Skip to main content
SpringerLink
Log in

Security Vulnerabilities and Countermeasures for the Biomedical Data Life Cycle

  • Chapter
  • First Online:
Cyberbiosecurity

  • 446 Accesses

Abstract

The biomedical data life cycle starts from data collected from human subjects and encompasses its annotation, storage, dissemination, analysis, and transformation into insights for human health. The rapid digitalization of health data and a movement toward personalized medicine have caused this data to grow tremendously in the last decade. Consequently, the security and privacy of biomedical data have become a growing concern throughout its entire life cycle, as health data inherently contains sensitive information from patients.

In this chapter, we provide a broad overview of the types of security vulnerabilities that exist in each stage of the biomedical data life cycle. We cover defenses, both against attacks from bad actors and from accidental leakage of private information. Finally, we conclude with future perspectives and best practices going forward for this quickly evolving field of cyberbiosecurity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. R. Puzis, D. Farbiash, O. Brodt, Y. Elovici, D. Greenbaum, Increased cyber-biosecurity for DNA synthesis. Nat. Biotechnol. 38, 1379–1381 (2020)

    Article  CAS  PubMed  Google Scholar 

  2. A.H. Seh et al., Healthcare data breaches: Insights and implications. Healthcare (Basel) 8, 133 (2020)

    Article  PubMed  Google Scholar 

  3. S.I. Khan, A.S.M. Hoque, Digital health data: A comprehensive review of privacy and security risks and some recommendations. Comput. Sci. J. Moldova 24, 273 (2016)

    Google Scholar 

  4. M.S. Olivier, Database privacy: Balancing confidentiality, integrity and availability. SIGKDD Explor. Newsl. 4, 20–27 (2002)

    Article  Google Scholar 

  5. C. Szegedy et al., Intriguing properties of neural networks. arXiv [cs.CV] (2013)

    Google Scholar 

  6. A. Nguyen, J. Yosinski, J. Clune, Deep neural networks are easily fooled: High confidence predictions for unrecognizable images, in Proceedings of the IEEE conference on computer vision and pattern recognition (2015), pp. 427–436

    Google Scholar 

  7. S.G. Finlayson et al., Adversarial attacks on medical machine learning. Science 363, 1287–1289 (2019)

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  8. L. Taylor, FedRAMP: History and future direction. IEEE Cloud Comput. 1, 10–14 (2014)

    Article  Google Scholar 

  9. M. McLaughlin, Reforming FedRAMP: A guide to improving the federal procurement and risk management of cloud services. (2020)

    Google Scholar 

  10. R.N. Zaeem, K.S. Barber, The effect of the GDPR on privacy policies: Recent progress and future promise. ACM Trans. Manage. Inf. Syst. 12, 1–20 (2020)

    Article  Google Scholar 

  11. P. Jurcys, C. Donewald, M. Fenwick, M. Lampinen, A. Smaliukas, Ownership of user-held data: Why property law is the right approach. Harv. J. Law Technol. Digest (2020). https://doi.org/10.2139/ssrn.3711017

  12. P. Hummel, M. Braun, P. Dabrock, Own Data? Ethical reflections on data ownership. Philos. Technol. 34, 545–572 (2021)

    Article  Google Scholar 

  13. B.J. Evans, Much ado about data ownership. Harv. JL Tech. 25, 69 (2011)

    Google Scholar 

  14. Y. Joly, S.O.M. Dyke, B.M. Knoppers, T. Pastinen, Are data sharing and privacy protection mutually exclusive? Cell 167, 1150–1154 (2016)

    Article  CAS  PubMed  Google Scholar 

  15. G. Gürsoy et al., Functional genomics data: Privacy risk assessment and technological mitigation. Nat. Rev. Genet. 23, 245–258 (2022)

    Article  PubMed  Google Scholar 

  16. S.A. Tovino, HIPAA compliance, in The Cambridge Handbook of Compliance, (2021), pp. 895–908

    Chapter  Google Scholar 

  17. E.C. Hayden, Privacy protections: The genome hacker. Nature 497, 172–174 (2013)

    Article  PubMed  Google Scholar 

  18. M. Gymrek, A.L. McGuire, D. Golan, E. Halperin, Y. Erlich, Identifying personal genomes by surname inference. Science 339, 321–324 (2013)

    Article  CAS  PubMed  Google Scholar 

  19. L. Sweeney, A. Abu, J. Winn, Identifying participants in the personal genome project by name. 2013. Available at SSRN (2013)

    Google Scholar 

  20. N. Homer et al., Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS Genet. 4, e1000167 (2008)

    Article  PubMed  PubMed Central  Google Scholar 

  21. A. Harmanci, M. Gerstein, Quantification of private information leakage from phenotype-genotype data: Linking attacks. Nat. Methods 13, 251–256 (2016)

