The potential damage from improper use of genetic data causes concerns over the security of DNA testing firms and their vulnerability to hackers.
Presenting a private genetic testing company with a sample of your DNA risks the exposure of your most private data to criminals. While none of the major test kit companies have yet reported any breaches of customer data, other companies with equally important financial data such as Equifax and Capital One have been hacked in recent years.Therefore, it’s important to understand how leaked DNA test results could make consumers vulnerable now and in the future.
1. Makes Identity Theft Easier
Hackers seem to get bolder and more sophisticated with every new technology release. Breaking into a DNA testing facility’s computer system to steal customer data items such as names, addresses, and phone numbers is a small task for them. Imagine if these criminals could extend their reach by gaining access to your online genealogy tree information?
Genetics testing companies such as FamilyTreeDNA do more than just test your DNA and send you a report about it. Fierce competition forces these businesses to offer other value-added features such as online family matching services. Customers who use family matching services allow companies to collect data about their relatives’ names, birthdates, and addresses. Deep searches also uncover previous addresses and birth dates of customers.
The most lethal cybercrimes often involve piecing together data items that hackers have collected from multiple sources. By accessing DNA test data at certain companies, cybercriminals can match common personal data items such as your name, address, and phone number with other identifying information such as your birth place, mother’s maiden name, and previous addresses. By hacking another system, the criminals can uncover bits of information such as your social security number or driver’s license number. Crooks can use these pieces of data to steal your identity and cause you financial harm. Besides creating accounts in your name, cybercriminals could apply to receive benefits and services for which you’ve worked a lifetime to earn.
How likely is this to happen? You may be surprised at the high chance of occurrence for this type of cybercrime. In 2017, the credit reporting giant Equifax admitted that about 143 million people’s personal data items were exposed because of a cyberattack. Specific items that the hackers had access to were social security numbers, dates of birth, and driver’s license numbers.
2. Can be the Catalyst for Fraud
Political sparring by Democratic Senator Elizabeth Warren and Republican U.S. President Donald Trump made DNA testing front-page news nearly a year ago. Senator Warren, who had claimed Native American ancestry as a Harvard professor, released DNA test results that showed that she had a Native American ancestor about six to 10 generations back. Harvard University likely received some extra financial support for promoting the blonde-haired, blue-eyed Warren as a Native American instead of a Caucasian American. While calling this incident fraudulent is a stretch, the controversy draws attention to how DNA test results can be used to support fraudulent activities.
Many organizations are eligible for federal subsidies and grants if they hire qualified candidates who belong to underrepresented, minority groups. When taking the person’s word about their minority group status isn’t good enough, it’s likely that government agencies may need DNA test results to release financial benefits in some cases. Altered DNA test data could result in loss of funding and a marred reputation for businesses and other organizations. Manipulated DNA test data could also cause people and organizations to gain federal funds that they aren’t eligible to receive.
While the accuracy of at-home DNA testing is questionable to some experts, professional DNA test results are thought to be precise enough to be used as evidence in courts. These tests are commonly used to verify or end paternity claims in family law cases. Hacked DNA test results can stop a child from receiving adequate financial support from his or her biological father. They can also trample on a biological father’s right to gain custody of his child. With the right tools and information, a hacker can switch DNA data in a paternity case to target a wealthy man for higher child support payments. While the likelihood of occurrence for these scenarios is low, these fraudulent activities are possible.
3. Potential for Inadequate Insurance Coverage
The Genetic Information Nondiscrimination Act (GINA) of 2008 makes it illegal for insurance companies to use your genetic information to make certain health insurance decisions about you. However, states such as Delaware recognize that there are gaps in the protections that are offered by this federal law.
Medical advancements now allow doctors to screen a patient for common diseases based upon his or her genetic story. For instance, a patient requests a genetic test for the BRCA gene to find out if she’s predisposed to breast cancer. This type of personalized medicine is a trend that doesn’t seem to be slowing down, and many state lawmakers and advocacy groups such as the Coalition for Genetic Fairness want to make sure that people aren’t penalized for moving forward on this preventative healthcare measure.
