Federal class action lawsuit looms as genetics company searches for what went wrong; a reminder to clinical laboratories of the importance of protecting patient information
Several years ago, security experts warned that biotechnology and genomics company 23andMe, along with other similar genetics companies, would be attacked by hackers. Now those predictions appear to have come true, and it should be a cautionary tale for clinical laboratories. In an October 6 blog post, the genetic testing company confirmed that private information from thousands of its customers was exposed and may be being sold on the dark web.
According to Wired, “At least a million data points from 23andMe accounts appear to have been exposed on BreachForums.” BreachForums is an online forum where users can discuss internet hacking, cyberattacks, and database leaks, among other topics.
“Hackers posted an initial data sample on the platform BreachForums earlier this week, claiming that it contained one million data points exclusively about Ashkenazi Jews,” Wired reported, adding that “hundreds of thousands of users of Chinese descent” also appear to be impacted.
The leaked information included full names, dates of birth, sex, locations, photos, and both genetic and ancestry results, Bleeping Computer reported.
For its part, 23andMe acknowledges the data theft but claims “it does not see evidence that its systems have been breached,” according to Wired.
Anne Wojcicki (above) is the co-founder and CEO of genetics company 23andMe, which on October 24 told its customers in an email, “There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives. As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor.” Clinical laboratories must work to ensure their patient data is fully secured from similar cyber theft. (Photo copyright: TechCrunch.)
23andMe Claims Data Leak Not a Security Incident
The data leaked has been confirmed by 23andMe to be legitimate. “Threat actors used exposed credentials from other breaches [of other company’s security] to access 23andMe accounts and steal the sensitive data. Certain 23andMe customer profile information was compiled through access to individual 23andMe.com accounts,” a 23andMe spokesperson told Bleeping Computer.
However, according to the company, the leak does not appear to be a data security incident within the 23andMe systems. “The preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials,” the spokesperson added.
What the genetics company has determined is that compromised accounts were from users choosing the DNA Relative feature on their website as a means to find and connect to individuals related to them. Additionally, “the number of accounts sold by the cybercriminal does not reflect the number of 23andMe accounts breached using exposed credentials,” Bleeping Computer noted.
Price of Private Information
Following the 23andMe data leak, the private genetic information was quickly available online … for a price.
“On October 4, the threat actor offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased,” Bleeping Computer reported.
Stolen medical records are becoming hotter than credit card information, the experts say. “Stolen records sell for as much as $1,000 each,” according to credit rating agency Experian, Bleeping Computer noted.
In its 2018 Global Security Report, “cybersecurity firm Trustwave pegged the black-market value of medical records at $250 each. Credit card numbers, on the other hand, sell for around $5 each on the dark web … while Social Security numbers can be purchased for as little as $1 each,” Fierce Healthcare reported.
Clinical laboratory managers and pathologists should take note of the value that the dark web places on the medical records of a patient, compared to the credit card numbers of the same individual. From this perspective, hacking a medical laboratory to steal patient health data can be much more lucrative than hacking the credit card data from a retailer.
“Victims of the breach are now at increased risk of fraud and identity theft, and have suffered damages in the form of invasion of privacy, lost time and out-of-pocket expenses incurred responding to the breach, diminished value of their personal information, and lost benefit of the bargain with 23andMe,” according to court documents.
“The lawsuit brings claims of negligence, breach of implied contract, invasion of privacy/intrusion upon seclusion, unjust enrichment, and declaratory judgment,” Bloomberg Law noted. Additionally, the claim states that 23andMe “failed to provide prompt and adequate notice of the incident.”
Plaintiffs are “seeking actual damages, compensatory damages, statutory damages, punitive damages, lifetime credit-monitoring services, restitution, disgorgement, injunctive relief, attorneys’ fees and costs, and pre-and post-judgment interest,” Bloomberg Law reported.
