State-backed hackers target overseas cancer research, patient data

By Chris Udemans
1 min read

Medical Data Yidu Cloud Yidu Yun

China’s state-sponsored hackers are showing increased interest in acquiring foreign healthcare research and patient data, as the country grapples with rising cancer rates and an overstretched medical sector, according to cybersecurity researchers.

Why it matters: Aside from concerns over mortality rates, China has a rapidly expanding pharmaceutical industry, which creates lucrative opportunities for homegrown companies that provide oncology treatments and services.

  • The hackers are part of advanced persistent threat (APT) groups, typically state-backed organizations that access private information for a prolonged period while remaining undetected.
  • The groups have targeted healthcare organization in the US, Japan, and Singapore, among others.

“One theme FireEye has observed among Chinese cyber espionage actors targeting the healthcare sector is the theft of large sets of personally identifiable information and personal health information, most notably with several high-profile breaches of US organizations in 2015.”

—Researchers wrote in a report published this week

Details: US-based cybersecurity firm FireEye said in its report that multiple APT groups had specifically targeted cancer-related research.

  • Researchers said that in April this year hackers singled out a US health center whose primary focus is oncological research, though they did not disclose the name of the facility.
  • In 2018, APT41, which has turned to financially motivated hacking alongside espionage campaigns, targeted the same facility. Since at least 2013, two other Chinese APT groups have infiltrated similar organizations in the US and Japan.
  • State-backed groups have carried out attacks to acquire patient data, including a high-profile attack on Singaporean healthcare provider SingHealth, with 1.5 million people being affected.
  • In at least one instance, attackers targeted the health data of US citizens, including that of government employees, which could be used to “identify and harass or threaten the family members of Americans with security clearances,” FireEye said.

Chinese state-backed hackers are turning to cybercrime for profit

Context: Chinese state actors have been accused of attacking foreign firms to accelerate the country’s progress via intellectual property theft.

  • But evidence showing that these groups are also moonlighting for profit, using the same tools they employ in espionage campaigns for financial gain.
  • These non-state sponsored activities also allowed groups like APT41 to hone their espionage skills.