What happens when cybercriminals start hacking gene editing technology?

WannaCry attacks highlight the dangers of terrorists accessing CRISPR tools, experts say.
By Mike Miliard
02:05 PM
cybersecurity hacking gene technology

We've seen what happens when hospitals and healthcare providers are beset by massive ransomware attacks like WannaCry and Locky: disruption, paralysis, financial chaos and serious risks to patient safety.

But those ransomware variants are relatively primitive, technologically speaking. And the damage – thankfully, this time – seems to have been contained. Recently more science and security experts have been wondering about the consequences of hackers or terrorists gaining access to much more sophisticated, and potentially much more destructive tools.

[Also: WannaCry highlights worst nightmare in medical device security]

CRISPR/Cas9 is a fast-evolving gene editing technology that enables geneticists and clinicians to remove, add or change sections of DNA sequences with unprecedented ease and efficiency. Its versatility and wide array of potential uses have caused a lot of excitement in the healthcare and life sciences industry – and also some deep concerns about its misuse.

For all the promise of being able to prevent or cure inheritable diseases such as muscular dystrophy, Huntington's disease or sickle cell anemia, after all, many ethicists have also sounded the alarm about gene editing technology being used for eugenic "designer babies" – or potentially even a wholesale revision of the natural world as we know it.

"Why should we not expect dwarf elephants, giant guinea pigs, or genetically tamed tigers?" wrote bioethicists from Stanford and the University of Wisconsin School of Medicine, in 2015. "Or – dare we wonder – the billionaire who decides to give his 12-year-old daughter a real unicorn for her birthday?"

But the true ramifications of gene editing technology could be far more serious than the realization of mythical creatures. In 2016, for the first time, the Office of the Director of National Intelligence added gene editing to its annual list of threats posed by "weapons of mass destruction and proliferation."

Intelligence agencies said they were concerned that the "broad distribution, low cost and accelerated pace of development" of these genetic tools leave it open to "deliberate or unintentional misuse (that) might lead to far-reaching economic and national security implications."

An article this past week in Foreign Policy – under the provocative headline, "When ISIS Meets CRISPR" – explores the ramifications of gene editing technologies and techniques somehow finding themselves in the wrong hands.

The recent WannaCry attacks should cause some rethinking about the likelihood that non-state actors could someday wreak havoc with these new technologies, said Amrit P. Acharya, associate at McKinsey & Company, and Arabinda Acharya, a specialist in security and foreign policy at National Defense University.

"What was once science fiction is now closer to reality as cyberterrorists grow bolder and start looking for unconventional ways to spread chaos," they said.

The industries most vulnerable to cyber attack – as the healthcare industry has seen to its recent chagrin – are those "with high proportions of old infrastructure onto which new technology has been grafted," they said. "Hospitals and utilities (are) some of the worst culprits."

The agriculture industry's IT infrastructure is even more antiquated.

"Imagine a scenario in which computer hackers take control of large farmlands and, in one click, destroy a year’s harvest by flooding a field with excess water or leak sensitive data on soil moisture or yield or the nature of the plant germplasm being grown, which could be held for ransom, similar to the WannaCry attacks."

Despite its out-of-date infrastructure, food production has been making more use recently of gene editing technologies like CRISPR-CAS9, which "makes it inexpensive to intentionally misuse DNA sequencing data and editing software."

Bioterrorists could hold entire nations for ransom with designer pests that could lay waste to farmland, they said.

Even more frightening, while federal biodefense strategies have largely focused on anthrax, smallpox and Ebola, proliferation of biotech software and gene editing tools increase the possibility of genetically-modified viruses.

That possibility may be closer than many realize, as Kathryn Ziden of the Potomoc Institute showed this past year.  

To those who say the technological expertise may be beyond many terror groups' grasp, she reminded that the 9/11 hijackers spend months training in U.S. flight schools: "Terror groups intent on developing biological weapons could use existing members’ skills, or send recruits to receive adequate education in the biological sciences," she wrote.

Rogue scientists – like the one behind the 2001 anthrax attacks – and lone wolf amateur biohackers are perhaps of more immediate concern. Do-it-yourself scientist programs are becoming more popular, she pointed out, with many offering CRISPR-specific classes.

"DIY CRISPR kits are inexpensive and widely available for sale online for amateur scientists working out of their basements," she said.

"The large, potential impacts of gene-editing techniques combined with the low barriers to obtaining the technology make it ripe for unintended and intended misuse," said Ziden. "In order to address the security challenges of this emerging technology, all stakeholders need to act."

  Learn more about keeping your data safe.  Webinar: Preventing and Dealing with Ransomware Attacks June 15, 2017.  Register here.

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.