DNA testing service exposed thousands of consumers’ data for years on publicly accessible internet database

July 19, 2019
Medicare Web

Vitagene Inc., a DNA testing service, left health data for more than 3,000 consumers exposed online for years, according to a report in Bloomberg.

The files were accessible on an Amazon Web Services (AWS) cloud database from as early as 2015 through July 1 of this year, when Vitagene was notified that the files stored on that database were exposed. The company told Bloomberg it immediately blocked access to the information and is sifting through all the leaked files to determine which customers were affected.

The exposed information dates back to the company’s beta testing mode and includes full names for customers, dates of birth, email addresses, and gene-based health information, according to Bloomberg. The report stated that nearly 300 of the publicly accessible files contained consumers’ raw genotype DNA data, although this data would only be able to be interpreted by someone who already understands the science of the human genome.

The company openly stored 4,186 files in one collection on an AWS server and left 1,401 files in a less secure setting accessible to a larger group of employees than those who would be authorized to view the information. Vitagene said no credit card data or other sensitive financial information was exposed.

DNA testing kits do not currently fall under HIPAA regulations, but Congress is starting to introduce legislation asking for more protections for private health data collected by consumer products. In June, Sens. Lisa Murkowski, R-Ala., and Amy Klobuchar, D-Minn., introduced a bill urging the Department of Health and Human Services to take steps toward protecting patients who utilize health tracking devices, apps, and DNA testing kits which collect health information.

Related Topics: 
HIPAA