to anyone who will listen, the National Academies of Sciences, Engineering, and Medicine, which makes scientific and policy recommendations on issues of national importance, has commissioned a study on "safeguarding the bioeconomy."
In the meantime, Ms. Berger says organizations that deal with people's health data should assess their security risks and identify potential vulnerabilities in their systems.
As for what individuals can do to protect themselves, she urges people to think about the different ways they're sharing healthcare data—such as via mobile health apps and wearables.
"Ask yourself, what's the benefit of sharing this? What are the potential consequences of sharing this?" she says.
Mr. You also cautions people to think twice before taking consumer DNA tests. They may seem harmless, he says, but at the end of the day, most people don't know where their genetic information is going. "If your genetic sequence is taken, once it's gone, it's gone. There's nothing you can do about it."
Your phone could show if a bridge is about to collapse
In summer 2017, Thomas Matarazzo, then a postdoctoral researcher at the Massachusetts Institute of Technology, landed in San Francisco with a colleague. They rented two cars, drove up to the Golden Gate bridge, timing it to the city’s rush hour, and rode over to the other side in heavy traffic. Once they reached the other end, they turned around and did it again. And again. And again.
“I drove over that bridge 100 times over five days, back and forth,” says Matarazzo, now an associate director of High-Performance Computing in the Center for Innovation in Engineering at the United States Military Academy, West Point. “It was surprisingly stressful, I never anticipated that. I had to maintain the speed of about 30 miles an hour when the speed limit is 45. I felt bad for everybody behind me.”
Matarazzo had to drive slowly because the quality of data they were collecting depended on it. The pair was designing and testing a new smartphone app that could gather data about the bridge’s structural integrity—a low-cost citizen-scientist alternative to the current industrial methods, which aren’t always possible, partly because they’re expensive and complex. In the era of aging infrastructure, when some bridges in the United States and other countries are structurally unsound to the point of collapsing, such an app could inform authorities about the need for urgent repairs, or at least prompt closing the most dangerous structures.
There are 619,588 bridges in the U.S., and some of them are very old. For example, the Benjamin Franklin Bridge connecting Philadelphia to Camden, N.J., is 96-years-old while the Brooklyn Bridge is 153. So it’s hardly surprising that many could use some upgrades. “In the U.S., a lot of them were built in the post-World War II period to accommodate the surge of motorization,” says Carlo Ratti, architect and engineer who directs the Senseable City Lab at Massachusetts Institute of Technology. “They are beginning to reach the end of their life.”
According to the 2022 American Road & Transportation Builders Association’s report, one in three U.S. bridges needs repair or replacement. The Department of Transportation (DOT) National Bridge Inventory (NBI) database reveals concerning numbers. Thirty-six percent of U.S. bridges need repair work and over 78,000 bridges should be replaced. More than 43,500 bridges are rated in poor condition and classified as “structurally deficient” – an alarming description. Yet, people drive over them 167.5 million times a day. The Pittsburgh bridge which collapsed in January this year—only hours before President Biden arrived to discuss the new infrastructure law—was on the “poor” rating list.
Assessing the structural integrity of a bridge is not an easy endeavor. Most of the time, these are visual inspections, Matarazzo explains. Engineers check cracks, rust and other signs of wear and tear. They also check for wildlife—birds which may build nests or even small animals that make homes inside the bridge structures, which can slowly chip at the structure. However, visual inspections may not tell the whole story. A more sophisticated and significantly more expensive inspection requires placing special sensors on the bridge that essentially listen to how the bridge vibrates.
“Some bridges can afford expensive sensors to do the job, but that comes at a very high cost—hundreds of thousands of dollars per bridge per year,” Ratti says.
We may think of bridges as immovable steel and concrete monoliths, but they naturally vibrate, oscillating slightly. That movement can be influenced by the traffic that passes over them, and even by wind. Bridges of different types vibrate differently—some have longer vibrational frequencies and others shorter ones. A good way to visualize this phenomenon is to place a ruler over the edge of a desk and flick it slightly. If the ruler protrudes far off the desk, it will vibrate slowly. But if you shorten the end that hangs off, it will vibrate much faster. It works similarly with bridges, except there are more factors at play, including not only the length, but also the design and the materials used.
The long suspension bridges such as the Golden Gate or Verrazano Narrows, which hang on a series of cables, are more flexible, and their vibration amplitudes are longer. The Golden Gate Bridge can vibrate at 0.106 Hertz, where one Hertz is one oscillation per second. “Think about standing on the bridge for about 10 seconds—that's how long it takes for it to move all the way up and all the way down in one oscillation,” Matarazzo says.