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  22. E.E. Schadt, S. Woo, K. Hao, Bayesian method to predict individual SNP genotypes from gene expression data. Nat. Genet. 44, 603–608 (2012)

    Article  CAS  PubMed  Google Scholar 

  23. G. Gürsoy et al., Data sanitization to reduce private information leakage from functional genomics. Cell 183, 905–917.e16 (2020)

    Article  PubMed  PubMed Central  Google Scholar 

  24. A. Harmanci, M. Gerstein, Analysis of sensitive information leakage in functional genomics signal profiles through genomic deletions. Nat. Commun. 9, 2453 (2018)

    Article  PubMed  PubMed Central  Google Scholar 

  25. Y. Nakamura et al., KART: Parameterization of privacy leakage scenarios from pre-trained language models. arXiv [cs.CL] (2020)

    Google Scholar 

  26. D.C. Barth-Jones, The ‘re-identification’ of Governor William Weld’s medical information: A critical re-examination of health data identification risks and privacy protections, then and now. SSRN Electron. J. https://doi.org/10.2139/ssrn.2076397

  27. A. Narayanan, V. Shmatikov, Robust de-anonymization of large sparse datasets, in 2008 IEEE Symposium on Security and Privacy (sp 2008) (2008), pp. 111–125

    Google Scholar 

  28. Robert Philipp Economics and Statistics, University of Vienna, Austria, Andreas Mladenow Economics and Statistics, University of Vienna, Austria, Christine Strauss Economics and Statistics, University of Vienna, Austria & Alexander Völz Economics and Statistics, University of Vienna, Austria. Machine Learning as a Service. ACM Other conferences https://dl.acm.org/doi/abs/10.1145/3428757.3429152

  29. Manish Kesarwani IBM Research, India, Bhaskar Mukhoty Indian Institute of Technology, Kanpur, Vijay Arya IBM Research, India & Sameep Mehta IBM Research, India. Model Extraction Warning in MLaaS Paradigm. ACM Other conferences https://dl.acm.org/doi/abs/10.1145/3274694.3274740

  30. F.R. Battista Biggioab, Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognit. 84, 317–331 (2018)

    Article  Google Scholar 

  31. A. Hamidinekoo, E. Denton, A. Rampun, K. Honnor, R. Zwiggelaar, Deep learning in mammography and breast histology, an overview and future trends. Med. Image Anal. 47, 45–67 (2018)

    Article  PubMed  Google Scholar 

  32. A. Meiseles, I. Rosenberg, Y. Motro, L. Rokach & J. Moran-Gilad, Adversarial vulnerability of deep learning models in analyzing next generation sequencing data, in 2020 IEEE International Conference on Bioinformatics and Biomedicine (BIBM) (IEEE, 2021). https://doi.org/10.1109/BIBM49941.2020.9313421

  33. A. Aminifar, Minimal adversarial perturbations in mobile health applications: The epileptic brain activity case study, in ICASSP 2020–2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (2020), pp. 1205–1209

    Google Scholar 

  34. S. Bhambri, S. Muku, A. Tulasi, A.B. Buduru, A survey of black-box adversarial attacks on computer vision models. arXiv [cs.LG] (2019)

    Google Scholar 

  35. R. Shokri, M. Stronati, C. Song, V. Shmatikov, Membership inference attacks against machine learning models, in 2017 IEEE Symposium on Security and Privacy (SP) (2017), pp. 3–18

    Google Scholar 

  36. Y. Long et al., Understanding membership inferences on well-generalized learning models. arXiv [cs.CR] (2018)

    Google Scholar 

  37. M. Nasr, R. Shokri, A. Houmansadr, Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning, in 2019 IEEE Symposium on Security and Privacy (SP) (2019). https://doi.org/10.1109/sp.2019.00065

  38. M. Fredrikson et al., Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing. Proc. USENIX Secur. Symp. 2014, 17–32 (2014)

    PubMed  PubMed Central  Google Scholar 

  39. M. Fredrikson, S. Jha, T. Ristenpart, Model inversion attacks that exploit confidence information and basic countermeasures, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322–1333 (Association for Computing Machinery, 2015)

    Google Scholar 

  40. A. Salem, A. Bhattacharya, M. Backes, M. Fritz, Y. Zhang, ${Updates-Leak}$: Data set inference and reconstruction attacks in online learning, in 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 1291–1308

    Google Scholar 

  41. F. Tramèr, F. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Stealing machine learning models via prediction ${APIs}$, in 25th USENIX security symposium (USENIX Security 16) (2016), pp. 601–618

    Google Scholar 

  42. S.J. Oh, B. Schiele, M. Fritz, Towards reverse-engineering black-box neural networks, in Explainable AI: Interpreting, Explaining and Visualizing Deep Learning, ed. by W. Samek, G. Montavon, A. Vedaldi, L.K. Hansen, K.-R. Müller, (Springer, 2019), pp. 121–144

