DNA-test firm Veritas Genetics has suffered a data breach with a hacker accessing customer information, the company has confirmed.
However, the firm said only an “only a handful” of customers could have been affected by the data breach, adding that “no genome sequences or genomic data or Veritas test results in any format were accessed and no customer information has been used inappropriately.”
In a statement, Veritas Genetics said it was aware that a hacker had gained access to a customer-facing portal. It said the portal in question did not contain “genomic data in any form, genomic sequences in any form, Veritas test results in any form, nor health records.”
Veritas Genetics said as soon as it learned of this data breach, it immediately remediated the issue and launched an investigation and engaged external cybersecurity experts to assist us in its review.
“The security and privacy of customer information is a top priority, and we have security processes and procedures in place as part of this commitment, including segregating and securing genomic data on separate systems,” the company said in a statement.
Veritas Genetics added that a forensic investigation was currently underway and that once this was completed, the company will notify any potentially impacted customers. It said it was also considering legal action against the perpetrator, with the forensic investigation determining how the company would proceed.
It was not immediately clear what data the hacker had accessed following the breach, but Veritas Genetics reiterated that it does not store any credit card information in its systems. It was also not clear when the breach occurred and how long it had taken the firm to discover it.
Bloomberg, which first reported the data breach, reported that Veritas Genetics markets itself as among the most scientifically sophisticated of the companies that have sprung up in recent years to sell DNA tests to consumers. “Unlike 23andMe Inc. and others that analyze only a small fraction of a person’s DNA, Veritas sequences all 6.4 billion letters of a genome. The firm promises insights into hundreds of diseases and conditions and genetic risks that might pass on to children,” the website reported.
Veritas, founded in 2014, sells whole-genome sequencing to consumers for $599, helping consumers discover the genetic drivers behind cancer, cardiovascular disease, and immune and neurological disorders.
The NextWeb website further reported that Veritas also provides customers with an assessment of the health risks they may face later in life and if they are likely to have an allergic reaction to more than 200 drugs that treat conditions such as depression, asthma, and diabetes.
Privacy and data breaches are some of the biggest concerns in health care. The data breach at Veritas Genetics follows the issuance of what is now known as a “game-changer” warrant to the Florida police department to penetrate GEDmatch — an open data personal genomics service — and search its entire database of nearly one million users, a move that NextWeb says could set a precedent and have significant implications for genetic privacy.
A healthcare industry report said at least one in three healthcare organizations suffered a data breach. The “2019 Thales Data Threat Report – Healthcare Edition” revealed that 70 percent of healthcare organizations surveyed had experienced a data breach at some point.
Earlier this year, Healthcare Weekly reported that the personal health information of nearly 1 million University of Washington (UW) Medicine patients was available online for much of December following a database configuration error. UW Medicine said the files of about 974,000 patients were available online from December 4 through to December 26, 2018, when the misconfiguration was fortuitously discovered.
In a similar incident, the personal information of almost 20,000 children was accidentally disclosed in a healthcare data breach at WellCare Health, a contractor administering Missouri Medicaid plans last year. Aimed at children and pregnant women, Missouri’s Medicaid program, called MO HealthNet, covers about 275,000 people throughout the state.
Data protection is a massive headache for the health sector, with consensus being that more must be done. This year, the U.S. Department of Health and Human Services estimated that there have been more than 100 hacking or IT-related healthcare organization incidents affecting 500 or more individuals in the U.S. in 2019.