On the contrary, the concrete span bridges that rest on multiple columns like Brooklyn Bridge or Manhattan Bridge, are “stiffer” and have greater vibrational frequencies. A concrete bridge can have a frequency of 10 Hertz, moving 10 times in one second—like that shorter stretch of a ruler.
The special devices that can pick up and record these vibrations over time are called accelerometers. A network of these devices for each bridge can cost $20,000 to $50,000, and more—and require trained personnel to place them. The sensors also must stay on the bridge for some time to establish what’s a healthy vibrational baseline for a given bridge. Maintaining them adds to the cost. “Some bridges can afford expensive sensors to do the job, but that comes at a very high cost—hundreds of thousands of dollars per bridge per year,” Ratti says.
Making sense of the readouts they gather is another challenge, which requires a high level of technical expertise. “You generally need somebody, some type of expert capable of doing the analysis to translate that data into information,” says Matarazzo, which ticks up the price, so doing visual inspections often proves to be a more economical choice for state-level DOTs with tight budgets. “The existing systems work well, but have downsides,” Ratti says. The team thought the old method could use some modernizing.
Smartphones, which are carried by millions of people, contain dozens of sensors, including the accelerometers capable of picking up the bridges’ vibrations. That’s why Matarazzo and his colleague drove over the bridge 100 times—they were trying to pick up enough data. Timing it to rush hour supported that goal because traffic caused more “excitation,” Matarazzo explains. “Excitation is a big word we use when we talk about what drives the vibration,” he says. “When there's a lot of traffic, there's more excitation and more vibration.” They also collaborated with Uber, whose drivers made 72 trips across the bridge to gather data in different cars.
The next step was to clean the data from “noise”—various vibrations that weren’t relevant to the bridge but came from the cars themselves. “It could be jumps in speed, it could be potholes, it could be a bunch of other things," Matarazzo says. But as the team gathered more data, it became easier to tell the bridge vibrational frequencies from all others because the noises generated by cars, traffic and other things tend to “cancel out.”
The team specifically picked the Golden Gate bridge because the civil structural engineering community had studied it extensively over the years and collected a host of vibrational data, using traditional sensors. When the researchers compared their app-collected frequencies with those gathered by 240 accelerometers formerly placed on the Golden Gate, the results were the same—the data from the phones converged with that from the bridge’s sensors. The smartphone-collected data were just as good as those from industry devices.
The study authors estimate that officials could use crowdsourced data to make key improvements that would help new bridges to last about 14 years longer.
The team also tested their method on a different type of bridge—not a suspension one like the Golden Gate, but a concrete span bridge in Ciampino, Italy. There they compared 280 car trips over the bridge to the six sensors that had been placed on the bridge for seven months. The results were slightly less matching, but a larger volume of trips would fix the divergence, the researchers wrote in their study, titled Crowdsourcing bridge dynamic monitoring with smartphone vehicle trips, published last month in Nature Communications Engineering.
Although the smartphones proved effective, the app is not quite ready to be rolled out commercially for people to start using. “It is still a pilot version,” so there’s room for improvement, says Ratti, who co-authored the study. “But on a more optimistic note, it has really low barriers to entry—all you need is smartphones on cars—so that makes the system easy to reach a global audience.” And the study authors estimate that the use of crowdsourced data would result in a new bridge lasting about 14 years longer.
Matarazzo hopes that the app could be eventually accessible for your average citizen scientist to collect the data and supply it to their local transportation authorities. “I hope that this idea can spark a different type of relationship with infrastructure where people think about the data they're collecting as some type of contribution or investment into their communities,” he says. “So that they can help their own department of transportation, their own municipality to support that bridge and keep it maintained better, longer and safer.”
Lina Zeldovich has written about science, medicine and technology for Popular Science, Smithsonian, National Geographic, Scientific American, Reader’s Digest, the New York Times and other major national and international publications. A Columbia J-School alumna, she has won several awards for her stories, including the ASJA Crisis Coverage Award for Covid reporting, and has been a contributing editor at Nautilus Magazine. In 2021, Zeldovich released her first book, The Other Dark Matter, published by the University of Chicago Press, about the science and business of turning waste into wealth and health. You can find her on http://linazeldovich.com/ and @linazeldovich.
The Friday Five: Sugar could help catch cancer early
The Friday Five covers five stories in research that you may have missed this week. There are plenty of controversies and troubling ethical issues in science – and we get into many of them in our online magazine – but this news roundup focuses on scientific creativity and progress to give you a therapeutic dose of inspiration headed into the weekend.
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
Here are the promising studies covered in this week's Friday Five:
- Catching cancer early could depend on sugar
- How to boost memory in a flash
- This is your brain on books
- A tiny sandwich cake could help the heart
- Meet the top banana for fighting Covid variants