    Chapter  Google Scholar 

  43. B. Wang, N.Z. Gong, Stealing hyperparameters in machine learning, in 2018 IEEE Symposium on Security and Privacy (SP) (2018), pp. 36–52

    Google Scholar 

  44. G. Sivathanu, C.P. Wright, E. Zadok, Ensuring data integrity in storage: Techniques and applications. in Proceedings of the 2005 ACM workshop on Storage security and survivability (Association for Computing Machinery, 2005), pp. 26–36

    Google Scholar 

  45. M. Jegorova et al., Survey: Leakage and privacy at inference time. arXiv [cs.LG] (2021)

    Google Scholar 

  46. I.H. Sarker et al., Cybersecurity data science: An overview from machine learning perspective. J. Big Data 7, 41 (2020)

    Article  Google Scholar 

  47. M. Lezzi, M. Lazoi, A. Corallo, Cybersecurity for Industry 4.0 in the current literature: A reference framework. Comput. Ind. 103, 97–110 (2018)

    Article  Google Scholar 

  48. Nakamoto, Bitcoin: A peer-to-peer electronic cash system. Decentralized Bus. Rev. 21260 (2008)

    Google Scholar 

  49. M. Mettler, Blockchain technology in healthcare: The revolution starts here, in 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom), (2016), pp. 1–3

    Google Scholar 

  50. R. Jabbar, N. Fetais, M. Krichen, K. Barkaoui, Blockchain technology for healthcare: Enhancing shared electronic health record interoperability and integrity, in 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT) (2020), pp. 310–317

    Google Scholar 

  51. Guardtime Health. https://m.guardtime.com/files/Guardtime_whitepaper_A4_april_web.pdf

  52. C. Dwork, A. Roth, The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9, 211–407 (2013)

    Article  Google Scholar 

  53. C. Dwork, F. McSherry, K. Nissim, A. Smith, Calibrating noise to sensitivity in private data analysis. J. Priv. Confid. 7, 17–51 (2017)

    Google Scholar 

  54. X. Liu et al., Privacy and security issues in deep learning: A survey. IEEE Access 9, 4566–4593. (undefined 2021)

    Google Scholar 

  55. A. Madry, A. Makelov, L. Schmidt, D. Tsipras, A. Vladu, Towards deep learning models resistant to adversarial attacks. arXiv [stat.ML] (2017)

    Google Scholar 

  56. X. Liu, M. Cheng, H. Zhang, C.-J. Hsieh, Towards robust neural networks via random self-ensemble, in Proceedings of the European Conference on Computer Vision (ECCV) (2018), pp. 369–385

    Google Scholar 

  57. M. Lecuyer, V. Atlidakis, R. Geambasu, D. Hsu, S. Jana, Certified robustness to adversarial examples with differential privacy, in 2019 IEEE Symposium on Security and Privacy (SP) (2019), pp. 656–672

    Google Scholar 

  58. K. Ren, T. Zheng, Z. Qin, X. Liu, Adversarial attacks and defenses in deep learning. Proc. Est. Acad. Sci. Eng. 6, 346–360 (2020)

    Google Scholar 

  59. S.R.M. Oliveira, O.R. Zaiane, Protecting sensitive knowledge by data sanitization, in Third IEEE International Conference on Data Mining (2003), pp. 613–616

    Google Scholar 

  60. C. Iwendi et al., N-Sanitization: A semantic privacy-preserving framework for unstructured medical datasets. Comput. Commun. 161, 160–171 (2020)

    Article  Google Scholar 

  61. I. Neamatullah et al., Automated de-identification of free-text medical records. BMC Med. Inform. Decis. Mak. 8, 32 (2008)

    Article  PubMed  PubMed Central  Google Scholar 

  62. Z. Liu, B. Tang, X. Wang, Q. Chen, De-identification of clinical notes via recurrent neural network and conditional random field. J. Biomed. Inform. 75S, S34–S42 (2017)

    Article  PubMed  Google Scholar 

  63. T.-T. Kuo et al., iDASH secure genome analysis competition 2018: Blockchain genomic data access logging, homomorphic encryption on GWAS, and DNA segment searching. BMC Med. Genom. 13, 98 (2020)

    Article  Google Scholar 

  64. M. Kim et al., Ultrafast homomorphic encryption models enable secure outsourcing of genotype imputation. Cell Syst. 12, 1108–1120.e4 (2021)

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  65. G. Gürsoy, E. Chielle, C.M. Brannon, M. Maniatakos, M. Gerstein, Privacy-preserving genotype imputation with fully homomorphic encryption. Cell Syst. 13, 173–182.e3 (2022)

