Chinese cyber actors trying to steal US healthcare data, officials say
Posted on: Friday, February 5, 2021 By: KorchekStaff
Cyber threat actors with connections to China are targeting U.S. healthcare and genomic data by hacking and other extraction methods, according to a February alert issued by the National Counterintelligence and Security Center.
The People's Republic of China has used both legal and illegal methods for years to gather large healthcare datasets from the U.S. and other countries, according to the alert.
"While no one begrudges a nation conducting research to improve medical treatments, the PRC’s mass collection of DNA at home has helped it carry out human rights abuses against domestic minority groups and support state surveillance," the NCSC alert states. "The PRC’s collection of healthcare data from America poses equally serious risks, not only to the privacy of Americans, but also to the economic and national security of the U.S."
Compared to other countries, the U.S. has fewer safeguards on medical and health data, including data for research purposes, according to the report. U.S. safety provisions focus mostly on privacy, rather than national security, which leaves it vulnerable to foreign actors who can more easily get access to data on U.S. citizens.
Chinese companies have capitalized on the U.S. security environment by investing in American firms that handle sensitive health data and other types of personal data, which gives the Chinese companies access to the data. These companies have also gained access to U.S. data by partnering with hospitals, universities and other research organizations in America, according to the report.
"Aside from these immediate privacy risks, China’s access to U.S. health and genomic data poses long-term economic challenges for the United States,” the report states. "The combination of stolen PII, personal health information, and large genomic data sets collected from abroad affords the PRC vast opportunities to precisely target individuals in foreign governments, private industries, or other sectors for potential surveillance, manipulation, or extortion."
Click here to view the full report.