Intel agency warns of threats from China collecting sensitive US health data

The National Counterintelligence and Security Center (NCSC) on Monday warned that efforts by the Chinese government to obtain U.S. health data, particularly DNA, through hacking and other means had been stepped up during the COVID-19 pandemic. 

“For years, the People’s Republic of China (PRC) has collected large healthcare data sets from the U.S. and nations around the globe, through both legal and illegal means, for purposes only it can control,” the NCSC wrote in a fact sheet. “The PRC’s collection of healthcare data from America poses equally serious risks, not only to the privacy of Americans, but also to the economic and national security of the U.S.”

The agency noted that these efforts had increased during the COVID-19 pandemic, with Chinese biotech group BGI offering COVID-19 testing kits to the majority of countries and establishing 18 testing labs over the past six months alone, allegedly as part of an effort to obtain health data. 

The NCSC wrote that U.S. health data was an attractive target for the Chinese government due to the diversity of the population and because of the nation’s comparably lax safeguards for personal data. 

“The PRC understands the collection and analysis of large genomic data sets from diverse populations helps foster new medical discoveries and cures that can have substantial commercial value and advance its Artificial Intelligence and precision medicine industries,” the agency wrote. 

The NCSC underlined its concerns that the Chinese government has already used health data, including DNA, to suppress and control its own citizens, noting that many residents of the Xinjiang province, home to the Uighur population, had been forced to provide fingerprints, blood types and other personal data.

The report was released the day after former NCSC Director William Evanina warned of the risks China posed to U.S. health care data during an appearance on CBS News’s “60 Minutes,” noting that there was a likelihood of “110 percent” that China has obtained an average American’s personal data.

“We have probably five or six health care companies in the last five years who have been, I would say, penetrated, exfiltrated, hacked by China,” Evanina said. “Current estimates are that 80 percent of American adults have had all their personally identifiable information stolen by the Communist Party of China.”

The NCSC warned Monday that the Chinese government was using the health data to outpace the U.S. biotech industry, which posed the threat of the U.S. being “left more dependent on Chinese innovation and drug development for its cures” and hurting the U.S. job market. 

Evanina highlighted this concern during his appearance on “60 Minutes,” warning that without action the U.S. could face the threat of China trying to “systematically eliminate our health care services.”

“Are we OK with that as a nation? If we are as a nation, then so be it, but that’s what’s happening,” Evanina said. 

Much of this data has been accessed through hacking, with Evanina saying that China is “number one in the world at any kind of hacking capability,” describing it as “brazen” in its online efforts. 

The NCSC also cited concerns Monday around Chinese hackers targeting U.S. health data and research.

“China’s access to U.S. healthcare and genomic data poses serious privacy and national security risks to the U.S.,” the agency wrote. “Through its cyber intrusions in recent years, the PRC has already obtained the Personal Identifying Information (PII) of much of the U.S. population.”

Chinese hackers have stepped up efforts to target both U.S. researchers and the overall COVID-19 vaccine supply chain over the past year. Evanina said at an event earlier this month prior to stepping down from his position that he was heavily concerned about efforts by both China and Russia to target the vaccination process. 

FBI Director Christopher Wray testified last year of these threats, telling a Senate committee that the FBI was seeing “very aggressive activity by the Chinese, and in some cases by others, to target our COVID-related research, whether it’s vaccines, treatments, testing technology, etc.”