News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

Data Theft at 23andMe Leaks Genetic and Personal Information for Thousands, Targets Ashkenazi Jews and Chinese

Federal class action lawsuit looms as genetics company searches for what went wrong; a reminder to clinical laboratories of the importance of protecting patient information

Several years ago, security experts warned that biotechnology and genomics company 23andMe, along with other similar genetics companies, would be attacked by hackers. Now those predictions appear to have come true, and it should be a cautionary tale for clinical laboratories. In an October 6 blog post, the genetic testing company confirmed that private information from thousands of its customers was exposed and may be being sold on the dark web.

According to Wired, “At least a million data points from 23andMe accounts appear to have been exposed on BreachForums.” BreachForums is an online forum where users can discuss internet hacking, cyberattacks, and database leaks, among other topics.

“Hackers posted an initial data sample on the platform BreachForums earlier this week, claiming that it contained one million data points exclusively about Ashkenazi Jews,” Wired reported, adding that “hundreds of thousands of users of Chinese descent” also appear to be impacted.

The leaked information included full names, dates of birth, sex, locations, photos, and both genetic and ancestry results, Bleeping Computer reported.

For its part, 23andMe acknowledges the data theft but claims “it does not see evidence that its systems have been breached,” according to Wired.

Anne Wojcicki

Anne Wojcicki (above) is the co-founder and CEO of genetics company 23andMe, which on October 24 told its customers in an email, “There was unauthorized access to one or more 23andMe accounts that were connected to you through DNA Relatives. As a result, the DNA Relatives profile information you provided in this feature was exposed to the threat actor.” Clinical laboratories must work to ensure their patient data is fully secured from similar cyber theft. (Photo copyright: TechCrunch.)

23andMe Claims Data Leak Not a Security Incident

The data leaked has been confirmed by 23andMe to be legitimate. “Threat actors used exposed credentials from other breaches [of other company’s security] to access 23andMe accounts and steal the sensitive data. Certain 23andMe customer profile information was compiled through access to individual accounts,” a 23andMe spokesperson told Bleeping Computer.

However, according to the company, the leak does not appear to be a data security incident within the 23andMe systems. “The preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials,” the spokesperson added.

What the genetics company has determined is that compromised accounts were from users choosing the DNA Relative feature on their website as a means to find and connect to individuals related to them. Additionally, “the number of accounts sold by the cybercriminal does not reflect the number of 23andMe accounts breached using exposed credentials,” Bleeping Computer noted.

Price of Private Information

Following the 23andMe data leak, the private genetic information was quickly available online … for a price.

“On October 4, the threat actor offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased,” Bleeping Computer reported.

Stolen medical records are becoming hotter than credit card information, the experts say. “Stolen records sell for as much as $1,000 each,” according to credit rating agency Experian, Bleeping Computer noted.

In its 2018 Global Security Report, “cybersecurity firm Trustwave pegged the black-market value of medical records at $250 each. Credit card numbers, on the other hand, sell for around $5 each on the dark web … while Social Security numbers can be purchased for as little as $1 each,” Fierce Healthcare reported.

Clinical laboratory managers and pathologists should take note of the value that the dark web places on the medical records of a patient, compared to the credit card numbers of the same individual. From this perspective, hacking a medical laboratory to steal patient health data can be much more lucrative than hacking the credit card data from a retailer.

Inevitable Federal Lawsuit

Regardless of what security measures the 23andMe site boasts, the breach quickly brought a proposed federal class action suit filed on October 9 in the US District Court for the Northern District of California. The suit, “filed by plaintiffs repressing all persons who had personal data exposed,” claims that information from Mark Zuckerberg, Elon Musk, and Sergey Brin were among the leak, Bloomberg Law reported.

“Victims of the breach are now at increased risk of fraud and identity theft, and have suffered damages in the form of invasion of privacy, lost time and out-of-pocket expenses incurred responding to the breach, diminished value of their personal information, and lost benefit of the bargain with 23andMe,” according to court documents.

“The lawsuit brings claims of negligence, breach of implied contract, invasion of privacy/intrusion upon seclusion, unjust enrichment, and declaratory judgment,” Bloomberg Law noted. Additionally, the claim states that 23andMe “failed to provide prompt and adequate notice of the incident.”

Plaintiffs are “seeking actual damages, compensatory damages, statutory damages, punitive damages, lifetime credit-monitoring services, restitution, disgorgement, injunctive relief, attorneys’ fees and costs, and pre-and post-judgment interest,” Bloomberg Law reported.

