The 100,000 Genomes Project, a successful initiative of Genomics England and NHS that recently achieved its aim of sequencing 100,000 whole genomes of about 85,000 Brits, suffered a spate of cyber-attacks from foreign actors, forcing those responsible for the project to store sensitive DNA data at a high-security MoD facility in Wiltshire.
Genomics England announced on Wednesday that it had successfully completed its goal of sequencing 100,000 whole genomes from NHS patients and that the accumulated data would help in uncovering new diagnoses and improved treatments for patients with rare inherited diseases and cancer.
Detailed medical records & DNA data were at risk
In order to complete the project, Genomics England and NHS England put in place 13 NHS Genomic Medicine Centres, a state-of-the-art sequencing centre, and an automated analytics platform to return whole genome analyses to the NHS.
Even though the project received support and funding from the National Institute for Health Research and the UK Government from 2012 till the date of its completion, it had its share of problems, not least from cyber-attacks launched by foreign actors to gain access to the large database of DNA data of Brits.
Aside from DNA data of 85,000 Brits, the 100,000 Genomes Project also collected detailed medical information of the participating NHS patients as well as their names, dates of birth and other personal details.
Sir John Chisholm, Chair of Genomics England, revealed that a number of cyber-attacks have been launched to infiltrate the databases of the 100,000 Genomes Project, some of them originating overseas. However, none of those cyber-attacks were successful as Genomics England and NHS England stored the genomic data within a secure, monitored environment, de-identified it, and ensured that it was analysed only within the secured environment.
In order to secure the data from future attacks, Genomics England has decided to store the DNA data at MoD Corsham in Wiltshire which serves as the headquarters of the Joint Forces Command's Information Systems and Services unit.
Organisations must improve their cyber security credentials
"The attempted data breach for NHS patients genetic data is a key example of how cybercriminals are becoming more sophisticated in their efforts to obtain personal information. Leaders of Genomics England said they had fought off multiple cyber-attacks to map the genes of a million people.
"So, it’s encouraging to see the NHS has those measures in place to protect sensitive information, however we are seeing time and time again that businesses are too slow to update their defenses against increasingly targeted and sophisticated attacks across email, mobile devices, and social media," said Adenike Cosgrove, Cybersecurity Strategist, EMEA, at Proofpoint.
"The MyHeritage data breach in June resulted in 92 million breach accounts and was done for one simple reason, so hackers could sell the DNA back for ransom or even on the down-low to insurance companies who would latch on the opportunity to have asymmetric information over their customers. This was an eye-opening attack for businesses and users on why cybercriminals are so interested in DNA information.
"Technological defences such as antivirus and firewalls are a key pillar of any cybersecurity strategy, and it is critically important to ensure these are updated as a bare minimum as cybercriminals develop and adopt new forms of malware.
"However, these defences form only one part of any optimal security position. Today’s cyber attacks increasingly target people, not just technology, and the easiest route in for attackers is to exploit the vulnerability of humans through simple yet sophisticated social engineering tactics in phishing emails," Cosgrove added.