Brits' DNA data sent to military base after 'foreign' hack attacks – report
100,000 Genomes Project is secure, insists chair
Updated An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire.
Genomics England was probably hoping for a day of cheery PR after telling the world it had completed the "100,000 Genomes Project" started in 2013.
The project, a partnership with the UK's National Health Service, included the genomes of 85,000 individuals, with tumour DNA from cancer patients bringing the total number of mapped genomes to 100,000.
Creaky NHS digital infrastructure risks holding back gene boffinry, say MPsREAD MORE
It was not to be, with The Telegraph quoting officials from the project saying they have had to fight off "multiple" foreign attacks on machines holding the data.
Hence, instead of holding the data itself, Genomics England said it was storing patients' genetic data on servers at a Ministry of Defence facility in Corsham, Wiltshire, that is "home to the Joint Forces Command's Information Systems and Services unit".
As well as shifting the genomic data away from its own data centres, it's worth noting that Genomics England claims the data it offers researchers is anonymous: "Our research data is de-identified for each and every participant. Their name, date of birth and all other personal details are stripped away."
However, the data collected and retained internally is extensive: as well as health data relating to participants' medical conditions, "we also collect as much other general medical data as possible from a participants medical records, over the whole of their life", because genomics is relatively young and "we don’t yet know what is important".
Genomics England chair Sir John Chisholm told the paper the organisation regularly tests its systems to ensure that attacks don't succeed. The group's chief scientist added that it pays an outside company – which it did not identify – to conduct pentests, and so far it hasn't managed to get into its systems. "None of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England," said Chisholm. ®
Update: A Genomics England spokesperson contacted The Register denying The Telegraph's report: "Genomics England takes the responsibility of data security seriously and from the outset we have chosen to hold the data in a secure government-owned facility based in the UK. We have never moved the data due to attacks. Like any organisation, we are subject to attempts to probe our systems from outside and we regularly test to ensure that none succeed. We have no evidence of being targeted specifically", they told us via e-mail.
"We use best practice tools and deploy multi-layered defence. A key feature of the 100,000 Genomes Project is that an individual’s data will not be released. Instead, de-identified data is analysed by research users within the secure, monitored environment."
Sponsored: Becoming a Pragmatic Security Leader