Preventing Future Data Leaks

Years of experts warning genetics companies like 23andMe that they need more strict data security have proven to be true. “This incident really highlights the risks associated with DNA databases,” Brett Callow, a threat analyst at data security firm Emsisoft, told Wired. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”

“Callow notes that the situation raises broader questions about keeping sensitive genetic information safe and the risks of making it available in services that are designed like social networks to facilitate sharing. With such platforms come all of the data privacy and security issues that have plagued traditional social networks, including issues related to data centralization and scraping,” Wired noted.

Clinical laboratory databases are full of protected health information (PHI). Wise lab managers will work to ensure that their medical lab’s patient data is secure from today’s cyberthreats.

—Kristin Althea O’Connor

Related Information:

23andMe Blog Post: Addressing Data Security Concerns

23andMe Sued Over Hack of Genetic Data Affecting Thousands

23andMe Notifies Customers of Data Breach into Its ‘DNA Relatives’ Feature

Genetics Firm 23andMe Says User Data Stolen in Credential Stuffing Attack

23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews

Industry Voices—Forget Credit Card Numbers. Medical Records Are the Hottest Items on the Dark Web

Hacker Claims to Have Stolen Genetic Data from Millions Of 23andMe Users and Is Trying to Sell the Information Online

US District Court California Northern District (San Francisco) Civil Docket for Case #: 3:23-Cv-05147-EMC

2018 Trustwave Global Security Report

Ransomware Activity Targeting the Healthcare and Public Health Sector

23andMe Sued After Hacker Claims Massive Data Breach Impacting Ashkenazi Jews

Five Biggest Risks of Sharing Your DNA with Consumer Genetic-Testing Companies

The FTC Is Investigating DNA Firms Like 23andme and Ancestry over Privacy

University of Washington Scientists Create ‘Smellicopter’ Drone That Uses a Live Moth Antenna to Hunt Down Odors

The palm-sized device could one day be engineered to track down explosives and gas leaks or could even be used by medical laboratories to detect disease

Here’s a technology breakthrough with many implications for diagnostics and clinical laboratory testing. Researchers at the at the University of Washington (UW) are pushing the envelope on what can be achieved by combining technology with biology. They developed “Smellicopter,” a flying drone that uses a living moth antenna to hunt for odors.

According to their published study, the UW scientists believe an odor-guided drone could “reduce human hazard and drastically improve performance on tasks such as locating disaster survivors, hazardous gas leaks, incipient fires or explosives.”

“Nature really blows our human-made odor sensors out of the water,” lead author Melanie Anderson, a UW doctoral student in mechanical engineering, told UW News. “By using an actual moth antenna with Smellicopter, we’re able to get the best of both worlds: the sensitivity of a biological organism on a robotic platform where we can control its motion.”

The researchers believe their Smellicopter is the first odor-sensing flying biohybrid robot system to incorporate a live moth antenna that capitalizes on the insect’s excellent odor-detecting and odor-locating abilities.

In their paper, titled, “A Bio-Hybrid Odor-Guided Autonomous Palm-Sized Air Vehicle,” published in the IOPscience journal Bioinspiration and Biomimetics, the researchers wrote, “Biohybrid systems integrate living materials with synthetic devices, exploiting their respective advantages to solve challenging engineering problems. … Our robot is the first flying biohybrid system to successfully perform odor localization in a confined space, and it is able to do so while detecting and avoiding obstacles in its flight path. We show that insect antennae respond more quickly than metal oxide gas sensors, enabling odor localization at an improved speed over previous flying robots. By using the insect antennae, we anticipate a feasible path toward improved chemical specificity and sensitivity by leveraging recent advances in gene editing.”

How Does it Work?

In nature, a moth uses its antennae to sense chemicals in its environment and navigate toward sources of food or a potential mate.

“Cells in a moth antenna amplify chemical signals,” said study co-author Thomas Daniel, PhD, UW Professor of Biology, in UW News. “The moths do it really efficiently—one scent molecule can trigger lots of cellular responses, and that’s the trick. This process is super-efficient, specific, and fast.”

Manduca sexta hawk moth close up on black background
To keep the moth antennae “alive,” scientists place Manduca sexta hawk moths (above) in a refrigerator to anesthetize them before removing their antennae. Once separated from the live moth, the antenna stays “biologically and chemically active” for up to four hours. Refrigerating the antennas further extends that time span, researchers explained in the UW News article. (Photo copyright: University of Washington.)