Since GINA’s protections don’t cover disability, long-term care, and life insurance products, the woman who tests positive for the breast cancer gene could be denied issuance or renewal of these types of insurance products. Delaware and a few other states have recently put together laws that attempt to close the gap in protections that relate to those insurance products. Delaware lawmakers also want to make it illegal to share direct-to-consumer genetic test results with insurers. If your state doesn’t have similar laws that augment the federal protections that GINA offers, then you should be cautious about getting diagnostic genetic testing. A data leak of at-home DNA test results could lead to inadequate insurance coverage even in states that have tighter genetic data laws.
Technology is disrupting the insurance industry in all types of exciting ways. Performing big data analysis to improve risk management activities is of great interest to insurance providers. These companies argue that making genetic data available to them will keep prices of premiums fair and competitive. Data breaches of genetic test results present insurance companies with the data that they need to generate accurate pricing for new and existing insurance products. By putting pressure on lawmakers, insurance companies may succeed in keeping GINA’s protections broad and ambiguous at the federal level.
4. Next-Generation Security Devices & Authorization
Computer system hacks have become the new normal in the new millennium. Computers impact everything from driving to banking, and it seems that cybercriminals overcome new security protocols as fast as IT specialists implement them. In the past, you relied on strong passwords for information security. Today, you see IT security experts promote two-factor authentication and biometrics to verify your identity when using computer systems. Could DNA data be the future of information security?
As computer security specialists seek out ways to perform user verification that are more accurate and less prone to hacking, it’s logical that DNA data recognition could be used in next-generation laptops, mobile devices, and other computerized systems. Unlike a password that you can give to someone else, your DNA is unique to you. Future DNA data recognition platforms would also trump certain biometric systems that rely on fingerprint or retina scans since some people with physical disabilities may not be able to use those systems.
A leak of your DNA data now could present big risks to your financial situation and overall wellbeing in the future if organizations begin to use DNA data recognition technology. You can reset a password, but you can’t change your DNA if it has been compromised. Theoretically, thieves could open new credit accounts, access your retirement investments, file for your social security benefits, and generally take over your life by using your DNA data.
How Leaks of DNA Test Data Can Indirectly Affect Your Life
Data breaches of DNA test results often impact people in subtle ways. If you read the fine print, many agreements involving at-home DNA test companies state that the company owns your data. When a business such as Veritas Genetics or Ancestry owns your DNA test results, it can sell the data to other companies for research and marketing purposes. For instance, you take a DNA test to discover your genetic health risks. The DNA test company sells your information to a third-party pharmaceutical company. The pharmaceutical company markets a drug to you that allegedly prevents the disease that your DNA test identified as a potential problem for you.
If your DNA test data ends up in the wrong hands through hacking or a voluntary data leak, you could be contacted for medical procedures that you don’t need. A young woman in the UK underwent a double mastectomy and chemotherapy when a medical worker incorrectly recorded her biopsy sample. A malicious hacker could alter your DNA test results to make it appear that you have the breast cancer gene when you don’t.
GINA also offers some protection against genetic data discrimination for employment decisions, but there are loopholes in the law. If a hacker alters your DNA test data results to show that you have a propensity for ailments such as Alzheimer’s Disease or Parkinson’s Disease, there’s a chance that an employer with deep pockets can pass on you as a job candidate. Certain jobs require more physical and mental prowess than others. These positions are often lucrative and very competitive. It would be hard to prove that the company rejected your bid for employment based on leaked DNA test data.
While many well-known consumer genetics testing companies go the extra mile to protect customer data, there’s no guarantee that their computer systems won’t be compromised. Lax laws regarding the collection, storage, transmission, and use of genetic data don’t help matters. Will curiosity win out over privacy? You’ll have to decide. If you choose to do DNA testing, select your service provider carefully. Research the company’s data privacy policies and security processes. Organizations that exceed legal data security requirements are more likely to be good stewards of your data.