WIRED

In May 2017, the WannaCry ransomware spread around the globe. As the worm locked Windows PCs, the UK's National Health Service quickly ground to a halt. 19,000 appointments were cancelled, doctor's couldn't access patient files and email accounts were taken offline.

But North Korean hackers behind WannaCry didn't touch one thing: patient data. No personal information was stolen, the NHS has concluded. The cyberattack was purely to cause disruption and an attempt to earn the hermit state some much-needed cash.


The same can't be said for China. New analysis has indicated that state-sponsored hackers from the country are targetting medical data from the healthcare industry. Research from security firm FireEye, has identified multiple groups with links to China attacking medical systems and databases around the world. These attacks include incidents in 2019, but also date back as far as 2013.

Increasingly the company says it is seeing the country's hacking groups attempting to obtain data that's used for studying medical conditions. "There's a prevalence of multiple Chinese groups over the last several years, and continuing in what we see today, targeting medical researchers in particular," says Luke McNamara, a principle analyst at FireEye who worked on the research.

Read next Trump’s TikTok battle heralds the ugly birth of a new splinternet Trump’s TikTok battle heralds the ugly birth of a new splinternet

"There seems to be a particular focus among some of that activity that is on entities whose primary focuses is cancer research," McNamara says. FireEye doesn't name any of the organisations that have been targeted but places blame on known hacking groups – called advanced persistent threats (APT). The company says the Chinese-linked APT41, APT22, APT10 and APT18 have all been seen trying to obtain medical data in recent years.

In April 2019, FireEye claims Chinese cyber espionage actors targeted a US_based healthcare center that specialises in cancer research. It says malware called EVILNUGGET was used in the attack and that the healthcare group had also been the focus of APT41 in 2018. People attending cancer-related conferences in Japan have also been subject to targetting, with attempts by APT10 to use spearphishing to access their online accounts.


McNamara says China's hackers have tried to get their hands on clinical trial data, information around research studies and also intellectual property of medical devices. "In one case, we saw actual targetting of medical device manufacturer and interest in the schematics and information on those products that they create," he explains. The group's report says biotech companies have been the focus of cyberattacks.

"A biotech company undergoing acquisition was targeted by APT41 in May 2015," FireEye's report says. APT41 is said to focus on hacking for financial gains and also espionage efforts. The May 2015 operation saw human resources data, tax information and documents about the company's acquistion taken by the Chinese group. The security company says: "Notably, clinical trials data of developed drugs, academic data, and R&D funding-related documents were also exfiltrated."

FireEye doesn't only pin medical hacking on Chinese state-sponsored groups. It says a group linked to Vietnam (APT32) attempted to access an unnamed health organisation in the UK. And Russia's APT28 has long-been linked to hacking of global drug testing units, linked to its anti-doping bans in world sports.

Read next China is rapidly building a world-beating wind energy revolution China is rapidly building a world-beating wind energy revolution

The company also highlights medical information being traded by hackers. One cybercrime group, THEDARKOVERLORD, sold around 10 million health records for hundreds of Bitcoins before its price spiked in 2016. On one Russian language forum in February this year access to a health network with 3,000 members in the US was being auctioned for $9,000–$20,000 (£7,400 – £16,500).


However, China's attempts focussing on medical data and cancer studies comes as the country puts a greater emphasis on creating its own products. In May 2015, the Chinese government launched Made in China 2025. The crux of this effort is replacing most of the foreign technology the country imports with locally-made products. This means boosting its own manufacturing base and creating new technologies in the process.

The 2025 plan is a central component in president Donald Trump's tariff war with China – which has contributed to some of the problems with Huawei. In June 2018, as Trump and China's clash over import and export rates started to emerge, China told state media to play down Made in China 2025 and avoid mentioning it in their reporting.

Research from consulting group LEK says (PDF) most of China's high-end drugs and medical products are dominated by multi-national companies. Most of the country's input into medical products is at the individual component level.

McNamara says China's attempts to gain medical research data have not been widely discussed and the country is putting significant efforts into its attempts. "Given the larger priority that China has put on this – it's not just been one or two APT groups that have been focused on it – there have been multiple groups targeting various entities within the verticals over the years," he says.

Read next The colossal scale of China’s coronavirus censorship on WeChat The colossal scale of China’s coronavirus censorship on WeChat

Chinese hackers have a well-documented history of stealing (or attempting to take) technological plans for products. In May this year, the US government said (PDF) the country's "cyber theft" of documents for military equipment was continuing. The country has previously purchased plans for the F-35 fighter jet. And in April 2019, the US MD Anderson Cancer Center removed several of its researchers after health officials in the country flagged their ties to China.

More great stories from WIRED

😡 TikTok is fuelling India's deadly hate speech epidemic

🚀 The staggering power of Russia's top-secret nuclear rocket

🍫 The foods you'll really need to stockpile for no-deal Brexit

♻️ The truth behind the UK's biggest recycling myths


🤷🏼 How is the internet still obsessed with Myers-Briggs?

📧 Get the best tech deals and gadget news in your inbox