Because the moth antenna is hollow, researchers are able to add wires into the ends of the antenna. By connecting the antenna to an electrical circuit, they can measure the average signal from all of the cells in the antenna. When compared to a metal oxide gas sensor, the antenna-powered sensor responded more quickly to a floral scent. It also took less time to recover between tracking puffs of scent.

Anderson compared the antenna-drone circuitry to a human heart monitor.

“A lot like a heart monitor, which measures the electrical voltage that is produced by the heart when it beats, we measure the electrical signal produced by the antenna when it smells odor,” Anderson told WIRED. “And very similarly, the antenna will produce these spike-shaped pulses in response to patches of odor.”

Making a Drone Hunt Like a Moth

Anderson told WIRED her team programmed the drone to hunt for odors using the same technique moths employ to stay targeted on an odor, called crosswind casting.

“If the wind shifts, or you fly a little bit off-course, then you’ll lose the odor,” Anderson said. “And so, you cast crosswind to try and pick back up that trail. And in that way, the Smellicopter gets closer and closer to the odor source.”

However, the researchers had to figure out how to keep the commercially available $195 Crazyflie drone facing upwind. The fix, co-author and co-advisor Sawyer Fuller, PhD, UW Assistant Professor of Mechanical Engineering told UW News, was to add two plastic fins to create drag and keep the vehicle on course.

“From a robotics perspective, this is genius,” Fuller said. “The classic approach in robotics is to add more sensors, and maybe build a fancy algorithm or use machine learning to estimate wind direction. It turns out, all you need is to add a fin.”

Smellicopter drone image on a black background
A live moth antenna is attached to wires in an arc sharp on the “Smellicopter” drone (above), developed at the University of Washington in Seattle. The autonomous drone uses the moth antenna to navigate toward smells. By connecting the antenna to a circuit board, the UW researchers were able to study the drone’s response to a puff of floral scent. The Smellicopter tracking skills proved superior to that of a human-made sensor. (Photo copyright: University of Washington.)

Other Applications for Odor Detecting Robots

While any practical clinical application of this breakthrough is years away, the scientific team’s next step is to use gene editing to engineer moths with antennae sensitive to a specific desired chemical, such as those found in explosives.

“I think it is a powerful concept,” roboticist Antonio Loquercio, a PhD candidate in machine learning at the University of Zurich who researches drone navigation, told WIRED. “Nature provides us plenty of examples of living organisms whose life depends on this capacity. This could have as well a strong impact on autonomous machines—not only drones—that could use odors to find, for example, survivors in the aftermath of an earthquake or could identify gas leaks in a man-made environment.”

Could a palm-sized autonomous device one day be used to not only track down explosives and gas leaks but also to detect disease?

As clinical pathologists and medical laboratory scientists know, dogs have demonstrated keen ability to detect disease using their heightened sense of smell.

And on the human front, in “Woman Who Can Smell Parkinson’s Disease in Patients Even Before Symptoms Appear May Help Researchers Develop New Clinical Laboratory Test,” Dark Daily reported on the case of a Scottish woman who demonstrated the extraordinary ability to accurately smell Parkinson’s disease before clinical laboratory testing detected it.

Therefore, it is not inconceivable that smell-seeking technology might one day be part of clinical laboratory testing for certain diseases.

This latest research is another example of how breakthroughs in unrelated fields of science offer the potential for creation of diagnostic tools that one day may be useful to medical laboratories.

—Andrea Downing Peck

Related Information:

The Smellicopter Is an Obstacle-Avoiding Drone That Uses a Live Moth Antenna to Seek Out Smells

A Bio-hybrid Odor-guided Autonomous Palm-Sized Air Vehicle

This Drone Sniffs Out Odors with a Real Moth Antenna

Woman Who Can Smell Parkinson’s Disease in Patients Even Before Symptoms Appear May Help Researchers Develop New Clinical Laboratory Test

IBM’s Watson Not Living Up to Hype, Wall Street Journal and Other Media Report; ‘Dr. Watson’ Has Yet to Show It Can Improve Patient Outcomes or Accurately Diagnose Cancer

Wall Street Journal reports IBM losing Watson-for-Oncology partners and clients, but scientists remain confident artificial intelligence will revolutionize diagnosis and treatment of disease

What happens when a healthcare revolution is overhyped? Results fall short of expectations. That’s the diagnosis from the Wall Street Journal (WSJ) and other media outlets five years after IBM marketed its Watson supercomputer as having the potential to “revolutionize” cancer diagnosis and treatment.

