The NIST report identifies significant privacy gaps in the management of genomic data

A new report by the National Institute of Standards and Technology (NIST) on the cybersecurity of genomic data has found major privacy gaps in how the data is generated, stored and shared.

The paper argues that a NIST privacy framework that focuses on the unique sensitivity of genomic data should be established to help organizations that collect data identify regulatory gaps in how privacy is monitored and help create more secure systems.

NIST found significant gaps in the genomic data generation system, including weaknesses in secure data sharing; inadequate monitoring; processing vulnerabilities; lack of guidance for organizations handling sensitive genomic data; and less regulation that addresses national security and privacy threats on how data is collected, retained and aggregated.

The authors of the reports recommend the use of a federated type of encryption to solve the problem, arguing that it will practically eliminate the risk of confidentiality or loss of integrity when sharing genomic data between organizations and solve the prison problem.

Such a system would combine encrypted data into multiple datasets and prevent raw data from being exfiltrated by ensuring that even authorized users can only obtain results without accessing the raw data in plain text.

The authors agree that current technology does not support such a system across the board currently used in oncology research and precision medicine but recommend that the US government conduct a demonstration project to determine if the technique can be used more widely.

The paper stems from an October hack of the genetic testing company 23andMe, which affected 6.9 million people, including more than a million users of Jewish Ashkenazi descent. The hacker reportedly asked customers for as little as $1 per individual genetic profile.

A major difficulty in combating the privacy threats inherent in genomic data systems stems from the need to share them within a broad research community. Yet the consequences of violations are significant, the report says.

Cyberattacks aimed at exfiltrating genomic data can harm individuals by creating threats for financial gain, discrimination based on disease risk, and loss of privacy from revealing hidden consanguinity or phenotypes including health, emotional stability, mental capacity, appearance, and physical abilities, the report said.

At the same time, sharing genomic data is important to the US research community, government, and private industry as they seek to develop drugs and generally maintain America’s biotechnological competitive advantage, the report says. .

The scale of genomic data sharing needed to support research is enormous, the report says, pointing to the fact that in 2021 the National Institutes of Health sent nearly 40,000 requests for data access to three million genotype microarray datasets and 500,000-plus whole genomes. sequences.

The report states that breaches targeting genomic data not only threaten individuals but also their entire families.

Get more insights with

Recorded Future

Intelligence Cloud.

Learn more.

There is no previous article

There are no new articles

Suzanne Smalley is a reporter who covers privacy, disinformation and cybersecurity policy for The Record. He was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career, Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.

#NIST #report #identifies #significant #privacy #gaps #management #genomic #data
Image Source : therecord.media

Leave a Comment