Genomic data sets have become more accessible to researchers through a network of servers, dubbed beacons, called The Beacon Project, organized by the National Institutes of Health (NIH)-funded Global Alliance for Genomics and Health. Genomics researchers are interested in looking for a particular genetic variant in a multitude of genomic databases. Using these beacons, when a researcher finds a gene of interest, they then can apply for more complete access to the data. They can find mutations and find other researchers working on the same one.
However, the risk is that some of this data is not sufficiently de-identified, and in the process of ‘pinging’ these beacons for genetic data, someone can create an unauthorized genomic profile of that person. For instance, a ‘nefarious user’ can find the match for an individual’s genome in a heart disease beacon, then can infer that the individual — or a relative of that person — likely has heart disease. Suyash Shringarpure, PhD, a postdoctoral scholar in genetics, and Carlos Bustamante, PhD, a professor of genetics, in their paper published Oct. 29 in The American Journal of Human Genetics, demonstrated the network’s vulnerability by outlining a technique for hacking it–and also how to prevent it. According to the Stanford Medicine article, “Shringarpure and Bustamante calculated that someone in possession of an individual’s genome could locate that individual within the beacon network. For example, in a beacon containing the genomes of 1,000 individuals, the Stanford pair’s approach could identify that individual or their relatives with just 5,000 queries.” The two Stanford University School of Medicine researchers are also working with the Global Alliance to improve security within The Beacon Project.
Additional (and interesting) information in the paper includes how to analyze mixtures of genomes, such as those from different people at a crime scene. Also Stanford Medicine’s SCOPE blog. Hat tip to Toni Bunting