U.S. government to biotech: You’re facing threats—but we can help
Federal officials and private sector executives issued a stark warning recently to the biotechnology sector: You’re being targeted by bad actors.
The good news, they said, is the Federal Bureau of Investigation (FBI), the U.S. Department of Justice (DOJ) and National Institutes of Health (NIH) are eager to work with industry and academic partners to help combat those threats.
During the recent 2019 Biotech Security Summit at the Texas Medical Center Innovation Institute, officials from the FBI, NIH and DOJ outlined the myriad threats facing U.S. hospitals, research laboratories, biotechnology companies and biopharmacy companies—focusing primarily on intellectual property theft and cybercrimes. They were joined by executives from the University of California System, Memorial Hermann Health System and the law firm Clark Hill.
“They’re targeting the entire biotechnology sector,” said Perrye Turner, special agent in charge of the FBI’s Houston Field Office. Top FBI leaders at the event said they’re taking a new, collaborative approach to these types of threats and implored stakeholders in the medical, biotech and biopharma sectors to contact their local FBI field offices.
“The need for public-private partnerships is at an all-time high,” said Mike Sullivan, assistant director of the FBI Office of Private Sector. “We need to work together to connect the dots.”
Though presenters did not focus exclusively on threats from China, their remarks emphasized threats posed by that nation and others who have said they are focusing on gaining American intellectual property in order to advance their economy.
“Today there is a huge emphasis on China, but tomorrow the threat could change to somewhere else in the world and we as a government and country need to be flexible to adapt to changing situations and changing threats,” said Supervisory Special Agent Don Lichay of the FBI’s Houston Field Office.
Lichay said the FBI is not discouraging the American medical sector from working with international professionals or foreign nationals, but he emphasized that universities, researchers and businesses must be aware of how their companies—and their companies’ innovation—can be exploited.
Biotechnology and biomedical research is especially vulnerable to foreign threats, in part, because it is based on and promotes a culture of collaboration in the pursuit of knowledge. According to Doug Korneski, the FBI’s acting assistant director of its Weapons of Mass Destruction Directorate, bad actors can exploit that openness.
And if a company does become a victim, FBI, DOJ, and NIH officials emphasized they’ll be committed partners, working with the private sector to understand and minimize the damage.
The Value of Data
Leaders emphasized foreign adversaries’ interest in obtaining large volumes of health data, which at this point, is more valuable to cybercriminals than an individual’s Social Security number or credit card information, according to Ed You, supervisory special agent in the FBI’s Weapons of Mass Destruction Directorate.
He cited recent, high-profile breaches of patient information at Anthem, UCLA Health and Premera Blue Cross in which tens of millions of records were exposed. These large data sets could be amalgamated and probed for genetic information on trends, identifiers and indicators of genes and disease, with an ultimate aim to dominate the pharmaceutical industry.
In particular, You said, China is taking major steps to dominate the global genetic testing industry. Chinese companies—some of which are even approved to accept payment from Medicare and Medicaid—offer fast, low-cost tests, which make them attractive to healthcare providers and researchers alike. According to You, health data is very potent and can be used to exploit an individual, discriminate against certain ethnic groups or otherwise provide a country with economic advantages.
The Economic Edge
Herbert Stapleton, section chief in the FBI’s Cyber Division, said the theft of data is now a multibillion dollar industry and a strategic means by which adversaries gain economic dominance. He also warned of ransomware attacks in which hackers disable critical systems and demand payment to restore them. Stapleton cited a Midwestern medical center that saw its electronic health records system shut down by hackers earlier this year as well as a health care billing company that recently had more than 200,000 patient records compromised.
“If you can’t access any of your patient records and you’re a hospital, what are you going to do?” Stapleton said. “That’s the lever they’re going to pull and, unfortunately right now, they’re doing it pretty effectively.”
Personnel and IP
Officials also discussed the use of “nontraditional” actors to gather valuable information from academia and the private sector. Gone are the days when information is collected primarily by spies and their assets. Now, experts said, hackers, business people, students, researchers and employees at partner companies may steal information and transmit it abroad—sometimes intentionally and sometimes unwittingly.
Jesse Levine, section chief in the FBI’s Counterintelligence Division, said that China hopes to establish worldwide monopolies in numerous fields such as aircraft engines, big data and deep space exploration—and it’s taking data from Western nations to accelerate that plan.
He offered tips so that American companies don’t unwittingly transfer data to China.
Americans should be wary of using cell phones if they visit foreign countries for work or vacation, since some countries’ cellular networks can suck up information without the user even realizing it, he said. He urged companies to be aware of suspicious spikes in the volume of data downloaded from their internal systems and he said employers should think twice if someone requests access to data who doesn’t really need it.
Through the Front Door
Officials also highlighted the case of a couple that, earlier this month, was charged with stealing trade secrets connected to research they were conducting while employed at Nationwide Children’s Hospital in Columbus, Ohio. They allegedly established a company in China without the hospital’s knowledge and allegedly formed an American biotech company that advertised products derived from trade secrets.
“They don’t have to break in through the back door; they can walk into the front door,” said David Burns, principal deputy assistant attorney general in the DOJ’s National Security Division.
“Our goal—our mission—is going to be prevention,” said the FBI’s Lichay. “We want to get ahead of this threat. We want to educate and be very transparent.”
One such example of that collaboration is the FBI’s partnership with Memorial Hermann Health System.
Deborah Gordon, chief administrative and legal officer of the Memorial Hermann Health System, said her organization gained a better understanding of risks by partnering with the FBI. She said Memorial Hermann has been able to make more educated choices in how to evaluate enterprise risk and protect its assets through training, drills, enhanced background checks and more.
“There is no way we can do our job without your help, assistance and cooperation,” said Ralph Tursi, section chief in the FBI’s Counterintelligence Division. “We continue to try to increase our transparency and really try to share as much information as we can to help you better protect yourselves—and ultimately better protect our country and our way of life.”