China medtech meddevice digital healthA federal grand jury in Spokane, Wash. has indicted two Chinese nationals on charges that they hacked into medtech companies and hundreds of other businesses, governments and organizations — in some cases on behalf of the Chinese Ministry of State Security.

The 11-count indictment, which the U.S. Department of Justice announced today, alleges that Li Xiaoyu and Dong Jiazhi for the past 10 years targeted companies in countries with high technology industries, including the United States. They stole terabytes of data.

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on-call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Assistant Attorney General for National Security John C. Demers said in a news release.

“Today’s indictment demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear,” said FBI Deputy Director David Bowdich.

When contacted by MassDevice, China’s U.S. embassy responded with a recent statement by government spokesperson Hua Chunying, who described the East Asian giant as a staunch defender of cybersecurity and criticized groundless speculations and a Cold War-type of mindset.

“Some US politicians seem to be alleging that China is waging cyber attacks to steal US research on COVID-19 vaccines. It’s just absurd. We are already leading the world in vaccine R&D with top researchers. We don’t need to secure an edge by theft,” Hua said.

The indictment, filed July 7, lists a number of undisclosed pharmaceutical and medtech companies among the alleged victims:

  • A Massachusetts medical device engineering company apparently experienced hacking of source code for its medical devices, and algorithms essential to operate the devices;
  • A U.S. subsidiary of a Japanese medical device and supply company allegedly had the hackers take designs, testing data, and manufacturing plans for internal medical devices;
  • A Massachusetts pharmaceutical company apparently had the hackers steal data about the chemical structure of anti-infective agents, the chemical engineering processes needed to create the agents, and research test results;
  • A California pharmaceutical company allegedly experienced hacking of data on chemical structure and design of a treatment for a common chronic disease;
  • A U.K. artificial intelligence and cancer research firm seems to have had its network compromised.