Preventing Future Data Leaks
Years of experts warning genetics companies like 23andMe that they need more strict data security have proven to be true. “This incident really highlights the risks associated with DNA databases,” Brett Callow, a threat analyst at data security firm Emsisoft, told Wired. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”
“Callow notes that the situation raises broader questions about keeping sensitive genetic information safe and the risks of making it available in services that are designed like social networks to facilitate sharing. With such platforms come all of the data privacy and security issues that have plagued traditional social networks, including issues related to data centralization and scraping,” Wired noted.
Clinical laboratory databases are full of protected health information (PHI). Wise lab managers will work to ensure that their medical lab’s patient data is secure from today’s cyberthreats.
The palm-sized device could one day be engineered to track down explosives and gas leaks or could even be used by medical laboratories to detect disease
Here’s a technology breakthrough with many implications for diagnostics and clinical laboratory testing. Researchers at the at the University of Washington (UW) are pushing the envelope on what can be achieved by combining technology with biology. They developed “Smellicopter,” a flying drone that uses a living moth antenna to hunt for odors.
According to their published study, the UW scientists believe an odor-guided drone could “reduce human hazard and drastically improve performance on tasks such as locating disaster survivors, hazardous gas leaks, incipient fires or explosives.”
“Nature really blows our human-made odor sensors out of the water,” lead author Melanie Anderson, a UW doctoral student in mechanical engineering, told UW News. “By using an actual moth antenna with Smellicopter, we’re able to get the best of both worlds: the sensitivity of a biological organism on a robotic platform where we can control its motion.”
The researchers believe their Smellicopter is the first odor-sensing flying biohybrid robot system to incorporate a live moth antenna that capitalizes on the insect’s excellent odor-detecting and odor-locating abilities.
In their paper, titled, “A Bio-Hybrid Odor-Guided Autonomous Palm-Sized Air Vehicle,” published in the IOPscience journal Bioinspiration and Biomimetics, the researchers wrote, “Biohybrid systems integrate living materials with synthetic devices, exploiting their respective advantages to solve challenging engineering problems. … Our robot is the first flying biohybrid system to successfully perform odor localization in a confined space, and it is able to do so while detecting and avoiding obstacles in its flight path. We show that insect antennae respond more quickly than metal oxide gas sensors, enabling odor localization at an improved speed over previous flying robots. By using the insect antennae, we anticipate a feasible path toward improved chemical specificity and sensitivity by leveraging recent advances in gene editing.”
How Does it Work?
In nature, a moth uses its antennae to sense chemicals in its environment and navigate toward sources of food or a potential mate.
“Cells in a moth antenna amplify chemical signals,” said study co-author Thomas Daniel, PhD, UW Professor of Biology, in UW News. “The moths do it really efficiently—one scent molecule can trigger lots of cellular responses, and that’s the trick. This process is super-efficient, specific, and fast.”
To keep the moth antennae “alive,” scientists place Manduca sexta hawk moths (above) in a refrigerator to anesthetize them before removing their antennae. Once separated from the live moth, the antenna stays “biologically and chemically active” for up to four hours. Refrigerating the antennas further extends that time span, researchers explained in the UW News article. (Photo copyright: University of Washington.)
Because the moth antenna is hollow, researchers are able to add wires into the ends of the antenna. By connecting the antenna to an electrical circuit, they can measure the average signal from all of the cells in the antenna. When compared to a metal oxide gas sensor, the antenna-powered sensor responded more quickly to a floral scent. It also took less time to recover between tracking puffs of scent.
Anderson compared the antenna-drone circuitry to a human heart monitor.
“A lot like a heart monitor, which measures the electrical voltage that is produced by the heart when it beats, we measure the electrical signal produced by the antenna when it smells odor,” Anderson told WIRED. “And very similarly, the antenna will produce these spike-shaped pulses in response to patches of odor.”
Making a Drone Hunt Like a Moth
Anderson told WIRED her team programmed the drone to hunt for odors using the same technique moths employ to stay targeted on an odor, called crosswind casting.
“If the wind shifts, or you fly a little bit off-course, then you’ll lose the odor,” Anderson said. “And so, you cast crosswind to try and pick back up that trail. And in that way, the Smellicopter gets closer and closer to the odor source.”
