Bill Evanina, former Director of the U.S. National Counterintelligence and Security Center, recently appeared on CBS’ 60 Minutes where he warned that Beijing is attempting to collect and exploit Americans’ health care information, including their DNA. He also claimed that China has stolen the personally identifiable information of 80% of Americans, using "less-than-honorable" methods to steal data, including hacking healthcare companies and technology, such as smart homes, sensors and 5G networks.
According to an IBTimes report, Evanina said the BGI Group, a large biotech firm, which has close ties to Beijing's military and government, approached Washington and five other states with offers to build and run state-of-the-art coronavirus testing labs. The Chinese firm promised to "provide technical expertise, high throughput sequences" and "make additional donations" to the states.
The offer, says the report, raised suspicions which prompted Evanina to issue warnings to the states against taking up the group's proposal. The warning helped prevent any of the six states from accepting the proposal, preventing national security and economic threats.
"This shows the nefarious mindset of the Communist Party of China, to take advantage of a worldwide crisis like COVID. We put out an advisory to not only every American, but to hospitals, associations, and clinics," Evanina said in an interview with CBS' "60 Minutes."
Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, says, “There are two ways Chinese interests are gaining access to our personal biodata. Either we are giving it to them unwittingly through unread, signed terms and conditions. Or, state-sponsored Chinese hackers are stealing it from the healthcare, biotech and pharma companies who we trust to protect it."
Bar-Dayan says, "These hackers assume correctly that the cyber hygiene of our healthcare providers is in and of itself unhealthy. They take advantage of the fact that our digital biodata is not 100% properly secured. It just takes one unmitigated vulnerability, out of the tens of thousands reported every year, to provide the opening bad actors need. Considering the current state of affairs, we need to spend a commensurate amount of time on the health of our digital healthcare systems as we do the health of the people.”
Dirk Schrader, Global Vice President at New Net Technologies (NNT), notes, “Simply put, recent cybersecurity research about the status of data protection in the health sector indicates that there is no real need for any foreign government to use advanced hacking methods to have access to Personal health Information (PHI) of US citizens. For example, radiology data of approximately six million US citizens was discovered unprotected late 2019, with no substantial improvement to that a year later. On top of that, the largest provider who had left its radiology archives connected to the public internet without any protection, is owned by a Chinese investor. When it is about data, there is an awful lot of room for improvement for the sector and the regulator overall, before it gets hard for a foreign government to have access to PHI.”