Healthcare Cyber Espionage: A Hidden Threat to Global Stability and Innovation

It's often said that there are two types of healthcare organizations: those that know they have been hacked and those that are still ignorant. In other words, everyone—payers, providers, and life sciences—has been hacked at least once.

But while cyberattacks against the availability of IT systems and data, principally Denial of Service (DOS) and Ransomware, seem to make the headlines almost every week, there are other, stealthier attacks almost constantly taking place in the background focused on the exfiltration of non-public data.

Sometimes, this exfiltrated data is used for extortion in secondary and tertiary ransomware demands, with the threat to release confidential non-public data unless a ransom is paid to the criminal perpetrators. Other times, it is for the sale and monetization of data—patient identities, prescriptions that can be filled and sold on the street, other PHI or PII data, or even employee banking information.

Sometimes, perpetrators deliberately search for high-value intellectual property data. This last category is usually referred to as “cyber espionage.” However, cyber espionage only occasionally makes the front-page news, and usually only when some government official makes a stink about the sheer level of cyber espionage and intellectual property theft taking place.

The Advent of Cyber Espionage

“Espionage,” according to the Oxford Dictionary, is the practice of spying or of using spies, typically by governments, to obtain political and military information.

“Cyber espionage” is chiefly focused on obtaining political and military information, not through spies like 007 James Bond, but through cyberattacks and infiltration of non-public information systems.

The advent of the Internet and the connectivity of government and health systems to the Internet have made cyber espionage that much easier. You no longer need someone on-site or in-country—an insider threat, spy, or double agent to obtain valuable information.

Today, all governments spy on each other, even friends and allies. The US NSA was accused of hacking and listening to the French President’s cell phone some years ago, according to Wikileaks, and at that time, France and the US were friends and allies.

The US spies on Iran to learn the level of uranium enrichment achieved. It also spies on China, North Korea, and Russia to obtain information about each country's military capabilities and other valuable data.

The Art of Cyber Espionage and IP Theft

Countries also occasionally spy on other forms of data. Enter the People’s Republic of China, and the huge revelation exposed by the Mandiant APT1 Report in 2013. If you have not read a summary of this report, you should. It changed the game and our understanding of cyber espionage against commercial businesses.

APT1 is otherwise known as PLA Unit 61398 (61398部队), a military unit of the Chinese Communist Party, People's Liberation Army. These aren’t criminal hackers. They are employees of the Chinese Communist state. They are paid to hack, and not just government or military secrets—in this case, intellectual property and commercial trade secrets from businesses in other countries.

China is famous for its Great Leap Forward, Mao’s attempt between 1959 and 1961 to take China from a feudal agrarian society to an industrial powerhouse. It failed and resulted in the death of forty-five million people who mostly starved to death under Mao’s ill-conceived and poorly run collective agriculture and industry policy. (This is more than double the total number of soldiers to die during WWII across all theaters to provide some perspective on just how big a human calamity this was.)

After decades of isolation from the rest of the world, since the 1990s, China has again been attempting another Great Leap Forward through rapid modernization and industrialization, becoming the world's factory for consumer goods. This time around, however, China has succeeded and has taken millions of its people out of abject poverty through industrialization, urbanization, and education.

Ownership of the Means of Production

The state owns almost entirely the “means of production” in China. CCP state-owned industries dominate and even hold a majority share in joint ventures with global firms, which are only allowed to own a 49% stake.

The ruling CCP also develops five-year plans. These ambitious documents usually describe how China will become the global leader in electric vehicles, the largest manufacturer of pharmaceutical drugs, the global leader in aeronautical engineering, etc.

But to reach these lofty goals, and to make up for the lost years of communist isolationism and stagnation under Mao and the resulting lack of history, knowledge, and experience, China has had to obtain technologies, manufacturing standards, and other proprietary commercial trade secrets from world leaders outside of the PRC—usually by whatever means at its disposal. Mostly this means through cyber espionage, supplemented by process and procedure skills brought back from Chinese working overseas.

According to a 2022 report by Cybereason, one China state actor, APT41, has siphoned trillions of US dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy, and pharmaceutical sectors. The Cybereason investigation, “Operation CuckooBees,” was shared with the FBI and discovered APT41 “stealing IP of drugs around diabetes, obesity, and depression.” The report states that cybercriminals were focused on obtaining blueprints for cutting-edge technologies, most of which were not yet patented.

Chinese IP theft has included the theft of pharmaceutical drug formulations, clinical trial methodologies and practices, manufacturing IP, and much more. It has short-cut 50-plus years of IP development by global pharmaceutical companies, including experimental drugs developed over a decade or more and at the cost of hundreds of millions of dollars, pounds, or euros in R&D. China has even patented some of these stolen experimental drugs and attempted to sell them back to the global markets that invented them and financed their research.

Levels of Cyber Espionage and IP Theft

Between 2018 and 2019, Bayer and Roche were targeted by nation-state APT industrial espionage, where cyber threat actors attempted to steal valuable intellectual property. Both companies claimed to have contained the breaches without significant data or intellectual property loss, but other biotech and pharmaceutical organizations have fared less well.

During COVID-19, China—and, to a lesser extent, Russia, Iran, and the DPRK—were caught attacking US, UK, German, and other hospitals and bio labs in an attempt to steal cutting-edge research into vaccine development and treatment regimens. This resulted in the US Cybersecurity and Infrastructure Security Agency (CISA) issuing warnings about cyberattacks by China and others.

Intellectual property theft through cyber espionage is strategic, state-directed, and financed by the People's Republic of China and critical to national development. Commercial trade secrets stolen by the Chinese army are passed directly to army-run state-owned industries. These industries then leverage stolen research or copy IP for incorporation in new pharmaceutical drugs and other products, which can then be sold on domestic or overseas markets.

According to the US Select Committee on the Chinese Communist Party, Chinese intellectual property theft in 2023 cost US taxpayers an estimated $600 billion per year. This is why cyber espionage is considered so important today for China, which is acquiring it, and the rest of the world, which is losing it through cyber theft.

China is also not just engaged in IP theft. Many of its cyber espionage attacks have focused on obtaining leverage during nation-state negotiations. The cyberattack against Singapore Health (SingHealth) in 2018 resulted in the theft of medical records and prescription records for the Prime Minister and his entire cabinet. Again, this was a CCP China APT attack focused not on selling the exfiltrated data, but on using it as leverage in Sino-Singapore trade negotiations.

The Global Impact of Cyber Espionage

Cyber espionage is one of the most significant and underreported threats to global security, economic stability, and technological innovation. As the digital frontier expands, so does the ease with which nation-states, particularly China, can infiltrate systems, steal intellectual property, and exploit sensitive data for strategic gain. Unlike conventional cyberattacks aimed at disruption or ransom, cyber espionage is systematic, state-sponsored, and deeply embedded in long-term national development strategies. With hundreds of billions lost annually to IP theft and growing evidence of espionage-driven leverage in geopolitical negotiations, the global community must recognize cyber espionage not just as a cybersecurity issue, but as a critical challenge to sovereignty, economic fairness, and the future of innovation.