The digitization of human DNA through direct-to-consumer (DTC) services introduces vast
cybersecurity risks. DNA represents the most sensitive form of personally identifiable
information (PII). Its increasing accessibility to cybercriminals expands the threat landscape
considerably and without urgent advancements in cyberbiosecurity, the potential for irreversible
breaches of personal identity and violations of bioethical standards is inevitable.

Security Risks of DNA Digitization
Genetic testing by consumers has increased at an alarming rate and some examples include
ancestry, genealogy, genetic predispositions, targeted therapists, and more. Through this ever-
increasing expansion, more risks and data vulnerabilities are being uncovered. Genetic data,
unlike other forms of PII, cannot be altered or revoked once exposed (Erlich et al., 2018). It is
uniquely personal and, if compromised, can lead to lifelong risks for individuals and their
families (Kasperbauer Schwartz, 2020). Cyberbiosecurity regarding DNA covers from
sequencing, processing, storage, and sharing. Vulnerabilities include insecure cloud
environments, weak cryptographic protocols, and insufficient access controls.

The Ethical Minefield
The potential misuse of DNA raises complex ethical questions that extend far beyond traditional
concerns of data privacy. As genetic information becomes increasingly intertwined with
healthcare, employment, insurance, and law enforcement, the boundaries of consent,
ownership, and usage grow increasingly blurred. Employers might one day use genetic profiles
to screen job candidates; insurers could tailor premiums based on inherited health risks; and
law enforcement agencies may seek access to consumer databases for criminal investigations
without sufficient oversight. DNA is what connects extended families and a single individual’s
decision to submit a genetic sample can inadvertently expose the privacy of relatives. Without
clear ethical frameworks and enforceable protections, the digitization of DNA risks becoming a
tool not only for innovation, but for exploitation. Cybercriminals now have an incentive to
target genetic databases, and without comprehensive cyberbiosecurity strategies, national
corporation and personal security may be compromised.

Conclusion
Genetic data should be classified as sensitive personally identifiable information (such as social
security numbers) and have their own framework that is mandatory such as NIST, but more so
designed for cyberbiosecurity. Consumers need to be thoroughly informed about how their
DNA is used and protected. By adhering to these protocols, the safety and privacy of individuals
concerning DNA in the digital age will not be compromised.

References
Erlich, Y., Shor, T., Pe’er, I., & Carmi, S. (2018). Identity inference of genomic data using long-
range familial searches. Science, 362(6415), 690–694. https://doi.org/10.1126/science.aau4832
Kasperbauer, T. J., & Schwartz, P. H. (2020). Genetic data aren’t so special: Causes and
implications of re-identification. Hastings Center Report, 50(1), 30–39.
https://doi.org/10.1002/hast.1074