The idea that artificial intelligence (AI) could be used to diagnose cancer and identify appropriate therapies certainly carried with it implications for clinical laboratories and anatomic pathologists, which Dark Daily reported as far back as 2012. It also promised to spark rapid growth in precision medicine. For now, though, that momentum may be stalled.

“Watson can read all of the healthcare texts in the world in seconds,” John E. Kelly III, PhD, IBM Senior Vice President, Cognitive Solutions and IBM Research, told Wired in 2011. “And that’s our first priority, creating a ‘Dr. Watson,’ if you will.”

However, despite the marketing pitch, the WSJ investigation published in August claims IBM has fallen far short of that goal during the past seven years. The article states, “More than a dozen IBM partners and clients have halted or shrunk Watson’s oncology-related projects. Watson cancer applications have had limited impact on patients, according to dozens of interviews with medical centers, companies and doctors who have used it, as well as documents reviewed by the Wall Street Journal.”

Anatomic pathologists—who use tumor biopsies to diagnose cancer—have regularly wondered if IBM’s Watson would actually help physicians do a better job in the diagnosis, treatment, and monitoring of cancer patients. The findings of the Wall Street Journal show that Watson has yet to make much of a positive impact when used in support of cancer care.

The WSJ claims Watson often “didn’t add much value” or “wasn’t accurate.” This lackluster assessment is blamed on Watson’s inability to keep pace with fast-evolving treatment guidelines, as well as its inability to accurately evaluate reoccurring or rare cancers. Despite the more than $15 billion IBM has spent on Watson, the WSJ reports there is no published research showing Watson improving patient outcomes.

Lukas Wartman, MD, Assistant Professor, McDonnell Genome Institute at the Washington University School of Medicine in St. Louis, told the WSJ he rarely uses the Watson system, despite having complimentary access. IBM typically charges $200 to $1,000 per patient, plus consulting fees in some cases, for Watson-for-Oncology, the WSJ reported.

“The discomfort that I have—and that others have had with using it—has been the sense that you never know how much faith you can put in those results,” Wartman said.

Rudimentary Not Revolutionary Intelligence, STAT Notes

IBM’s Watson made headlines in 2011 when it won a head-to-head competition against two champions on the game show “Jeopardy.” Soon after, IBM announced it would make Watson available for medical applications, giving rise to the idea of “Dr. Watson.”

In a 2017 investigation, however, published on STAT, Watson is described as in its “toddler stage,” falling far short of IBM’s depiction of Watson as a “digital prodigy.”

“Perhaps the most stunning overreach is in [IBM’s] claim that Watson-for-Oncology, through artificial intelligence, can sift through reams of data to generate new insights and identify, as an IBM sales rep put it, ‘even new approaches’ to cancer care,” the STAT article notes. “STAT found that the system doesn’t create new knowledge and is artificially intelligent only in the most rudimentary sense of the term.”

STAT reported it had taken six years for data engineers and doctors to train Watson in just seven types of cancers and keep the system updated with the latest knowledge.

“It’s been a struggle to update, I’ll be honest,” Mark Kris, MD, oncologist at Memorial Sloan Kettering Cancer Center in New York and lead Watson trainer, told STAT. “Changing the system of cognitive computing doesn’t turn on a dime like that. You have to put in the literature, you have to put in the cases.” (Photo copyright: Physician Education Resource.)

Watson Recommended Unsafe and Incorrect Treatments, STAT Reported

In July 2018, STAT reported that internal documents from IBM revealed Watson had recommended “unsafe and incorrect” cancer treatments.

David Howard, PhD, Professor, Health Policy and Management, Rollins School of Public Health at Emory University, blames Watson’s failure in part to the dearth of high-quality published research available for the supercomputer to analyze.

“IBM spun a story about how Watson could improve cancer treatment that was superficially plausible—there are thousands of research papers published every year and no doctor can read them all,” Howard told “However, the problem is not that there is too much information, but rather there is too little. Only a handful of published articles are high-quality, randomized trials. In many cases, oncologists have to choose between drugs that have never been directly compared in a randomized trial.”

