Brits DNA data sent to military base after foreign hack attacks – report – The Register
An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire.
Genomics England was probably hoping for a day of cheery PR after telling the world it had completed the “100,000 Genomes Project” started in 2013.
The project, a partnership with the UK’s National Health Service, included the genomes of 85,000 individuals, with tumour DNA from cancer patients bringing the total number of mapped genomes to 100,000.
Creaky NHS digital infrastructure risks holding back gene boffinry, say MPs
It was not to be, with The Telegraph quoting officials from the project saying they have had to fight off “multiple” foreign attacks on machines holding the data.
Hence, instead of holding the data itself, Genomics England said it was storing patients’ genetic data on servers at a Ministry of Defence facility in Corsham, Wiltshire, that is “home to the Joint Forces Command’s Information Systems and Services unit”.
As well as shifting the genomic data away from its own data centres, it’s worth noting that Genomics England claims the data it offers researchers is anonymous: “Our research data is de-identified for each and every participant. Their name, date of birth and all other personal details are stripped away.”
However, the data collected and retained internally is extensive: as well as health data relating to participants’ medical conditions, “we also collect as much other general medical data as possible from a participants medical records, over the whole of their life”, because genomics is relatively young and “we don’t yet know what is important”.
Genomics England chair Sir John Chisholm told the paper the organisation regularly tests its systems to ensure that attacks don’t succeed. The group’s chief scientist added that it pays an outside company – which it did not identify – to conduct pentests, and so far it hasn’t managed to get into its systems. “None of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England,” said Chisholm. ®
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.