US Official: American DNA info at risk for theft by foreign powers

Rafe Swan | Getty Images

A federal law enforcement official Monday issued a dramatic warning about a national security threat that may seem ripped from the pages of a science fiction novel: biological national security.

The official, briefing reporters in Washington on the condition of anonymity, said he is worried that American pharmaceutical companies and the health-care sector are not doing enough to secure biological data, particularly patient DNA information.

The official said several firms in an "Asia" have set themselves up as DNA sequencing factories conducting testing for individuals and back office analysis for major American health-care firms and academic institutions. It is safe to assume he is talking about China, although the official did not name any specific country. One Asia-based firm, he said, is building gene sequencing centers across the United States. Another has gotten clearance to participate in the U.S. Medicare and Medicaid programs and is looking to work with the State of California on gene sequencing. But the official said the U.S. government is concerned that foreign governments could be working with such firms to secretly amass enormous data sets of American DNA and health information.

"Whether they're witting or unwitting, we don't know, but we need to be asking those questions," the official said of the Asia-based DNA firms.

Why would access to U.S. DNA and medical information be a problem?

The official said that U.S. dominance in the pharmaceutical sector could be stripped away as foreign competitors use massive American data sets to produce targeted therapies that are much more effective than current generation medicines. He said cybersecurity breaches in the health-care sector could be evidence that foreign powers are searching for biological data — not just traditional credit card data and other hackable information. In 2014, for example, Community Health Systems, which runs 206 hospitals across the country, reported that hackers stole data on 4.5 million patients. In 2015, Premera Blue Cross said hackers may have accessed data of 11 million people, including clinical information and specific insurance claims.

"If you are a victim of identity theft, you can change your PIN numbers and ID cards," the official said. "But in the very near future if your health information or DNA sequence is taken — once it's gone, it's gone. There is nothing to make an individual whole."

The potential threat is more than just economic. The official said U.S. government officials are also concerned about the possible use of massive data sets of American health information to create tailored biological attacks. Short of that, foreign adversaries could use stolen American data to become quicker to come up with solutions to future pandemics or diseases like Zika and SARS. They could even create a solution that targets their own population but leaves out most Americans.

"The offensive capabilities go to the sci-fi nightmare scenarios," he said. "Right now your DNA sequence on its own doesn't mean much, but on a population scale, it means a whole lot."

Still, the official said the economic consequences of losing control of American biological data are more concerning in the short term than exotic biological weapons."If it impacts U.S. standing in the global economy, that's way more of a threat than the 'Walking Dead' issue," he said, using a reference to the zombie apocalypse TV show.

The official also said the U.S. government is not getting enough cooperation on biological security from the private sector. "I haven't had any naysayers" in briefings with companies, he said. "But when they try to relay this to the level of the C-suite, there's pushback. They're not going to provide more resources because they're not required to by policy and they don't see the return on investment."

The issue is about to be a hot topic. FBI Agent Ed You is scheduled to brief a public audience about the biosecurity threat on Wednesday in a panel discussion at the South by Southwest conference in Austin, Texas. The title of his discussion: "Biotechnology Needs a Security Update." He is also scheduled to testify Thursday before the U.S.-China Economic and Security Review Commission along with Ben Shobert, managing director of Rubicon Strategy Group and MIT Political Science professor Kenneth Oye.