Going online is risky business, and it’s bad enough worrying about lone-wolf hackers somehow getting their hands on your social security number or bank account information. However, that threat doesn’t even start to compare to the danger that major states pose to biomedical as intimate and personal as your DNA. Unfortunately, all signs point to this data becoming a key target for cyber espionage activity in the coming years. Here’s why.
Data that includes DNA is typically called “biodata” or “biomedical.” This data can be shared with consent if the patient agreed to enter a specific study or test, or it can be shared without consent. However, the use of unconsented data has additional limitations and privacy issues.
What Kind of Data Sets Does It Typically Include?
- Patient information: date of birth, sex, race
- Routine medical data: height, weight, blood pressure, cholesterol levels, medications used
- Specialized laboratory data: proteins, lipids, metabolites, glycans, imaging
- Genetic data: genotype or sequencing
- Gene expressions and epigenetic data (DNA methylation)
In the age of pandemics such as COVID-19, all modern nation-states are working on predictive biodata engineering which facilitates the research and production of vaccines and creates measures to contain future epidemics. Having enough biomedical data about a population enables quick and accurate responses to spikes in sicknesses or other medical concerns. However, this also works the other way – potential adversaries could use this biomedical data to target a particular population with specific characteristics (e.g. age, sex, DNA markers).
The differences in a given country’s economic growth, demographic trends, and scientific progress create an obvious imbalance but also leads to a significant advantage to those who are investing in biomedical engineering, epidemiology, and virusology R&D. Unfortunately, certain achievements in that field are not always used for defensive or protective purposes but can be used for offensive attacks as well. Foreign intelligence agencies are actively hunting for DNA data to win a race to control the world’s population.
MORE FOR YOU
National Security Implications
One person’s personal and medical data, including genomic sequence and DNA makeup, falling into the wrong hands can have devastating effects on that single individual. It doesn’t have national security implications, however, projecting the same threat onto a bigger scale (i.e. a whole city, county, or even country) increases the concern. On the other hand, cyberattacks targeting bio-data can affect national security when the prize is vast databases filled with the genetic data of millions of people.
The technology is already accessible and cheap enough that bioweapons targeting specific genes can be created in the comfort of someone’s own home. That’s a scary thought in and of itself, and indeed, the U.S. should be concerned about home-grown terrorists who want to target specific ethnicities. However, the threat is magnified exponentially when considering that entire nation-states with vast resources might wish to develop this same capability for the next armed conflict.
Your bio-data by itself probably isn’t very valuable to cyber attackers, at least currently. When it’s a part of a data set containing a considerable portion of the national population, demography, statistics, detailization of the area of living — its value increases. At some point, though, it will be used for “targeting.”
The healthcare industry is already a prime target for cyberattacks like ransomware and has notoriously bad cybersecurity practices, to begin with. The bio-data this industry holds will likely make it an even more lucrative and tempting target in the future. Further, there has been an increasing number of postings on the Dark Web leaking stolen information about COVID-19 vaccinations, details about patients and their biomedical conditions, and valuable intellectual property (IP) related to vaccine and medical research.
The majority of the identified malicious activity in Q4 (2020) and Q1 (2021) targeting the healthcare sector was focused on:
- Medical labs and specialized research institutions involved in vaccine R&D
- COVID-19 testing centers and healthcare services organizations storing biodata
- Supply-chain elements involved in vaccine manufacturing and actual delivery
- Academia (universities, institutes) involved in epidemiological or clinical studies
The Next Business Breakthrough
Bio-data can also have very lucrative applications in the business world. Pharmaceuticals, wearable technology, artificial intelligence, biotechnology: the list goes on of the potential industries that could benefit from having access to reams of personal medical data. All this data, illegally or legally obtained through cyber attacks or business arrangements, could fuel new products or technologies that prove to be the next business breakthrough.
Other countries worldwide already recognize the value of their population’s bio-data and restrict access to it from foreign competitors. However, the U.S. doesn’t always exercise that same level of caution, and many companies, hospitals, and universities partner with foreign firms. These firms use the medical data to develop new products, but they also may share all the data they collect with their respective governments. Of course, that has national security implications like those discussed above, but it gives those companies a distinct advantage in foreign markets. Imagine being able to develop products specifically designed to complement a group’s DNA? The possibilities are endless.
We Need Data-Centric Security Solutions
Cyber espionage and attacks targeting bio-data will only increase in frequency and scope. In addition, as technology and manufacturing improve, the value of this bio-data will rise. Economic and security concerns are the main reasons as to why medical data will become critical targets, but there are other reasons.
It’s a sad fact that racism and discrimination are present globally, and the genetic makeup of specific populations could be valuable tools for oppression. At the nation-state level, this data could be used for surveillance, law enforcement targeting, or even imprisonment on a large scale.
The U.S. Cybersecurity and Intelligence Community (IC) needs to focus on data-centric solutions to better safeguard bio-data at every level. Yes, this will mean more investment in cybersecurity over other concerns or priorities; but the implications are just too dire to ignore. Medical data has potential applications to national security and economic development. Every company that holds the most personal data about a person needs to take those threats seriously and acknowledge the likelihood that bio-data will soon become critical targets for cyberattacks.
The Next Step of a Potential Adversary
So what is next? We live in an age where data is generated by multiple sources – including human intellect. The hunt for data has never ended, it has only been re-started on a much bigger scale with much bigger risks. When governments understand how powerful data can be, it can be applied to geopolitical, economic, and countless other events.
Modern biomedical data collection generates exponentially more data when it is properly enriched with additional details describing a particular individual or group of individuals. The integration of proteomic, genomic, phenomic, and clinical data will empower scientists to unearth new hypotheses and discover new insights. Nations will compete for access to such information and look for any ways to acquire it, either legally or illegally. The speed of such data acquisition may be a direct outline of the path to domination by a country. The use of such data for harmful purposes may lead to more pandemics or even genetic-based terrorist attacks. The significance of this data can not be understated, and the future of this industry needs to be protected.