It's often said that there are two types of healthcare organizations, those that know they have been hacked and those that are still ignorant of the fact. In other words, just about everyone has already been hacked at least once by now - payers, providers and life sciences.
But while cyberattacks against availability of IT systems and data - principally Denial of Service (DOS) and Ransomware cyber extortion attacks, seem to make the headlines almost every week, there are other stealthier attacks taking place in the background, almost constantly in fact. This involves the exfiltration of non-public data. Sometimes this is used for extortion in secondary and tertiary ransomware demands with the threat to release confidential non-public data unless an additional ransom is payed to the criminal perpetrators. Other times it is for the sale and monetization of data - patient identities, their prescriptions which can be filled and sold on the street, or other PHI or PII data - employee banking information for example. And sometimes perpetrators deliberately search for high value intellectual property data. This last category is usually referred to as 'cyber espionage', and only occasionally makes the front page of the press, usually then only when some government official makes a stink about the sheer levels of cyber espionage and intellectual property theft taking place.
The Art of Espionage
'Espionage' according to the Oxford Dictionary is the practice of spying or of using spies, typically by governments to obtain political and military information.So 'cyber espionage' is chiefly about obtaining political and military information, not by the use of spies like 007 James Bond, but by means of cyber attacks and infiltration of non-public information systems.
The advent of the internet and the connectivity of government and health systems to the internet has made cyber espionage that much easier. You no longer need someone on-site or in-country - an insider threat, spy or double agent to obtain valuable information. KGB spies like Rudolf Abel, Kim Philby, Oleg Gordievsky, Aldrich Ames, and Anna Chapman for example.
Today all governments spy on one another - even between friends and allies. The US NSA was accused of hacking and listening into the French President’s cell phone some years ago according to Wikileaks, and at that time at least, before the tariff war, France and the USA were friends and allies.
The USA spies on Iran to ascertain the level of uranium enrichment it has achieved since Trump in his first term pulled out of the Iran Nuclear Deal thinking he could negotiate a better deal and failed. The USA also spies on China, North Korea and Russia about each's military capabilities and a wide variety of other useful data points and strategic moves.
The Art of Cyber Espionage and IP Theft
But countries also occasionally spy on other forms of data. Enter the Peoples Republic of China and the huge revelation exposed by the Mandiant APT1 Report in 2013. If you have not read this or a summary of this report you really should do. It changed the game and our understanding of cyber espionage against commercial businesses.APT1 is otherwise known as PLA Unit 61398 (61398部队) a military unit of the Chinese Communist Party, Peoples Liberation Army. These aren’t criminal hackers they are employees of the Chinese Communist State. They are paid to hack, but not just government or military secrets - in this case intellectual property and commercial trade secrets from businesses in other countries.
China is famous for its Great Leap Forward, Mao’s attempt between 1959 to 1961 to take China from a feudal agrarian society to an industrial powerhouse. It failed and resulted in the death of 45 million people who mostly starved to death, under Mao’s ill-conceived and badly run collective agriculture and industry policy. (That’s more than double the total number of soldiers to die during WWII across all theaters to provide some perspective just how big a human calamity this was.)
After decades of isolation from the rest of the world, China has since the 1990s, once again been attempting another Great Leap Forward through rapid modernization and industrialization becoming the factory of the world for consumer goods. This time around however, China largely succeeded and has taken millions of its people out of abject poverty, through industrialization, urbanization and education.
Ownership of the Means of Production
But in China the 'means of production' is owned almost entirely by the state. CCP state owned industries dominate and even hold a majority share in joint ventures with global firms which are only allowed to own a 49% stake.
The ruling CCP also puts together 5 year plans. These ambitious documents usually discuss how China will be the global leader in EVs, or the largest manufacturer of pharmaceutical drugs, or the global leader in aeronautical engineering, etc.
But to reach these lofty goals, to make up for the lost years of communist isolationism and stagnation under Mao, and a lack of history, knowledge and experience, China has had to obtain technologies, manufacturing standards, and a heap of other proprietary commercial trade secrets from world leaders outside of the PRC - usually by what ever means at its disposal. Mostly this means through 'cyber espionage' and supplemented by process and procedure skills brought back from Chinese diaspora working overseas.
