Federal agencies are sounding the alarm about Chinese spyware in U.S. healthcare. From patient monitors to internet-connected cameras, to DNA sequencers and WiFi routers, a range of Chinese products have come under scrutiny for potentially providing Beijing with backdoor access to sensitive American healthcare data.
Here’s the problem: Chinese companies in America are beholden to two contradictory sets of laws – American laws that require data privacy and Chinese laws that require intelligence work. China’s Communist Party has effectively obliterated the distinction between “private sector” Chinese companies and the surveillance state they all must serve. The solution requires a concerted effort by U.S. policymakers, state and federal law enforcement, and American corporations to keep CCP spyware out of U.S. healthcare.
Patient healthcare monitors provide attending physicians with a live feed of a patient’s vital signs. Disturbingly, Chinese monitors that are sold throughout the U.S. come with suspicious additional features. “Contec CMS8000 Contains a Backdoor,” reads a February fact sheet from the Cybersecurity and Infrastructure Security Agency (CISA). The Food and Drug Administration (FDA) matched CISA’s warning with a safety communication titled “Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed.” CISA analysts discovered one functionality that “enables patient data spillage,” and another “which may allow remote code execution and device modification.” In other words, hackers can potentially steal patient data and alter the device’s readings.
The problems don’t stop there. A February bulletin from the Department of Homeland Security (DHS) warns that internet-connected Chinese cameras give the Chinese government the ability to “conduct espionage or disrupt U.S. critical infrastructure,” which includes healthcare and the public health sector.
Perhaps the most pernicious threat comes from Beijing’s plan to dominate in genetic sequencing technologies in order to achieve broader biotechnology dominance. Beijing Genomics Institute (BGI), a Chinese genetic sequencing national champion, has been blacklisted by the Department of Defense as a Chinese Military Company operating in the U.S. and sanctioned by the Department of Commerce because their “collection and analysis of genetic data present a significant risk of diversion to China's military programs.”
Congressmen John Moolenaar and Raja Krishnamoorthi, leaders of the House Select Committee on the Chinese Communist Party, warn of Chinese military plans to leverage genetic data to create diseases that are “more toxic, more contagious, and more resistant.” What are the key inputs for China’s military medical infrastructure? U.S. IP and medical data, like that collected by BGI.
The Select Committee also recently argued for the removal of Chinese TP-Link wireless routers in March hearings. Rob Joyce, the former director of cybersecurity at the National Security Agency, claimed that TP-Link “appears to be selling at price points below profitability to drive out Western competition,” allowing TP-Link to rapidly seize market share. Joyce also testified that the routers expose individuals and businesses to cyber-intrusion that could be used to launch attacks on critical infrastructure, such as the public health sector.
China’s 2017 National Intelligence Law and a range of other party-state security measures require Chinese companies to serve the Communist Party surveillance state. Former National Security Advisor Robert C. O’Brien wrote that the Intelligence Law “obligates individuals, organizations, and institutions to assist the PRC security and intelligence services in carrying out a wide variety of intelligence work.”
These contradictions must be exposed and worked through by President Trump, Congress, statehouses leaders, and the courts. President Trump and Congress must rapidly assess American healthcare exposure to insecure CCP technologies, and ban technologies that present data risks. States are leveraging their regulatory powers to block Chinese genomic technologies within their borders, with Idaho and Tennessee banning Chinese genetic sequencers and a dozen more states considering similar measures. Insecure technologies need to be removed from hospitals and healthcare more broadly.
Finally, state Attorneys General should take aim at Chinese products that make false claims about security and data privacy, and examine these discrepancies against state consumer fraud, data privacy, and product liability laws. American companies that resell flawed Chinese products under an American brand, a practice known as “white-labelling,” deserve even greater scrutiny. AGs must protect American consumers and patients.
China’s Communist Party has executed the state-sponsored theft of trillions in intellectual property and more personal data than all other countries put together. Chinese healthcare products are subject to party control, which presents unacceptable data and security risks in America’s healthcare sector.
Michael Lucci is the Founder and CEO of State Armor
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.