DNA Sequencing May Become Prime Target For Hackers

Next-generation DNA sequencing is revolutionizing medicine—but a new study warns it’s increasingly vulnerable to cyberattacks that could compromise health and privacy.

Next-generation sequencing (NGS) has revolutionized genomics by enabling rapid, cost-effective analysis of DNA and RNA.

Its applications span personalized medicine, cancer diagnostics, and forensic science, with millions of genomes already sequenced and projections estimating that 60 million people will have undergone genomic analysis by the end of 2025.

Yet as NGS adoption accelerates, so do the associated cyber-biosecurity risks. A recent study published in IEEE Access highlights the growing threats throughout the NGS workflow—from raw data generation to analysis and reporting—and stresses the urgency of securing sensitive genetic information.

Despite the transformative potential of NGS, the rapid expansion of genomic data has exposed serious vulnerabilities.

Genomic datasets can expose information about a person’s illness predispositions, ancestral background, and family relationships. This has made them attractive to cybercriminals, as they exploit vulnerabilities in sequencing software, data-sharing protocols, and cloud infrastructure.

The research analyzed multiple security threats that affect the entire sequencing process. For example, during data generation, researchers found that synthetic DNA can be infected with malicious code.

When sequencers process this DNA, the malware can damage the software systems that control them.

The researchers also point out that there’s also a privacy issue with ‘‘re-identification attacks’’, where attackers can link anonymized genetic data with public family history databases, revealing individuals’ identities.

Furthermore, the hardware and software used in sequencing are vulnerable—if the equipment or updates are compromised, hackers can gain unauthorized access.

During quality checks and data preparation, attackers might tamper with the data, causing incorrect results in the analysis. Ransomware is another threat—cybercriminals can lock important files, and demand money to unlock them.

Once the data is being analyzed, threats can target cloud platforms and AI tools used for genomic analysis. DDoS attacks could disrupt the analysis systems, while insiders with access to the data might leak or manipulate it.

The researchers say that even AI tools like DeepVariant, used to analyze genetic variations, can be tricked by malicious inputs, leading to wrong conclusions about genetic data.

In the final stage, attackers could inject false information into clinical reports, potentially leading to wrong diagnoses or poor treatment decisions.

The researchers point out that these kinds of risks are real. For instance, recent cyberattacks, like the one on Synnovis, which handles blood testing for NHS England, exposed sensitive patient data, as reported by the BBC.  Other attacks on companies like 23andMe, and Octapharma Plasma have disrupted research and put patient information at risk.

To conclude, the study emphasizes the need for better collaboration between cybersecurity experts, bioinformaticians, and policymakers to create a secure framework for genomic data.