In March 2025, genetic testing company 23andMe filed for Chapter 11 bankruptcy. Once considered a pioneer in personalized health and ancestry data, the company had already suffered a massive data breach in 2023 that exposed the personal information of nearly 7 million users.
Now, with its financial future in question, privacy experts are sounding a new alarm: if 23andMe is sold or its assets are liquidated in court, that sensitive user data could change hands—raising the risk of further exposure or misuse.
That’s why many security and privacy advocates are urging current and former 23andMe customers to delete their stored genetic information. The concern isn’t hypothetical—if a buyer without strong security protocols or ethical standards gains control of this data, users could face long-term implications, from discriminatory practices to targeted scams or informational blackmail.
For business owners, the 23andMe situation represents more than just another headline about data breaches and cybersecurity incidents. It’s a stark reminder of the growing risk accompanying the storage of sensitive data—and a bright red warning light about what happens when companies are unprepared to protect the data or fix security gaps before they can be exploited.
Unlike a credit card number or login password, a person’s DNA doesn’t change. That makes genetic data incredibly valuable on the black market or dark web. Hackers who gain access to this kind of healthcare information can potentially link it with other personal identifiers—names, addresses, medical histories, and family trees—to build deep, lasting profiles that target consumers.
Even before the bankruptcy filing, the 2023 23andMe data breach raised alarm bells because it exploited a technique known as credential stuffing. This tactic uses previously stolen usernames and passwords to access accounts across multiple platforms—another reminder of the need for strong, unique login credentials for individuals and businesses alike.
After the latest announcement, the risks are increasing. 23andMe’s data assets are suddenly in limbo, and even though the company claims it will protect customer privacy during any sale, the future is uncertain. Regulators in the U.S., U.K., and Canada are investigating the breach, but legal protections can’t always keep pace with rapid digital change.
For individuals, experts offer one simple solution: delete your data from 23andMe if you no longer want it stored. It’s a clear reminder that if a company can’t guarantee the safety of your personal information, you should try to take back control of it so they can’t store it forever.
For businesses, this advice should prompt a larger conversation. What data are you storing? How long are you keeping it? Who has access? What protections are in place?
Companies often hold onto more data than they need. That includes customer records, employee information, health-related files, or archived communications. The risk increases when that data is stored on outdated systems or across multiple locations without strong oversight. If your business isn’t actively auditing and managing the information you store, it’s time to change that approach with the help of a trusted IT provider.
The 23andMe story also spotlights a wider issue: the increasing cybersecurity risks facing the healthcare sector as a whole. According to a recent report from SecurityWeek, 99% of healthcare organizations have medical devices running on legacy operating systems—outdated platforms no longer supported by manufacturers or equipped to receive modern security updates.
These devices, which include imaging tools, computer monitors, and diagnostics systems, often connect directly to hospital networks. If hackers can exploit just one of these unprotected endpoints, they can gain access to sensitive patient data, interrupt day-to-day operations, or even disrupt life-saving procedures. The consequences aren’t theoretical—ransomware attacks have already shut down hospitals, delayed critical treatments, and compromised patient safety.
IT environments operating in the healthcare industry are especially complex because of compliance requirements, budget constraints, and the need for continuous operation. But those challenges are no excuse for inaction or neglect. As the recent analysis makes clear, healthcare businesses are well aware of the risks facing them—as are hackers who constantly try to target the industry.
You don’t have to work at a hospital or have genetic information in an online database to be affected by these news stories and trends. Any organization that interfaces with healthcare providers or handles health-related information could be part of this risky ecosystem.
That includes:
● Billing and insurance companies
● Legal and compliance advisors
● Software and cloud service providers
● HR and staffing firms
● Transportation and logistics providers
● Specialized service contractors (e.g., cleaning, equipment maintenance)
Even indirect access to healthcare systems or data can create problems. If your business stores personal health information (PHI) or connects to healthcare networks, you may be subject to HIPAA regulations. Even if you’re not privy to healthcare-related concerns, your business can still face reputational and operational damage from a security breach, no matter how big of a deal it is.
In light of the 23andMe news and the broader healthcare vulnerability report, your business can take several proactive steps to enhance cybersecurity and better protect sensitive data. These include:
● Audit what you store. Conduct a full inventory of the data your business collects and retains. Identify what’s essential, what’s outdated, and what can be securely deleted. Don’t store what you don’t need, and make sure automated processes are in place to capture regular, remote, and redundant data backups.
● Secure every endpoint. Laptops and mobile devices often represent the weakest link in any network. But given the news about the healthcare industry, that threat extends to office workstations, outdated medical tools, monitors, and even printed. All should be protected with up-to-date security software, strong cyber configurations, and automated patching. A trusted IT provider can help with all of the above.
● Upgrade from legacy systems when possible. In today’s dangerous cyber landscape, outdated software or unsupported devices can’t be trusted. Work with a trusted IT provider to immediately replace what you can, make a plan for long-term changes, and isolate or segment legacy systems that must remain in use.
● Use multi-factor authentication (MFA). Many data breaches like the one that struck 23andMe start with credential stuffing—using stolen or compromised login credentials for one platform to try and log in to multiple others. MFA can block these types of attacks by requiring every user to enter a second layer of credential verification every time they log in.
● Limit access privileges. Not every employee at your company needs access to every file or system. Adopt a “least privilege” approach for as much data as possible to reduce the risk of internal misuse or external compromise.
● Implement a business continuity plan. Every industry needs to invest in protocols that ensure continuity in the event of an outage or breach. But healthcare companies in particular must have established plans in place to recover data, notify stakeholders, and maintain operations in the event of a cyberattack.
As the 23andMe case shows, companies can lose control of sensitive data in ways that no one could have ever expected. For healthcare providers and their partners, the risks are even more urgent—ransomware, outdated devices, and overextended IT systems create an ever-growing threat landscape.
But with the right preparation, those risks can be mitigated. CMIT Solutions helps businesses across North America secure their systems, protect their data, and stay one step ahead of cyberthreats.
Whether you’re storing sensitive information, relying on older infrastructure, or supporting healthcare clients, we’re here to help you build resilience and protect what matters most. Contact us today to find out more.
April is Child Abuse and Neglect Awareness Month
A beautiful 3-year-old pup looking for her forever home!
Festivities Will Include Live Music, Drink Specials, New Food Items, and Free Brewery Tours
The perfect time to show all the love to the Kenosha Public Library system!
Join us for the 7th Annual UNITE THE FIGHT Dance Fitness Fundraiser
This website uses cookies.