Medical software vulnerable to cyberattack

Researchers at Sandia National Laboratories recently discovered a vulnerability in a standard open-source software for genomic analysis DNA-based medical diagnostics.

Such a vulnerability leaves the software open to cyberattacks.

Researchers found a weak spot while studying the software’s cybersecurity. When the software imports the standardized genome from government servers, the standardized genome sequence was transmitted through insecure channels.

A cyberterrorist or hacker could intercept the transmission and send it to a user along with a malicious program that alters genetic information obtained from sequencing. This would make the final analysis incorrect without anyone knowing the genome mapping had been altered.

Forensic labs and genome sequencing companies also are vulnerable to having results maliciously altered.

Direct-to-consumer genetic tests were not affected by the vulnerability because they use a different sequencing method.

“Once we discovered that this attack could change a patient’s genetic information, we followed responsible disclosure,” Corey Hudson, a bioinformatics researcher at Sandia who helped uncover the issue, said. “Our goal is to make systems safer for people who use them by helping to develop best practices.”

Researchers notified the open-source developers who issued a patch to fix the problem. The researchers also contacted public agencies, including the U.S. Computer Emergency Readiness Team.