Recent researchers have recently discovered a vulnerability in a common open-source software for genomic analysis, which will lead to DNA-based medical diagnosis is vulnerable to cyber-attacks. Researchers at Sandia National Laboratories discovered the weakness and notified the software developers in time, and they released a patch to fix the problem, and the latest version of the software also solved the problem.
Although it is not known whether the vulnerability has been attacked, the National Institute of Standards and Technology recently analyzed the vulnerability in a note to software developers, genomics researchers, and network administrators. This finding reveals that protecting genomic information is not only about the secure storage of individual genetic information, but that cybersecurity in computer systems that analyze genetic data is also critical.
Personalized medicine is the process of using the patient’s genetic information to guide medical treatment. This process consists of two steps: first, sequencing the entire genetic content in the patient’s cells, and then comparing the sequence to the standardized human genome. Through this comparison, the doctor can determine the specific genetic changes of the patient associated with the disease.
Researchers at Sandia National Laboratories who studied the project’s cybersecurity found a flaw in the project when it imported standardized genomes from government servers. Standardized genomic sequences spread over insecure channels, creating opportunities for common cyber attacks.
If they are hacked, they can intercept the standard genomic sequence and then transmit it to the BWA user along with the malicious program, which changes the standard genetic information obtained from the sequencing. The malware can then change the patient’s raw genetic data during the genome mapping process so that the final analysis is incorrect without anyone knowing. This also indicates that if the hacker is attacked, the doctor’s diagnosis may not be correct, and the same drug may be invalid for the patient.
The researchers also pointed out that forensic laboratories and genome sequencing companies that also use the software are also vulnerable to similar attacks.