According to a 2022 report by Cybereason one China state actor alone, APT41, has siphoned off trillions of US dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors. The Cybereason investigation entitled 'Operation CuckooBees' was shared with the FBI, and discovered APT41 'stealing IP of drugs around diabetes, obesity, depression.' Cybercriminals were focused on obtaining blueprints for cutting-edge technologies, the majority of which were not yet patented, the report stated.
Chinese IP theft has included the theft of pharmaceutical drug formations, clinical trail methodologies and practices, manufacturing IP and much, much else. It has short-cut 50 plus years of IP development by global pharmaceutical companies, sometime including experimental drugs developed at over a decade or more at the costs of hundreds of millions of dollars, pounds and euros in R&D. China has even patented some these stolen experimental drugs and attempted to sell them back to the global markets that invented them and financed their research.
Levels of Cyber Espionage and IP Theft
Between 2018 and 2019, Bayer and Roche were both targeted by nation-state APT cyber attacks, aimed at industrial espionage, and attempting to steal valuable intellectual property. Both companies claimed to have contained the breaches without significant data or intellectual property loss, but other biotech and pharmaceutical organizations have fared less well.
During COVID-19, both China, and to a lesser extent Russia, Iran, and the DPRK, were discovered to be attacking US, UK, German and other hospitals and bio-labs, in an attempt to steal cutting edge research into vaccine development and treatment regimens. This resulted in CISA, the US Cybersecurity Infrastructure Security Agency, having to issue a warning about cyberattacks by China and others.
Intellectual property theft through cyber espionage for the Peoples Republic of China is strategic, state directed and financed, and seen as being critical for national development. Commercial trade secrets are stolen by the Chinese army and passed directly to army run state owned industries. These industries then leverage stolen research, or copy IP for incorporation in new pharmaceutical drugs and other products, which can then be sold on domestic or even overseas markets.
According to the US Select Committee on the Chinese Communist Party, Chinese intellectual property theft was in 2023, estimated to cost the US taxpayer $600 billion per year. This is why 'cyber espionage' is considered so important today for both China which is acquiring it, and the rest of the world which is losing it through cyber theft.
China though is not just engaged in IP theft. Many of its cyber espionage attacks have been focused upon leverage in state negotiations. The cyberattack against Singapore Health (SingHealth in 2018) resulted in the theft of not only medical records but also prescription records for the Prime Minister and his entire cabinet. Again, this was a CCP China advanced persistent threat (APT) attack not to sell the exfiltrated data but to use it as leverage in Sino-Singapore trade negotiations.
During COVID-19, both China, and to a lesser extent Russia, Iran, and the DPRK, were discovered to be attacking US, UK, German and other hospitals and bio-labs, in an attempt to steal cutting edge research into vaccine development and treatment regimens. This resulted in CISA, the US Cybersecurity Infrastructure Security Agency, having to issue a warning about cyberattacks by China and others.
Intellectual property theft through cyber espionage for the Peoples Republic of China is strategic, state directed and financed, and seen as being critical for national development. Commercial trade secrets are stolen by the Chinese army and passed directly to army run state owned industries. These industries then leverage stolen research, or copy IP for incorporation in new pharmaceutical drugs and other products, which can then be sold on domestic or even overseas markets.
According to the US Select Committee on the Chinese Communist Party, Chinese intellectual property theft was in 2023, estimated to cost the US taxpayer $600 billion per year. This is why 'cyber espionage' is considered so important today for both China which is acquiring it, and the rest of the world which is losing it through cyber theft.
China though is not just engaged in IP theft. Many of its cyber espionage attacks have been focused upon leverage in state negotiations. The cyberattack against Singapore Health (SingHealth in 2018) resulted in the theft of not only medical records but also prescription records for the Prime Minister and his entire cabinet. Again, this was a CCP China advanced persistent threat (APT) attack not to sell the exfiltrated data but to use it as leverage in Sino-Singapore trade negotiations.
