Internal dissent within the mostly volunteer disease-news network known as ProMED—which alerted the world to the earliest cases of COVID, Middle East Respiratory Syndrome (MERS), and SARS—has broken out into the open and threatens to take down the internationally treasured network unless an external sponsor can be found.
The struggle for the future of the low-tech site, which also sends out each piece of content on a no-reply email list with 20,000 subscribers, has been captured in dueling posts to its front page. On July 14, a post by ProMED’s chief content officer, a veterinarian and infectious-disease expert named Jarod Hanson, announced that ProMED is running out of money. Because it is being undermined by data-scraping and reselling of its content, Hanson wrote, ProMED would turn off its RSS and Twitter feeds, limit access to its decades of archives to the previous 30 days, and introduce paid subscriptions.
Hanson is at the top of ProMED’s masthead, and the post was signed “the ProMED team,” which gave the announced changes the feeling of a united action. That turned out not to be the case. Very early on August 3, a post addressing “Dear friends and readers of ProMED” appeared on the site’s front page. The open letter was signed by 21 of its volunteer and minimally paid moderators and editors, all prominent physicians and researchers, and it makes clear that no unity existed.
Advertisement
“Although the [July post] was signed by ‘The ProMED Team,’ we the undersigned want to assure you that we had no prior knowledge,” the open letter stated. “With great sadness and regret … we, the undersigned, are hereby suspending our work for ProMED.”
The letter was taken off the site within a few hours, but the text had already been pushed to email subscribers. (WIRED’s copy is here.) On Friday, signers of the open letter said they had been locked out of the site’s internal dashboard. The site’s regular rate of posting slowed Friday and Saturday, but appeared to pick up again on Sunday.
Maybe this sounds like a small squabble in a legacy corner of the Internet—but to public health and medical people, ProMED falling silent is deeply unnerving. For more than 20 years, it has been an unmissable daily read, ever since it received an emailed query in February 2003 about chat-room rumors of illnesses near Hong Kong. As is the site’s practice, that initial piece of intel was examined by several volunteer experts and cross-checked against a separate piece of news they found online. In its post, which is not currently accessible, ProMED reproduced both the email query and the corroborating information, along with a commentary. That post became the first news published outside China of the burgeoning epidemic of SARS viral pneumonia, which would go on to sweep the world that spring and summer—and which was acknowledged by the regional government less than 24 hours afterward.
Using the same system of tips and local news sources, combined with careful evaluation, ProMED published the first alerts of a number of other outbreaks, including two more caused by novel coronaviruses: MERS and COVID, which was detected via two online articles published by media in China on December 30, 2019. Such alerts also led the World Health Organization to reconsider what it will accept as a trustworthy notice of the emergence of epidemics. When the organization rewrote the International Health Regulations in the wake of SARS, committing member nations to a public health code of conduct, it included “epidemic intelligence from open sources” for the first time.
Advertisement
On the surface, the dispute between ProMED’s moderators and its leadership team—backed by the professional organization that hosts the project, the International Society for Infectious Diseases (ISID)—looks like another iteration of a discussion that has played out online for years: how to keep publishing news if no one wants to pay for it. But while that is an enduring problem, the question posed by the pause in ProMED’s operations is bigger than subscriptions. It looks more like this: How do you make a case for the value of human-curated intelligence in a world that prefers to pour billions into AI?
“ProMED might not always be the fastest, but it always provides important context that would not come through a news report,” says John Brownstein, an epidemiologist and chief innovation officer at Boston Children’s Hospital, who cofounded the automated online outbreaks database HealthMap and has collaborated with ProMED. “It’s the anti-social media, in a way. It’s a trusted voice.”
“ProMED possesses trained scientists that are able to discern what is really a problem and what is fake news,” says Scott J.N. McNabb, a research professor at Emory University’s Rollins School of Public Health and a former chief of public health surveillance at the US Centers for Disease Control and Prevention. “That’s a tremendous advantage. So the reports are not coming from uninformed individuals, they’re coming from professionals that have the medical expertise and public health expertise to really discern: ‘Is this genuine or not?’”
In recent weeks, it has been revealed that there is an increased risk to a critical listserv for disease outbreak surveillance. The risks have been described by a major cybersecurity firm as “experiencing a degree of vulnerability to malicious activity”.
The listserv in question is an integral tool for disease reporting and outbreak surveillance; the listserv is composed of an extensive network of media representatives, healthcare providers, and public health organizations around the world. Beyond just individuals, the list includes organizations such as the Centers for Disease Control and Prevention, the World Health Organization, and the Armed Forces Health Surveillance Center.
Due to its critical nature, the listserv is a primary target of malicious activity, making it necessary for it to be properly protected against attacks. Unfortunately, recent evidence has shown that the listserv does not currently possess the necessary defenses to shield it from malicious parties.
The risks posed by the listserv not being adequately secured against malicious actors are grave. Malefactors could potentially gain access to confidential information contained within the listserv, while using the list itself to spread disinformation from compromised accounts. This could potentially damage the trustworthiness of the data used in determining diseases, leading to inaccurate surveillance of diseases.
The risks are also not limited to the listserv itself; the data contained within could give malicious actors an advantage when conducting attacks on other decision-making systems. This could be especially dangerous in the case of making decisions regarding public health, as any inaccuracies could lead to disastrous consequences.
Fortunately, there are some steps that can be taken to reduce the risks associated with the listserv. Organizations could begin by taking steps to better secure the list with more comprehensive authentication mechanisms and more stringent security protocols. Additionally, organizations could also undertake regular diligence reviews of the listserv to ensure it is not open to malicious activity.
The risks posed by a vulnerable listserv for disease outbreak surveillance are real and should not be overlooked. If steps are not taken to ensure its security, malicious parties could potentially gain access to the list, leading to potential disaster. Organizations should therefore take active measures to ensure that the list is properly protected against malicious activity.
