Should I worry about giving my DNA to labs that do genetic tests?
Nathan E Botts

Should I worry about giving my DNA to labs that do genetic tests?

With an October 2023 update due to the 23andMe breach

The internet has made DNA testing a big global business. In the United States and Europe, millions of people have sent samples of their saliva to commercial labs in the hopes of learning something new about their personal health or lineage. Ancestry.com, 23andMe, MyHeritage, and FamilyTreeDNA are all industry leaders that sell their services online, share test results on websites, and even provide guides on how to find relatives in phone directories or share results on social media. They frequently claim ownership of your genetic information and sell access to their databases to large pharmaceutical and medical technology firms.

It's part of a troubling trend of corporations acquiring personal data about people and acting in their own best interests, not yours, in terms of internet health. So, test results can lead to crucial discoveries about your personal health, and they can also be shared for public-interest scientific research. But, before you give in to your curiosity, consider the following 23 reasons to keep your DNA private — one for each pair of chromosomes in a human cell. 

Subjective: Consumers appear to be content passing on their personal information to firms who aggregate and monetize it in the age of Facebook and Google. Consumers are increasingly paying to hand over their genetic code, their most sensitive individual identity, to DNA testing companies that monetize it in new ways.

Objective: A strong case is made for consumers to be aware of, if not extremely cautious when submitting their DNA to any consumer-facing genetic testing companies. Examples of potential issues include risks related to the potential of having such large genetic databases hacked, secondary use of consumer data, the accuracy of testing results, and open questions as to what happens when these types of companies are sold or reorganized in terms of consumer rights. A recent study published in PLoS ONE identified that many people are not overly concerned about exposure of their DNA data, but are distrustful of for-profit entities trying to use their information for profit. Recent articles outlined in the links below identify that genetic data is being used for pharmacy-related immunocology research. This is not necessarily bad, in fact, it could be great, but it is still important to understand the downstream use of your data.

Assessment: We do not yet fully understand the implications of having one's genetic information compromised. At the very least it is one of the most unique personal identifiers out there. Does that mean that these consumer DNA testing companies necessarily have bad intentions? Of course not, but this is a relatively new field and so it is important for us as consumers to be very well-informed, before providing informed consent. The McClatchy article makes the important point that “Ancestry.com customers should also know they’re giving up the genetic privacy of themselves and their relatives.”

Plan:

Take the time to read the full McClatchy article. It provides a good outline of potential concerns with sharing your DNA profile. As suggested, before sending off your spit sample, be sure to read and understand Ancestry's entire privacy statement. Talk to your family about it. This affects them as well. Save any privacy and consent forms that you agree to in a safe place so that you have a copy of the terms at that time. Be sure to include the date in which they were signed.

 

Read on to find out about recent breach information related to 23andMe

Genetic profiling company 23andMe is currently investigating a data scraping incident where private user information was stolen from its website. The confirmation came five days after an undisclosed entity advertised the sale of private data of millions of 23andMe users on an online crime forum. The alleged stolen data included details like origin estimation, phenotype, health records, photographs, and other identification data. Speculation arose that the CEO of 23andMe knew about this breach two months prior and had kept it under wraps. However, in response, a representative of the company contested that there's no proof of 'health information' being part of the posted data and currently, these are just unverified claims.

The breach was attributed to data scraping, a method where attackers systematically extract smaller bits of information available to individual users, ultimately compiling large volumes of data. The attackers had unauthorized access to specific 23andMe accounts, which had the DNA relative feature activated. This feature lets users find potential relatives by viewing the basic profile details of others who have also opted into the feature. Officials from 23andMe emphasized that there isn’t any evidence suggesting a direct breach in their security systems. Instead, they suspect the login credentials might have been gathered from data leaks from other platforms where users reused their passwords. It was highlighted that the attackers have, in all likelihood, violated the company’s terms of service. Reports have emerged claiming that the data dump consists of 13 million pieces of information, with specifics regarding the nature and number of affected users still undisclosed. However, notable mentions include a leaked database of 1 million users of Ashkenazi descent and another 300,000 users of Chinese descent, all of whom had activated the DNA relative feature.

Recent events highlight the inherent risks associated with storing genetic data online. In 2018, another genetic data company, MyHeritage, faced a breach where over 92 million users' email addresses and passwords were compromised. The same year, officials in California utilized a different genealogy site, GEDMatch, to locate a suspect related to murders that had taken place 40 years prior. The suspect was identified not through his DNA but a relative's who had submitted a sample to GEDMatch. Storing genetic information online offers benefits like tracing lineage and finding relatives, but it also poses significant privacy threats. Even with strong passwords and two-factor authentication, as advocated by 23andMe, users' data remains vulnerable. The only foolproof way to safeguard it from online theft is to avoid online storage altogether.

Previous Article CISA warns of a cybersecurity problem involving Medtronic cardiac devices.
Next Article What could someone do with your DNA data?
Print
22196 Rate this article:
5.0
4Upvote 0Downvote
Please login or register to post comments.
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Any trade names used are information and details given for the convenience of users and do not constitute an endorsement from Health eConsultation.
Use this site at your own risk, and do not use the information to make medical or legal decisions without first seeking guidance from a medical or legal professional.
Plain and simple, ads are used to help pay for the cost of the server and resources required to serve Health eConsultation members and provide an objective resource of health information and health education. Subscribers of Health eConsultation can access the site without having to view ads.
OUR SERVICES
We are passionate about the therapeutic benefits that can be derived from appropriately applied health education .
More informed patients are healthier and less costly to provide care to.
We seek to give consumers and patients a voice, because in the end we are them.
Evidence based practices is what nurtures a thriving health system.

HEALTH IT EDUCATION - KNOWLEDGE IS POWER

 
WHO WE ARE
Health eConsultation members believe that health improvement is about patient knowledge, motivation and opportunity to act in concert with healthcare professionals to improve their condition.
OUR PURPOSE
Our primary purpose is to build a community around unbiased Health IT education so that people are able to focus on the information they need without having to navigate the vast amount of information that is available on the web.
LEVERAGE VS BUILD
Health eConsultation seeks to leverage responsible, engaging and, hopefully, motivating education, and information resources. The idea is not to scrape the content of other sites, but to investigate, synthesize, and report in order to create an evidence-base founded on increased rigor and research.
RESOURCES & REFERENCES
Health eConsultation educational material and website information are provided primarily through free resources, although some sites mentioned might require further registration and payment for particular membership or services.
DISCLAIMER
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Use this site at your own risk, and do not use the information to make medical decisions without first seeking guidance from a medical professonal.
CUSTOMIZED LEARNING
By registering with Health eConsultation you can participate in comments, ratings, and bookmarking. You can also keep track of the time that you spend learning about certain topics for your own records or to share whith health professionals you are working with.