In a striking new warning from cybersecurity and biotechnology experts, researchers have revealed that DNA hacking may soon become the next frontier in cyber warfare.
A new study published in IEEE Access has identified critical security gaps in next-generation sequencing (NGS) technologies that could expose highly personal genetic information to cyberattacks, espionage, and even biological sabotage.
According to the researchers, the surge in genomic data collection has outpaced the development of security frameworks to protect it. The result? Our most personal data—our DNA—is increasingly at risk of cyber exploitation.
“Genomic data is one of the most personal forms of data we have. If compromised, the consequences go far beyond a typical data breach,” co-author and microbiologist at the Shaheed Benazir Bhutto Women’s University, Dr Mahreen-Ul-Hassan, said in a statement. “If compromised, the consequences go far beyond a typical data breach.”
NGS has revolutionized healthcare and biomedical research by enabling the rapid, cost-effective sequencing of DNA and RNA. Millions of people worldwide have used it for ancestry testing, disease diagnosis, cancer screening, and personalized medicine.
However, as the technology has accelerated scientific discovery and offered life-changing health insights, it has also opened Pandora’s box of cyber-biosecurity risks.
This newly published study is one of the first to present a step-by-step threat analysis of the entire sequencing pipeline—from raw data generation and sample preparation to cloud-based analysis and data interpretation—exposing a range of novel vulnerabilities unique to the NGS process.
Study authors, including researchers from the UK, Saudi Arabia, and Pakistan, describe a landscape in which genomic data, unlike any other digital record, is both permanent and deeply personal. A stolen credit card can be replaced, they note. However, if your information is compromised by DNA hacking, there’s no taking it back. Once it’s out, it’s out forever.
One of the study’s most alarming revelations is the possibility of DNA hacking, where DNA itself is used as a vehicle to carry malicious code. In an earlier proof-of-concept experiment, scientists demonstrated that it is theoretically possible to encode malware into synthetic DNA.
When sequenced, the biological sample could produce digital output that exploits vulnerabilities in bioinformatics software, ultimately allowing an attacker to gain unauthorized access to the sequencing computer.
This type of DNA hacking is not just conceptual. A research team at the University of Washington successfully demonstrated it, making it the first instance of DNA being used to breach a computer system. The implications are profound: a malicious DNA strand could disrupt a lab’s sequencing run or compromise a hospital’s genomic database.
Another vulnerability lies in the re-identification of supposedly anonymous genomic data. Even when names are removed, researchers have shown that DNA samples—especially those containing short tandem repeats, or STRs—can be cross-referenced with public genetic genealogy databases to infer surnames and other identifying information.
When combined with publicly available demographic data like age and zip code, this can lead to successful re-identification of individuals. In one case, between 84% and 97% of participants in the Personal Genome Project were re-identified using this method. This kind of breach doesn’t just violate privacy—it has real-world consequences, including risks of blackmail, discrimination, and medical fraud.
The study also explores how emerging technologies, especially artificial intelligence, may inadvertently accelerate these risks. With AI capable of bridging complex gaps in knowledge, adversarial actors could use AI tools to generate attack strategies that exploit specific vulnerabilities in bioinformatics pipelines.
The authors express concern that AI could be used to generate malicious code, manipulate DNA synthesis orders, or design custom malware that targets the computational tools responsible for analyzing genomic data.
“Despite its importance, cyber-biosecurity remains one of the most neglected and poorly understood research disciplines and is leaving a critical gap in global biosecurity,” lead author from the University of Portsmouth’s School of Computing, Dr Nasreen Anjum, said. “To make sure our DNA information stays safe and is used only for good, we’re urging more research and collaboration to find ways to keep this powerful technology secure.”
The research references real-world case studies that underscore the urgency of these risks. Recent cyberattacks on healthcare and pharmaceutical companies have demonstrated the potential for devastating breaches.
For instance, in 2024, Octapharma Plasma in the U.S. suffered a ransomware attack that compromised sensitive personal information. Similarly, Japanese pharmaceutical firm Eisai faced massive logistical and production delays after a cyberattack disrupted their systems.
Although these attacks did not directly involve sequencing data or DNA hacking, they highlight how vulnerable biotech and healthcare infrastructures remain to digital exploitation. As sequencing becomes more integrated with clinical practice and public health infrastructure, it is only a matter of time before NGS platforms become a direct target.
