Sharing Genetic Risk Scores Can Unwittingly Reveal Secrets

Genetic risk scores, also known as polygenic risk scores, condense millions of DNA variants into a single probability that a person will develop conditions such as heart disease, diabetes, or certain cancers. By aggregating effect sizes from large genome‑wide association studies, these scores enable clinicians to personalize prevention strategies without exposing the raw genotype. However, the very summarisation that makes the scores useful also creates a privacy paradox: the numeric output can act as a cryptographic fingerprint of the underlying genome. This duality raises urgent questions about how much information can be safely abstracted.

Researchers have demonstrated that, using linear algebra and reference panels, an adversary can invert a risk score to approximate the original genotype at thousands of loci. Health insurers could feed reconstructed profiles into actuarial models, uncovering undisclosed conditions and adjusting premiums accordingly. Likewise, individuals who post scores on public forums believing anonymity can be re‑identified by matching the inferred DNA against open genealogy databases, effectively linking a numeric summary back to a real person. Such attacks require only the published score and publicly available reference data, lowering the barrier for malicious actors.

The revelations have sparked calls for tighter data‑governance frameworks. Regulators in the EU and US are evaluating whether polygenic risk scores should be classified as protected health information, subject to stricter consent and de‑identification standards. Meanwhile, biotech firms are exploring cryptographic techniques such as secure multiparty computation to deliver risk assessments without ever exposing raw genotypes. Adopting privacy‑by‑design principles now could preempt costly litigation and preserve the commercial viability of genomic services. As the market for personalized genomics expands, balancing innovation with robust privacy safeguards will become a decisive factor for consumer trust and industry adoption.