However, the researchers had to figure out how to keep the commercially available $195 Crazyflie drone facing upwind. The fix, co-author and co-advisor Sawyer Fuller, PhD, UW Assistant Professor of Mechanical Engineering told UW News, was to add two plastic fins to create drag and keep the vehicle on course.
“From a robotics perspective, this is genius,” Fuller said. “The classic approach in robotics is to add more sensors, and maybe build a fancy algorithm or use machine learning to estimate wind direction. It turns out, all you need is to add a fin.”
A live moth antenna is attached to wires in an arc sharp on the “Smellicopter” drone (above), developed at the University of Washington in Seattle. The autonomous drone uses the moth antenna to navigate toward smells. By connecting the antenna to a circuit board, the UW researchers were able to study the drone’s response to a puff of floral scent. The Smellicopter tracking skills proved superior to that of a human-made sensor. (Photo copyright: University of Washington.)
Other Applications for Odor Detecting Robots
While any practical clinical application of this breakthrough is years away, the scientific team’s next step is to use gene editing to engineer moths with antennae sensitive to a specific desired chemical, such as those found in explosives.
“I think it is a powerful concept,” roboticist Antonio Loquercio, a PhD candidate in machine learning at the University of Zurich who researches drone navigation, told WIRED. “Nature provides us plenty of examples of living organisms whose life depends on this capacity. This could have as well a strong impact on autonomous machines—not only drones—that could use odors to find, for example, survivors in the aftermath of an earthquake or could identify gas leaks in a man-made environment.”
Could a palm-sized autonomous device one day be used to not only track down explosives and gas leaks but also to detect disease?
As clinical pathologists and medical laboratory scientists know, dogs have demonstrated keen ability to detect disease using their heightened sense of smell.
Therefore, it is not inconceivable that smell-seeking technology might one day be part of clinical laboratory testing for certain diseases.
This latest research is another example of how breakthroughs in unrelated fields of science offer the potential for creation of diagnostic tools that one day may be useful to medical laboratories.
Wall Street Journal reports IBM losing Watson-for-Oncology partners and clients, but scientists remain confident artificial intelligence will revolutionize diagnosis and treatment of disease
What happens when a healthcare revolution is overhyped? Results fall short of expectations. That’s the diagnosis from the Wall Street Journal (WSJ) and other media outlets five years after IBM marketed its Watson supercomputer as having the potential to “revolutionize” cancer diagnosis and treatment.
“Watson can read all of the healthcare texts in the world in seconds,” John E. Kelly III, PhD, IBM Senior Vice President, Cognitive Solutions and IBM Research, told Wired in 2011. “And that’s our first priority, creating a ‘Dr. Watson,’ if you will.”
However, despite the marketing pitch, the WSJ investigation published in August claims IBM has fallen far short of that goal during the past seven years. The article states, “More than a dozen IBM partners and clients have halted or shrunk Watson’s oncology-related projects. Watson cancer applications have had limited impact on patients, according to dozens of interviews with medical centers, companies and doctors who have used it, as well as documents reviewed by the Wall Street Journal.”
Anatomic pathologists—who use tumor biopsies to diagnose cancer—have regularly wondered if IBM’s Watson would actually help physicians do a better job in the diagnosis, treatment, and monitoring of cancer patients. The findings of the Wall Street Journal show that Watson has yet to make much of a positive impact when used in support of cancer care.
The WSJ claims Watson often “didn’t add much value” or “wasn’t accurate.” This lackluster assessment is blamed on Watson’s inability to keep pace with fast-evolving treatment guidelines, as well as its inability to accurately evaluate reoccurring or rare cancers. Despite the more than $15 billion IBM has spent on Watson, the WSJ reports there is no published research showing Watson improving patient outcomes.
“The discomfort that I have—and that others have had with using it—has been the sense that you never know how much faith you can put in those results,” Wartman said.
Rudimentary Not Revolutionary Intelligence, STAT Notes
IBM’s Watson made headlines in 2011 when it won a head-to-head competition against two champions on the game show “Jeopardy.” Soon after, IBM announced it would make Watson available for medical applications, giving rise to the idea of “Dr. Watson.”