One of the study’s most significant contributions is the introduction of a new cyber-biosecurity taxonomy designed explicitly for next-generation sequencing.
Unlike conventional cybersecurity models, which focus on network vulnerabilities and software flaws, this new framework extends into the biological domain. It identifies specific threat vectors at every stage of the NGS workflow.
These include synthetic DNA-based malware attacks, sample multiplexing exploitation, adversarial manipulation of sequencing workflows, and inference attacks that exploit genomic linkage disequilibrium to predict health conditions from partial DNA sequences.
The authors explain that each phase of the NGS workflow presents its own unique set of vulnerabilities. In the initial stages, where DNA is extracted from samples such as blood or tissue, threats like re-identification attacks and physical theft of biological material can occur.
Even manual handling procedures are not immune. If an insider tampers with or substitutes a sample during extraction, it could corrupt the entire sequencing process and lead to dangerous or misleading conclusions in clinical or forensic contexts.
The study outlines several cyber risks during the library preparation stage, where DNA fragments are processed and tagged for sequencing. Automated liquid handling robots and barcode tracking systems used in high-throughput labs often rely on connected software platforms.
If these are compromised—whether through malware, ransomware, or a supply chain attack—the integrity of genetic data can be irreparably damaged. The study also describes multiplexed DNA injection attacks, where a malicious DNA sample introduced into a pooled batch can manipulate sequencing outcomes or cause misattribution of genetic material across different samples.
The vulnerabilities extend into the core computational steps as well. Base calling software, responsible for translating fluorescent signals into DNA sequences, can be hijacked to insert artificial mutations or produce inaccurate reads.
DNA Hackers could exploit sequencing devices’ weak encryption or outdated firmware to manipulate results. Such tampering could lead to false diagnoses or incorrect treatment plans in a clinical setting. During quality control and data preprocessing, threats include malicious code injection into files and ransomware attacks on cloud-based data storage hubs like Illumina’s BaseSpace Sequence Hub.
The bioinformatics analysis phase is particularly vulnerable due to its reliance on complex software pipelines and large-scale computational resources. A cyberattack here could silently alter genetic variant calls, obscure critical mutations, or even erase valuable clinical insights. The authors note that once these data are interpreted and integrated into medical records or research databases, the consequences of such manipulation may go unnoticed until it’s too late.
The researchers offer a series of recommendations to mitigate the escalating risks of DNA hacking. They call for developing secure sequencing protocols, robust access controls, and mandatory encryption at every step of the genomic workflow.
Laboratories should adopt multi-factor authentication for all data access points and regularly audit the software and firmware systems used in sequencing equipment.
Open-access genetic databases must be hardened with strong password policies, two-factor authentication, and tighter user verification protocols. Many of these platforms still allow data queries without login credentials, creating a massive vulnerability in the global genomic infrastructure.
The authors also advocate for integrating anomaly detection systems powered by artificial intelligence to monitor for unusual patterns in sequencing workflows that could signal potential DNA hacking.
More importantly, they emphasize the need for interdisciplinary collaboration. Too often, cybersecurity professionals and biotechnologists operate in silos. Bridging that divide, the study argues, is essential for building resilient genomic ecosystems capable of withstanding evolving cyber threats.
Underlying all these technical considerations is a broader ethical concern. As genomic data becomes central to personalized medicine, the potential for misuse or abuse grows.
Genetic discrimination, coercion, and data exploitation are no longer just hypothetical risks. Without strong protections, public trust in genomic research could erode, setting back scientific progress for years.
Ultimately, the study serves as a call to action. As sequencing costs continue to drop and access to genomic technologies expands, the risk landscape will grow more complex. What’s at stake is data privacy, research integrity, public health, and national security.
“Our work is a wake-up call. Protecting genomic data isn’t just about encryption – it’s about anticipating attacks that don’t yet exist,” Dr. Anjum said. “We need a paradigm shift in how we secure the future of precision medicine.”
Tim McMillan is a retired law enforcement executive, investigative reporter and co-founder of The Debrief. His writing typically focuses on defense, national security, the Intelligence Community and topics related to psychology. You can follow Tim on Twitter: @LtTimMcMillan. Tim can be reached by email: tim@thedebrief.org or through encrypted email: LtTimMcMillan@protonmail.com