Cyber Hacks on DNA-Testing Companies Raise Fears about Genetic Data Privacy
DNA-testing companies the latest to be targeted by cybercriminals
Stories of businesses getting hacked by cybercriminals are pretty much par for the course nowadays. Increasingly, companies who collect and store large amounts of user data are prime targets for malicious and greedy hackers. From social networking sites to ride-share companies, large stores of user data are one of the hottest commodities on the cybercrime market.
One of the most recently reported attacks saw the email addresses and passwords of roughly 92 million users hacked. MyHeritage – an international company based out of Israel – is a DNA testing provider that offers customers the unique experience of determining the specific makeup of their ethnic ancestry and lineage. The MyHeritage hack stands out among others for the very obvious fact that the company doesn’t simply collect basic user info like emails and passwords – it collects and stores mass amounts of genetic DNA from subscribers.
Now, it must be noted that the MyHeritage attack only saw the theft of user emails and passwords. According to the company, none of the genetic data and DNA information provided by customers was compromised. Nonetheless, the attack serves as a critical reminder that nearly any kind of data stored on servers is at risk of being hacked.
The hack – which occurred in October of 2017 – was only identified and reported to the company by a security researcher seven months later in early June of this year. With about 92 million users affected, MyHeritage has been in damage control mode ever since. While representatives for the company claim there is no evidence to suggest the attack was malicious, they’ve admitted they can’t know for sure.
It’s important to remember that none of the genetic data collected by MyHeritage was hacked. In fact, most genetic data is stored separately and organized anonymously using a numbered barcode system. However, as cybercriminals continue to become more sophisticated and as user data becomes more valuable, companies will be required to work harder to keep even seemingly secure data safe. Especially when the data being collected includes genetic profiles of users.
MyHeritage has been taking steps to tighten cybersecurity protocols and increase user-controls and account security settings. A forced password change for the nearly 100 million affected users arrived by email. Additionally, the company has facilitated two-step verification controls to ensure user logins are better managed. However, some experts argue that this could have been set-up proactively to mitigate hack risks ahead of time.
Rob Verger, the Assistant Tech Editor at Popular Science Magazine raised a valid point in a recent interview. “If they can’t protect user data,” Verger said, “what makes them able to protect the genetic data?”
There’s a balancing act to be done when considering cases like these. There’s no denying that the electronic storage of data has been an asset – especially to the health and sciences industry. Doctors across the nation are making moves to paperless Electronic Medical Record (EMR) systems that make the patient experience more efficient and organized. Genetic testing companies have been revolutionary in their ability to efficiently and privately connect customers with priceless genetic information.
So how do you know when to draw the line? How can individual consumers reap the benefits of these technologies without leaving themselves open to invasions of privacy? According to Verger, the best strategy when giving out personal data is caution and a second thought.
“People should be careful about the types of information they give these services,” Verger said. “If your biggest nightmare is having your email address all the way to your ethnic history being hacked, then you shouldn’t subscribe to these companies or provide data.”
At the end of the day, what matters most is how the users were affected and how MyHeritage responded. When it comes down to it, users have a right to be wary. Not only about the attack, but also about the incredibly long time it took for the hack to be identified and disclosed to users.
Identification by a security researcher, seven months after the fact is hardly what anyone would call a vigilant cybersecurity effort. While MyHeritage is doing their best to rectify the situation and beef up security efforts, the doubt caused by the hack is understandably unsettling for affected users and potential consumers everywhere.
It’s no secret that today’s cyber-climate is more populated, dynamic, and personalized than ever before. The efficiency and customization that the online market offers are unparalleled. However, there is an underside to all this innovation that must be remembered. Service providers and their advertising teams are constantly looking for the most dynamic and personalized ways to advertise to their target markets in these online spaces.
This means collecting as much data on their consumers as possible and at whatever cost. Consumer’s digital fingerprints are increasingly valuable to companies across the digital market. If a company wants to get a consumer’s attention on the information highway, they know they need to personalize the experience as much as possible. This means that all the bits of data entered into your browser become fingerprints to help identify and sell to you.
In this competitive climate, genetic testing companies face an increased risk simply because of the personal nature of the data they collect. Having the genetic makeup of over 90 million consumers is an advertising goldmine, not to mention other potentially dangerous motivations of more malicious hackers. The bottom line? Users need to think twice and be vigilant about the data they choose to share.
“It’s a double-edged sword – EMR and genetic testing can help medicine,” Verger reiterates. “However, nothing out there is perfect,” Verger claims. “Things kept on servers can possibly be hacked or compromised and we need to remember that.”
Trying to find the right balance of technology risks and benefits? Wondering how to keep your organization current without succumbing to increased risk? Reach out to a team of seasoned IT security professionals.
A strategic IT partner will help improve your IT while managing and mitigating risk at the same time. You can have the best of both worlds – you just need a strategic partner, willing to walk the tightrope with caution and creativity.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”