Skip to main content
Is your medical data safe
15 July, 2021

Is your medical data safe?

Op-ed story by AARNet CEO Chris Hancock AM

This op-ed story by AARNet CEO Chris Hancock AM was first published in the Research Australia’s Leadership Insights publication on 14 July 2021

“Data” comes from the Latin “dare” meaning “to give”. Data has given a lot, to researchers, industry leaders and society at large. No field more-so than in medicine, where the collection of data leads to transformative health insights.

But with giving there is taking. Large-scale medical data collection has made the industry vulnerable to cyber attacks and data breaches.

Theft of data for financial gain or geopolitical advantage is the dark power game of the digital era. Malicious attacks against Australian universities have become more prevalent and sophisticated in recent years due to the sensitive data and intellectual property they hold. A notable incident is the much-publicised Australian National University data breach in 2018.

Many major institutions in Australia have been subject to cyber attacks. The main instigators are nation state-sponsored groups, criminal gangs and issue motivated groups, with information, financial gain and sabotage the main goals. Medical research is vulnerable to all these types of attacks. This endangers patient confidentiality and lives.

Last year, hackers launched a wave of attacks on coronavirus research facilities around the world. Russian hackers allegedly tried to steal COVID-19 vaccine information from research labs in the US, UK and Canada, with attribution linked to the same group that hacked networks before the 2016 US Presidential election. The US also accused Chinese hackers of targeting COVID-19 medical research groups and closer to home, the health sector in Australia was increasingly targeted by cyber criminals, with ransomware the most used attack.

In Europe earlier this year, stolen information relating to vaccines was released to the public by the perpetrators. Before the release the information was modified as part of a disinformation campaign to discredit the vaccination programme. In another incident, two individuals were arrested for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. For governments, protecting the health sector is now a top priority.

But having your systems compromised is difficult, or nearly impossible, to avoid. Countries target systems to stay technologically ahead, such as the recent attack against an Australian defence contractor, while specialised groups attack simply for profit.

There is no cyber defence strong enough to protect everything in a system all the time. Even the best security systems have the same critical vulnerability: people. Cyber security costing tens of thousands of dollars can be undone by a staff member’s weak password or the opening of a strange email.

The inaugural Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report, July 2019 to June 2020, identifies ransomware, phishing and human error among the top threats for Australia. AARNet-instigated forums found this is true for universities in Australia and our global research and education network colleagues report similar problems for universities and research institutes in other countries.

There are efforts to fight back against these online threats. The ACSC advises AARNet to help improve the cyber security posture of our connected institutions, and in conjunction with the Australian Signals Directorate there are active measures to protect Australians through offensive cyber capabilities.

Despite these efforts, cyber threats will only increase in the future. This directly correlates with the increase in the availability of information and opportunities the internet provides society. The health and medical sector increasingly relies on data insights and the introduction of precision medicine will increase both the risk and benefit of medical data.

Last year the Australian government pledged $65 million in grant funding for precision medicine. Tailoring medical strategies, treatments and even genome mapping to specific groups and individuals means capturing unprecedented amounts of data – often of Australia’s most vulnerable groups.

It’s the omnipresence of the threat landscape that makes it necessary for us to have strong cyber security defences. This includes teaching good data hygiene through increased security awareness and positive messaging around collective approaches to security from everyone. Additionally, institutions must have well planned mitigation and response strategies to prevent worst-case scenarios.

The collection of medical data is a solemn pact between researchers and patients. It is a pact requiring confidentiality, accountability and empathy.

Because, in the end, medical data is simply too powerful not to use. The data-driven decision-making of the COVID-19 pandemic has exemplified this.

By sharing data, scientists around the world were able to map the SARS-CoV-2 virus genome, where they modelled its infamous molecular spike and use predictive models to combat viral spread.

University of Chicago researchers were able to develop the first full computational model of SARS-CoV-2 by combining microscopy observations and computer predictions. In the words of their team leader, Prof. Gregory Voth: “Each thing you know about the virus’ life cycle and composition is a vulnerability point where you can hit it.”

In Australia, the response to the COVID-19 pandemic by the research sector has been rapid and widespread, with the Doherty Institute’s lab one of the first to grow the virus outside of China, the University of Queensland’s vaccine development, ANU’s mapping the spread of the virus in real time and CSIRO’s work on a data privacy tool among a plethora of activites. In the background, AARNet has provided the networking infrastructure and collaboration services to support researchers undertaking this important work.

Research data is a vital component of the COVID-19 pandemic response and the historically quick vaccine development. Without computational tools, we would still be in the early days of understanding this virus: virologists hunched over desks, laboriously performing PCR experiments by hand while thousands continued to die with no end in sight.

This will not be the last pandemic. Environmental factors, food production methods, population density and the world’s interconnectedness mean we will face more virulent diseases in future, not less. We need medical data, not just for our existing health, but to speed up our reaction to future threats.

New data analytics tools, machine learning and automated pipelines help researchers extract new meaning from large clinical and molecular datasets. This will let us respond faster to new outbreaks, but also help fight existing diseases and improve our general wellbeing.

Data aren’t just numbers on a screen. It’s a given. Each datum point is an indelible part of a person’s health journey. When we take it, we must remember our promise to use it responsibly and keep it safe. History has too many examples of bad-faith science. As our data grow larger, so does our responsibility.