Healthcare Information Security

Patient Privacy News

Government Report Finds China Could Use Medical Data for Blackmail

The US-China Economic and Security Review Commission says China has invested heavily in US biotechnology, including access to genomic data that may pose a national security risk.

China hacking blackmail risk to healthcare

By Jessica Davis

- China has been rapidly increasing its investment in the US biotechnology sector in recent years, which has potentially given them access to genetic, private, and medical data that could pose a security risk, according to a new report from the US-China Economic and Security Review Commission.

The commission was established by Congress to evaluate the national security implications of the trade and economic relationship between the US and China. The report, titled China’s Biotechnology Development, was prepared by Gryphon Scientific and Rhodium Group.

The researchers determined the Chinese government has recognized the value of healthcare-related data in biotechnology development and made collection of it a national priority with four major health data centers.

Further, China’s regulatory bodies have fast-tracked genomic research, and “and, in some instances, bypassed the lengthy official drug review process.”

“Chinese companies have access to American health and genomic data including through accredited corporate participation in the U.S. health care system,” the report authors wrote. “China’s efforts to acquire US health data combined with limited protections raise questions about national security.”

READ MORE: What’s at Stake with Healthcare IoT and Cloud? Unnecessary Risk

“Theoretically, access to private information on security sensitive US persons creates a risk of blackmail and may reveal health conditions exploitable in a targeted attack, although no public reports suggest this has yet happened or is a current aim of the Chinese Government or industry,” they added.

While China is just a tenth the size of the US biotech industry by market size, its biotech industry has rapidly expanded with a top-down, long-term approach to build its competitive sectors. Additionally, China’s biotech sector is closely tied with foreign entities, the report found.

China’s biotech companies leverage US firms to acquire necessary technologies and data to support its current capabilities, such as corporate and academic partnerships and recruitment of U.S.-trained researchers. And while Chinese investment in the US has declined, its investment of biotech and health industries has been resilient.

“Chinese investment in U.S. biotech in 2000–2017 predominantly (96 percent) came in the form of acquisitions and startup financing: 67 percent of Chinese capital can be attributed to acquisitions of U.S. companies, while VC and other portfolio investment contributed 29 percent,” the report authors wrote.

“Nominal government ownership plays a minor role in Chinese biotech investment in the U.S.,” they added. “However, there are other channels through which Beijing can exert influence on private Chinese firms’ overseas investments.”

READ MORE: HIPAA Needs Clarity Around Patient Data Sharing, AMIA, AHIMA say

Those areas include using capital controls to steer outbound investments to preferred industries. The researchers also explained that “China’s central and local governments often set up special funds to promote development in strategic sectors.”

As a result of the heavy investment in US biotech, “Chinese biotechnology companies are acquiring technologies crucial to advancement in the field as well as amassing large collections of clinical and genetic data on US residents.”

What’s concerning, the researchers explained, is that the US doesn’t protect medical and healthcare data as well as other nations. Citing the strict nature of EU’s General Data Protection Regulation, HIPAA and other US regulations do not go as far to protect patient health data.

And China’s laws prevent the export of data on Chinese citizens, “requiring a permit for each research use of genomic information.”

“The US is not moving as aggressively as China to advance big data in healthcare, and that could, over time, open an innovation gap,” the report authors wrote. “The US can prevent this outcome by reinvesting in our own infrastructure, knowledge base and scientific enterprise to compete with China.”

READ MORE: Phishing, Negligent Insiders Leave Healthcare Vulnerable, HIMSS says

The researchers made several recommendations, including the need for the US to analyze the long-term risks posed by China’s statist approach to innovation and formulate policies to respond to those challenges.

Further, the US need to develop federal guidance for international data agreements to protect access to aggregated data on US citizens. The policies would outline how to structure those partnerships, so US interests are maintained.

The researchers also stressed the need for greater cybersecurity to protect the data of US patients.

“Legal protections on data access, no matter how stringent, will not prevent unauthorized access by China or other foreign governments,” the report authors wrote. “Recent healthcare cybersecurity breaches in the US suggest that enhanced measures to protect personal data from hacking are necessary.”

“Yet, while the healthcare industry is receiving increasing numbers of cyberattacks, we see no particularities that suggest protecting genomic and healthcare-related data requires unique cybersecurity measures,” they added.

A list of the full list of recommendations and findings can be found here.

The Department of Justice and Homeland Security recently issued a warning that alleged Chinese hackers have been targeting IT service providers and other sectors with malware attacks to exfiltrate data. The Chinese hacking group APT has been linked to several US data breaches, including those on the healthcare sector.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...