Drex delves into the challenges facing companies like 23andMe and Atlas Biomed, highlighting critical concerns around DNA data privacy and the impact of financial struggles on sensitive information. Learn actionable insights to tighten your organization's data agreements, ensure privacy compliance, and mitigate risks in the evolving cybersecurity landscape.
Remember, Stay a Little Paranoid
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
Hey everyone, I'm Drexan. This is the Two Minute Drill, where I do three quick stories twice a week, all part of one great community, the 229 Cyber and Risk community here at This Week Health. Today's Two Minute Drill is brought to you by ORDR, the Asset Inventory and Intelligence Platform. Did you know that you can know everything about everything on your network?
nt to know about. Way back in:And they gave me a coupon for a free test kit. So I did it, and I got my personalized reports, and it was pretty cool, pretty great insight. Actually, I'm way more Irish than anyone in my family ever told me, which kind of explains now my affinity for St. Patrick's Day. Anyhow, I didn't really think much at the time about how my data would be used, all the ramifications of my DNA being used in studies, or how that DNA data in the wrong hands could turn out to be a real problem for me.
I'd given up a lot of privacy for a little information. Probably not the smartest thing I've ever done, but I've done some pretty dumb stuff. So anyhow, two of the stories at ThisWeekHealth. com slash news are about problems that 23andMe and a similar British company called Atlas Biomed. It appears both are navigating some tough sailing from a business perspective.
Atlas Biomed customers have lost access to their online DNA profiles And many customers are now worried about what happens to their private data if or when that company is sold. And 23andMe is on its own difficult path financially. Over the past few years, the stock has sunk from being priced higher per share than Apple to now being on the verge of being delisted.
23andMe is worth just 2 percent of what it once was. But again, it's the sensitivity of the data that is the big concern for most of us. And what happens to that data when times are tough for these kinds of companies. Now, of course, let me bring this consumer problem around to what privacy and security folks need to make sure that they're working on with their legal and compliance and information services teams.
Like consumers, our organizations sometimes sign terms and conditions and we don't necessarily think a lot about what might happen to the data we provide to third party companies 10 years from now. We're busy. We're trying to accomplish the mission. We have pressure to get things done. But this story is a good reminder that as a healthcare organization, you need to make sure those terms are what you want.
and not what the third party wants. Make sure you address things like specific cases where your data can be used and where it cannot be used, like for training AI models, that's become a big deal recently. And if that's something you don't want to be involved in, make sure that your contracts say that.
Or putting limits on how long they can hold or use the data you've provided and having them provide attestations that they've actually deleted the older data from their databases. and their backups once they've hit that time limit. And specific language around how your data will be handled should the company merge with another or be sold.
And of course, you probably already have language around when and how you'll be notified in case of any suspected data breach or cyber event at that third party company. You got that right. Sometimes these consumer events are a good reminder that we should probably take time to tighten up our business processes.
And I hope this episode has kind of helped you think through that, at least a little bit. By the way, if you're like me and you sent that little tube to 23andMe and now you're having second thoughts, there's a way to request that your account and your DNA be deleted from their databases. I will put that link in the comments.
There's more on these stories and a bunch of others, as always, at thisweekout. com slash news. Today's 2 Minute Drill was brought to you by ORDER. Do you really know who all your devices are talking to? You can. Bring some ORDER to your enterprise. Find out more at order. net slash healthcare. That's it for today's 2 Minute Drill.
Thanks for being here. Stay a little paranoid. I'll see you around campus.