In a 2017 investigation, however, published on STAT, Watson is described as in its “toddler stage,” falling far short of IBM’s depiction of Watson as a “digital prodigy.”
“Perhaps the most stunning overreach is in [IBM’s] claim that Watson-for-Oncology, through artificial intelligence, can sift through reams of data to generate new insights and identify, as an IBM sales rep put it, ‘even new approaches’ to cancer care,” the STAT article notes. “STAT found that the system doesn’t create new knowledge and is artificially intelligent only in the most rudimentary sense of the term.”
STAT reported it had taken six years for data engineers and doctors to train Watson in just seven types of cancers and keep the system updated with the latest knowledge.
“IBM spun a story about how Watson could improve cancer treatment that was superficially plausible—there are thousands of research papers published every year and no doctor can read them all,” Howard told HealthNewsReview.org. “However, the problem is not that there is too much information, but rather there is too little. Only a handful of published articles are high-quality, randomized trials. In many cases, oncologists have to choose between drugs that have never been directly compared in a randomized trial.”
Howard argues the news media needs to do a better job vetting stories touting healthcare breakthroughs.
“Reporters are often susceptible to PR hype about the potential of new technology—from Watson to ‘wearables’—to improve outcomes,” Howard said. “A lot of stories would turn out differently if they asked a simple question: ‘Where is the evidence?’”
Peter Greulich, a retired IBM manager who has written extensively on IBM’s corporate challenges, told STAT that IBM would need to invest more money and people in the Watson project to make it successful—an unlikely possibility in a time of shrinking revenues at the corporate giant.
“IBM ought to quit trying to cure cancer,” he said. “They turned the marketing engine loose without controlling how to build and construct a product.”
AI Could Still Revolutionize Precision Medicine
Despite the recent negative headlines about Watson, AI continues to offer the promise of one day changing how pathologists and physicians work together to diagnose and treat disease. Isaac Kohane, MD, PhD, Chairman of the Biomedical Informatics Program at Harvard Medical School, told Bloomberg that IBM may have oversold Watson, but he predicts AI one day will “revolutionize medicine.”
“It’s anybody’s guess who is going to be the first to the market leader in this space,” he said. “Artificial intelligence and big data are coming to doctors’ offices and hospitals. But it won’t necessarily look like the ads on TV.”
How AI and precision medicine plays out for clinical laboratories and anatomic pathologists is uncertain. Clearly, though, healthcare is on a path toward increased involvement of computerized decision-making applications in the diagnostic process. Regardless of early setbacks, that trend is unlikely to slow. Laboratory managers and pathology stakeholders would be wise to keep apprised of these developments.
To match the supply of blood products to demand, a clever entrepreneur has created an award-winning business that may help clinical laboratories better manage the cost of blood products in their hospitals and health systems
There’s something new and exciting in the world of blood banking and medical laboratory medicine. It’s a unique approach to matching the availability of blood products to the demand for those same products and it’s catching the attention of medical laboratory directors and blood bankers in many of the nation’s hospitals.
How did an ice storm and a Super Bowl factor into the development of an innovative and disruptive technology that addresses a persistent gap in the US blood products supply chain? In February 2011, central Texas was hit by fierce weather that not only disrupted flights, snarled traffic, and threatened Super Bowl XLV, it also impacted the local and regional hospitals’ ability to access blood for patients in need. Enter a young entrepreneur who saw a critical problem and understood that the raw materials for a solution already existed. (more…)
MinION could help achieve NIH’s goal of $1,000 human genome sequencing and in remote clinics and outbreak zones shift testing away from medical laboratories
Point-of-care DNA sequencing technology is edging ever closer to widespread commercial use as the Oxford Nanopore MinION sequencer draws praise and registers successes in pre-release testing.
A pocketsize gene-sequencing machine such as the MinION could transform the marketplace by shifting DNA testing to remote clinics and outbreak zones while eliminating the need to return samples to clinical laboratories for analysis. Such devices also are expected to increase the need for trained genetic pathologists and medical technologists. (more…)
