Chinese Hacking Groups Target Cancer Research Organizations, Researchers Said


Usually, hackers tend to hack financial institutions, military or companies due to the information they possess, as well as their secrecy.

But Chinese advanced persistent threat (APT) groups are starting to focus on cancer research institutes in order to steal their work, among other data.

On a report titled "Beyond Compliance: Cyber Threats and Healthcare", researchers from cybersecurity firm FireEye said that Chinese APTs - many of which are state-sponsored - continue to target medical entities.

And cancer-related organizations are a common target.

"Within any industry, threat actors will often gravitate to the least secured points in the ecosystem to obtain the data or access they are seeking. Beyond insurers, cyber criminals will often gravitate to poorly secured healthcare providers to obtain PII [personal identifiable information] and PHI [personal health information]."

"Cyber espionage actors can leverage this data for intelligence collection purposes, to further target high-profile individuals or those who may have access to valuable information. Additionally, organizations involved in research and development, whether for treatments, medical devices, biotechnology, or other subsets of the industry, have valuable intellectual property that is a driver for economic espionage."

APT attacks - FireEye
Healthcare cybersecurity incidents. (Credit: FireEye)

The APT41 for example, has attacked a U.S. health center, an enterprise company that owned a medical device unit, as well a biotechnology company to steal clinical trials data of developed drugs, academic information, and research-related documents.

The APT22, another Chinese hacking group, had also launched similar attacks against the aforementioned cancer research institutions, and has been actively attacking healthcare organizations for a few years already. This particular APT tends to focus on biomedical and pharmaceutical companies.

Then there was China's APT10, which was found to have sent spear-phishing emails to a Japanese medical firm.

APT18, yet another hacking group tied to China, has been targeting cancer research organizations since 2013.

"Ransomware or extortion campaigns are likely perceived as especially useful against this sector, as they could limit access to patient or health information or disrupt critical care, potentially leading to an increased success rate and higher payouts for actors."

"Future activity could cause significant to catastrophic effects should actors undertake destructive or high-impact disruptive attacks, as evinced by the WannaCry and EternalPetya attacks."

FireEye added that these attacks might not simply be focused on the research itself, but also its intrinsic value.

"[China] has one of the world's fastest-growing pharmaceutical markets, creating lucrative opportunities for domestic firms, especially those that provide oncology treatments or services," the researchers said. "Targeting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors."

Cancer is one of the leading cause of death worldwide, which had been responsible for claiming the lives of 9.6 million people in 2018.

The World Health Organization (WHO) estimated that one in six deaths annually are caused by cancer, and with these high mortality rates, researchers across the globe are scrambling towards ways to improve detection and treatment.

And because cancer cure researches are lengthy and expensive, China is said to have used various nefarious methods to speed up their goals.