Image Credits: Alex Kotliarskyi.
Diagnosis of infections are right now vulnerable to hackers. As advances in microbiology bring whole genome sequencing of pathogens to the forefront of infectious disease diagnostics, new cybersecurity risks for public health unfold. Known as next generation sequencing (NGS), it is a new method to identify and characterize pathogens in a timely manner and speed up treatment.
As DNA sequencing has become cheaper, the next step is to move from the lab into the field and in the future even into homes.
However, such a move exposes microbial test results and DNA sequence repositories to potential hackers. Therefore, the cyber security protective envelope must be developed as part of the products themselves and not tacked on as an afterthought, Ben-Gurion University researchers warn in a new and first-of-its-kind policy paper published in the Q1 journal Eurosurveillance.
The researchers conclude that cyber-attacks on NGS-based public health surveillance systems could have a deleterious effect such as false detection of significant public health threats or alternatively, delayed recognition of epidemics.
Such incidents could have a major regional or global impact and contemporary global health challenges as is evident by the recent natural spread of the novel Coronavirus.
“Computerized medical equipment is an attractive target for malicious cyber activity, as it is among a rapidly shrinking group of industries which combine mission-critical infrastructure and high value data with relatively weak cybersecurity standards,” the group of multidisciplinary researchers write.
Principal Investigator Prof. Jacob Moran-Gilad and the bioinformatics lead in his lab Dr. Yair Motro are from the Department of Health Systems Management, Faculty of Health Sciences while Principal Investigators Prof. Lior Rokach and Dr. Yossi Oren, as well as jointly supervised student Mr. Iliya Fayans, are from the Department of Software and Information Systems Engineering, Faculty of Engineering Sciences.
The researchers highlight a number of different potentially vulnerable points during the process. From sample processing and DNA sequencing to bioinformatics software and sequence-based public health surveillance systems, the whole NGS pipeline is currently vulnerable.
However, some attacks are more likely than others and may have differing impact. The team discuss 12 attacks and ranked them as three major, six moderate and three minor.
The researchers also offer a series of recommendations as NGS devices and surveillance systems are built.
“NGS devices, bioinformatics software and surveillance systems present challenges beyond the normal ones of other IT devices and therefore cyber security must be considered when devices and systems are designed,” says Dr. Oren, “and not just tacked on afterwards as is often the case with other IoT devices today.”
The research was supported by the Israeli Ministry of Science and Technology.