Hacking DNA information

Sunday, August 05, 2018

Print this page Email A Friend!

WE are currently celebrating our Emancipation and Independence, yet we are now living in a 'global village' where everything is interconnected and from which we cannot be separated.

For example, computer hacking has been occurring in virtually every jurisdiction, but one of the latest concerns is that of hackers accessing people's DNA information. In June, the DNA testing service MyHeritage revealed that hackers had breached 92 million of their accounts.

They stated that the hackers had only accessed encrypted emails and passwords, and did not reach the actual genetic data of individuals. However, as consumer genetic testing becomes more and more popular, it can be anticipated that such hacking is likely to occur more frequently.

You may therefore ask why hackers would want DNA information specifically, and what might the implications be of a big DNA breach.

Why is this a cause for concern?

One possible reason is that hackers might want to sell DNA data for ransom. Hackers could threaten to block access or post the sensitive information online if not given money in return. In fact, one hospital in Indiana, USA, paid out US$55,000 to hackers for that very reason. Consequently, there are several reasons why genetic data could be lucrative.

The data could be sold quietly to interested individuals, or monetised to insurance companies. For example, a person may apply for a long-term loan and get rejected because deep within the corporate system there is data that the person might be predisposed to Alzheimer's disease and die before they can repay the loan.

Some companies offer health and other medical tests, and so many stakeholders are interested in DNA. Researchers may want genetic data for scientific studies; insurance companies would want genetic data to help them calculate the cost of health and life insurance; and the police might want genetic data to help them track down criminals.

Lack of protection

Hence, a lack of robust protections for genetic privacy could produce a genetic data breach, with subsequent nightmares for all concerned. Simply put, if there is data that exists then there is always a way for it to be exploited, so genetic testing sites are a treasure of sensitive information.

Some sites located in the USA offer users the option to download a copy of their full genetic code. While we can't read a person's genetic code like a book to gain insights, there are easy-to-access account pages at the website with health interpretations that would be most useful for hackers.

There are genetic markers for diseases such as BRCA1/BRCA2 for breast cancer, markers for late-onset Alzheimer's disease, Parkinson's disease, Aplha-1 antitrypsin deficiency, Celiac disease, hereditary hemochromatosis, and hereditary thrombophilia. Such data could be valuable to insurance companies and employees.

In this globalised world where this data may be posted online, the data could be used to genetically discriminate against people — denying them mortgages — or to increase insurance costs. So when genetic data becomes commonplace in the not-too-distant future, people might be able to pay a fee and obtain access to someone's genetic data similar to the way in which we can gain access to a person's criminal background.

The underground market

While many companies and the police would perhaps not want to actively work with hackers, sometimes it is unclear where the data is coming from, and there will always be underground markets through which this information could be bought and sold, or used as blackmail. Moreover, simply because the data was procured as a result of a hack does not mean that some people would not want to have access to it.

Further complicating the issue is that consumer tests are sometimes wrong. Medical and health testing can produce false positives, and even ancestry tests can be grossly inaccurate. So while you may seek a credit report and easily dispute its contents, almost no member of the lay public has the genetic literacy to find their information, understand it, and correct it.

Further, there are currently not enough genetic counsellors, and many primary care doctors do not feel comfortable interpreting genetic results.

No regulation

No legislation or regulation currently exists that addresses what happens to data from a breach, yet a breach of genetic data is potentially much more serious than most breaches of credit cards and credit reports. Why? Because genetic information is unable to be changed over time. It is possible to change credit card numbers or even addresses, but genetic information is immutable.

Further, genetic information may be shared involuntarily, since you may have close relatives that have used one or more of the websites storing genetic information. Consequently, this renders you 'genetically searchable'.

In light of this, all societies should consider whether genetic-testing companies should not have greater ethical obligations to their customers, and seriously contemplate how to prevent, as well as address the issue of breaches. Privacy protections should be covered by law in every country, as well as the issues surrounding consumer genetic testing.

Dr Derrick Aarons MD, PhD, is a Jamaican family physician and consultant bioethicist; a specialist in ethical issues in health care, research, and the life sciences; and is the health registrar and head of the health secretariat for the Turks & Caicos Islands.

Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at




1. We welcome reader comments on the top stories of the day. Some comments may be republished on the website or in the newspaper � email addresses will not be published.

2. Please understand that comments are moderated and it is not always possible to publish all that have been submitted. We will, however, try to publish comments that are representative of all received.

3. We ask that comments are civil and free of libellous or hateful material. Also please stick to the topic under discussion.

4. Please do not write in block capitals since this makes your comment hard to read.

5. Please don't use the comments to advertise. However, our advertising department can be more than accommodating if emailed:

6. If readers wish to report offensive comments, suggest a correction or share a story then please email:

7. Lastly, read our Terms and Conditions and Privacy Policy

comments powered by Disqus



Today's Cartoon

Click image to view full size editorial cartoon