Howard argues the news media needs to do a better job vetting stories touting healthcare breakthroughs.

“Reporters are often susceptible to PR hype about the potential of new technology—from Watson to ‘wearables’—to improve outcomes,” Howard said. “A lot of stories would turn out differently if they asked a simple question: ‘Where is the evidence?’”

Peter Greulich, a retired IBM manager who has written extensively on IBM’s corporate challenges, told STAT that IBM would need to invest more money and people in the Watson project to make it successful—an unlikely possibility in a time of shrinking revenues at the corporate giant.

“IBM ought to quit trying to cure cancer,” he said. “They turned the marketing engine loose without controlling how to build and construct a product.”

AI Could Still Revolutionize Precision Medicine

Despite the recent negative headlines about Watson, AI continues to offer the promise of one day changing how pathologists and physicians work together to diagnose and treat disease. Isaac Kohane, MD, PhD, Chairman of the Biomedical Informatics Program at Harvard Medical School, told Bloomberg that IBM may have oversold Watson, but he predicts AI one day will “revolutionize medicine.”

“It’s anybody’s guess who is going to be the first to the market leader in this space,” he said. “Artificial intelligence and big data are coming to doctors’ offices and hospitals. But it won’t necessarily look like the ads on TV.”

How AI and precision medicine plays out for clinical laboratories and anatomic pathologists is uncertain. Clearly, though, healthcare is on a path toward increased involvement of computerized decision-making applications in the diagnostic process. Regardless of early setbacks, that trend is unlikely to slow. Laboratory managers and pathology stakeholders would be wise to keep apprised of these developments.

—Andrea Downing Peck

Related Information:

IBM’s Watson Supercomputer Recommended ‘Unsafe and Incorrect’ Cancer Treatments, Internal Documents Show

IBM Pitched its Watson Supercomputer as a Revolution in Cancer Care. It’s Nowhere Close

IBM’s Watson Wins Jeopardy! Next Up: Fixing Health Care

IBM’s Watson Supercomputer Wins Practice Jeopardy Round

Memorial Sloan-Kettering Cancer Center, IBM to Collaborate in Applying Watson Technology to Help Oncologists

IBM Has a Watson Dilemma

MD Anderson Cancer Center’s IBM Watson Project Fails, and So Did the Journalism Related to It

What Went Wrong with IBM’s Watson?

IBM’s Watson Failed Against Cancer but AI Still Has Promise

Will IBM’s ‘Watson on Oncology’ Give Oncologists and Pathologists a Useful Tool for Diagnosing and Treating Various Cancer

Pathologists Take Note: IBM’s Watson to Attack Cancer with Help of WellPoint and Cedars-Sinai

Attention Blood Bankers and Pathologists! New Cloud-Based Technology Platform Provides Hospitals with Real-Time, On-Demand Access to Blood Products at the Best Prices

To match the supply of blood products to demand, a clever entrepreneur has created an award-winning business that may help clinical laboratories better manage the cost of blood products in their hospitals and health systems

There’s something new and exciting in the world of blood banking and medical laboratory medicine. It’s a unique approach to matching the availability of blood products to the demand for those same products and it’s catching the attention of medical laboratory directors and blood bankers in many of the nation’s hospitals.

How did an ice storm and a Super Bowl factor into the development of an innovative and disruptive technology that addresses a persistent gap in the US blood products supply chain? In February 2011, central Texas was hit by fierce weather that not only disrupted flights, snarled traffic, and threatened Super Bowl XLV, it also impacted the local and regional hospitals’ ability to access blood for patients in need. Enter a young entrepreneur who saw a critical problem and understood that the raw materials for a solution already existed. (more…)

Point-of-Care DNA Sequencer Inching Closer to Widespread Use as Beta-Testers Praise Oxford Technologies’ Pocketsize, Portable Nanopore Device

MinION could help achieve NIH’s goal of $1,000 human genome sequencing and in remote clinics and outbreak zones shift testing away from medical laboratories

Point-of-care DNA sequencing  technology is edging ever closer to widespread commercial use as the Oxford Nanopore MinION sequencer  draws praise and registers successes in pre-release testing.

A pocketsize gene-sequencing machine such as the MinION could transform the marketplace by shifting DNA testing to remote clinics and outbreak zones while eliminating the need to return samples to clinical laboratories for analysis. Such devices also are expected to increase the need for trained genetic pathologists and medical technologists. (more…)