Abstract
Some organizations such as 23andMe and the UK Biobank have large genomic databases that they re-use for multiple different genome-wide association studies. Even research studies that compile smaller genomic databases often utilize these databases to investigate many related traits. It is common for the study to report a genetic risk score (GRS) model for each trait within the publication. Here, we show that under some circumstances, these GRS models can be used to recover the genetic variants of individuals in these genomic databases—a reconstruction attack. In particular, if two GRS models are trained by using a largely overlapping set of participants, it is often possible to determine the genotype for each of the individuals who were used to train one GRS model, but not the other. We demonstrate this theoretically and experimentally by analyzing the Cornell Dog Genome database. The accuracy of our reconstruction attack depends on how accurately we can estimate the rate of co-occurrence of pairs of single nucleotide polymorphisms within the private database, so if this aggregate information is ever released, it would drastically reduce the security of a private genomic database. Caution should be applied when using the same database for multiple analysis, especially when a small number of individuals are included or excluded from one part of the study.
Highlights
We demonstrate that the kind of research output that is published from genome-wide association studies (GWAS) has the potential to leak enough information to recover the single nucleotide polymorphisms (SNPs) of individuals in the database, under specific circumstances
We demonstrate a series of reconstruction attacks that enable us to infer the genotypes of individuals in private genomic databases, based on publicly released genetic risk score (GRS)
We demonstrate that private information is leaked when GRS models are published, in the case where two sets of largely overlapping individuals are used for multiple studies
Summary
In a survey of genomic privacy experts, the long-term privacy of genomic information was deemed both the most important and the most challenging problem While much of the research focus on long-term privacy of genomic databases rests on the longevity of the encryption scheme [7], it is important to remember that these genomic databases are not just sitting on a server somewhere, but are being continually utilised for making new scientific discoveries Each time these databases are accessed and the scientific results are published, there is a risk that information will be leaked and that eventually this would enable an attacker to reconstruct private information held in the database
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