    Article  PubMed  Google Scholar 

  66. F.M. Chan et al., Genotype imputation with homomorphic encryption, in 2021 6th International Conference on Biomedical Signal and Image Processing (Association for Computing Machinery, 2021), pp. 9–13

    Google Scholar 

  67. S. Hong, J.H. Park, W. Cho, H. Choe, J.H. Cheon, Secure tumor classification by shallow neural network using homomorphic encryption. BMC Genom. 23, 284 (2022)

    Article  Google Scholar 

  68. A. Acar, H. Aksu, A.S. Uluagac, M. Conti, A survey on homomorphic encryption schemes: Theory and implementation. ACM Comput. Surv. 51, 1–35 (2018)

    Article  Google Scholar 

  69. C. Gentry, A Fully Homomorphic Encryption Scheme (Stanford University, 2009)

    Google Scholar 

  70. M. Naehrig, K. Lauter, V. Vaikuntanathan, Can homomorphic encryption be practical? in Proceedings of the 3rd ACM workshop on Cloud computing security workshop, (Association for Computing Machinery, 2011), pp. 113–124

    Chapter  Google Scholar 

  71. L. Melis, C. Song, E. De Cristofaro, V. Shmatikov, Exploiting unintended feature leakage in collaborative learning, in 2019 IEEE Symposium on Security and Privacy (SP), (2019), pp. 691–706

    Chapter  Google Scholar 

  72. B. Pfitzner, N. Steckhan, B. Arnrich, Federated learning in a medical context: A systematic literature review. ACM Trans. Internet Technol. 21, 1–31 (2021)

    Article  Google Scholar 

  73. A.C. Yao, Protocols for secure computations, in 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) (1982), pp. 160–164

    Google Scholar 

  74. A. Shamir, How to share a secret. Commun. ACM 22, 612–613 (1979)

    Article  Google Scholar 

  75. J.I. Choi, K.R.B. Butler, Secure multiparty computation and trusted hardware: Examining adoption challenges and opportunities. Secur. Commun. Netw. 2019 (2019)

    Google Scholar 

  76. R. Cramer, I.B. Damgard, J.B. Nielsen, Secure Multiparty Computation and Secret Sharing (Cambridge University Press, 2015)

    Book  Google Scholar 

  77. C. Shepherd et al., Secure and trusted execution: Past, present, and future – A critical review in the context of the internet of things and cyber-physical systems, in 2016 IEEE Trustcom/BigDataSE/ISPA (2016), pp. 168–177

    Google Scholar 

  78. A. Vasudevan, J.M. McCune, J. Newsome, Trustworthy Execution on Mobile Devices (Springer, New York, 2014)

    Book  Google Scholar 

  79. I. Anati, S. Gueron, S. Johnson, V. Scarlata, Innovative technology for CPU based attestation and sealing, in Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy vol. 13 (ACM New York, 2013)

    Google Scholar 

  80. F. Chen et al., PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension. BMC Med. Genom. 10, 48 (2017)

    Article  Google Scholar 

  81. F. Chen et al., PRINCESS: Privacy-protecting rare disease international network collaboration via encryption through software guard extension S. Bioinformatics 33, 871–878 (2017)

    Article  CAS  PubMed  Google Scholar 

  82. C. Kockan et al., Sketching algorithms for genomic data analysis and querying in a secure enclave. Nat. Methods 17, 295–301 (2020)

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  83. NVIDIA, NVIDIA H100 tensor core GPU architecture overview. https://resources.nvidia.com/en-us-tensor-core (2022)

  84. H.L. Rehm et al., GA4GH: International policies and standards for data sharing across genomic research and healthcare. Cell Genom. 1, 100029 (2021)

    Article  CAS  PubMed  PubMed Central  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Program in Computational Biology and Bioinformatics, Yale University, New Haven, CT, USA

    Eric Ni & Mark Gerstein

  2. Department of Molecular Biophysics and Biochemistry, Yale University, New Haven, CT, USA

    Eric Ni & Mark Gerstein

  3. Department of Biomedical Informatics, Columbia University, New York, NY, USA

    Gamze Gürsoy

  4. New York Genome Center, New York, NY, USA

    Gamze Gürsoy

Authors
  1. Eric Ni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gamze Gürsoy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark Gerstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Gerstein .

Editor information

Editors and Affiliations

  1. Zvi Meitar Institute for Legal Implications of Emerging Technologies, Reichman University, Herzliya, Israel

    Dov Greenbaum

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ni, E., Gürsoy, G., Gerstein, M. (2023). Security Vulnerabilities and Countermeasures for the Biomedical Data Life Cycle. In: Greenbaum, D. (eds) Cyberbiosecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-26034-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-26034-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-26033-9

  • Online ISBN: 978-3-031-26034-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation