China has a very unhealthy interest in our medical data

Jan 13, 2019 

Chinese companies are required by law to obey directives from Beijing's intelligence agencies. So why would our regulators permit a giant Australian healthcare provider that is privy to highly sensitive records on hundreds of thousands of Australians to be acquired by a Chinese company?

The Jangho Group, a Shanghai-based building supplies company, wants to take over Healius, an Australian company that operates 2400 pathology centres and 70 medical centres, and partners with about 1500 GPs and other health specialists.

Security agencies around the world have noticed an alarming spike of cyberattacks aimed at health records, with state-based actors in China the leading suspects. Last July, it was reported that 1.5 million medical records were stolen in Singapore in a cyberattack experts believe came from state-based hackers in China.

Chinese state hackers are peering into the world's medical records.  Louie Douvis

Prime Minister Lee Hsien Loong's medications were specially targeted by the hackers, leading him to write: "Perhaps they were hunting for … something to embarrass me."

The Singapore data theft followed a massive hack in 2014 that sucked up the personnel records of millions of Americans, and the theft of 4.5 million health records from a Tennessee-based hospital chain in the same year. Experts attributed them to state-backed hackers in China. In the same year, the medical records of an unspecified number of Australian soldiers, including special forces operating overseas, were sent to China by a health contractor that also has facilities in Guangdong.

The specific risk of giving Chinese companies direct access to Australian medical records is that China's intelligence services could access those records for information on current or future political, military and public service leaders in order to blackmail them.

Some may have psychiatric conditions or be on mental health plans. They may have sexually transmitted diseases. Data on medications would be enough. Publication of such sensitive information could wreck careers and make those who have been compromised open to coercion.

Corporate-state relations

Beijing's security services would not need to hack into My Health Record, the new government online medical database, to obtain the information. An easier route would be to suborn an employee of a Chinese-owned healthcare provider in Australia to copy a database and hand it over, or to plug in a USB that installs malware. We already know that Beijing uses Chinese companies to collect useful information in the west.

The Jangho Group aims to diversify out of building materials into Australian healthcare. In July 2015, it purchased Vision Eye Institute, owner of the largest chain of eye hospitals in Australia. It then became the largest shareholder in Primary Health Care, now called Healius, one of the four major blue-chip healthcare companies in Australia. Now it wants to take it over.

The Healius takeover bid follows a boom in Chinese investment in Australian healthcare, a trend that seems to have attracted no official interest despite the security risks. Mergers and acquisitions totalling $5.5 billion took place over the three years 2015-17, as much as in the vastly larger US market. In addition to health supplement suppliers (such as Swisse Wellness), this investment has been concentrated in specialist services like oncology, radiology and IVF.

China's Luye Medical bought hospital operator Healthe Care and now owns 34 hospitals across Australia, making it the third largest operator in the country. It's also one of Australia's largest providers of psychiatric services. Australia's largest cancer and cardiac care specialist group, GenesisCare, is now owned by China Resources, a giant state-owned corporation with close ties to the Chinese Communist Party.

Some Chinese investors have said they are particularly interested in the big data processing and artificial intelligence capabilities of Australian companies, including use of Australian patient data to develop systems for Chinese hospitals.

Chinese companies like Jangho may have entirely legitimate intentions when they buy up assets in Australia. But under Chinese law, Chinese citizens and companies are obliged to participate in "intelligence work" if asked to do so, even when abroad.

In addition, every major Chinese company has a Communist Party cell operating in it. The Party secretary often doubles as chair of the board. This is the reality of the "corporate-state conglomerate" in China under President Xi Jinping.

Chinese investment in Australia's healthcare sector has economic benefits – bringing new funds, stimulating the export of expertise and helping expansion into the booming Chinese market. But these must be balanced against the risks to national security.

In assessing foreign investment proposals, the Foreign Investment Review Board is required to take account of any risk to Australia's strategic and security interests. The security of sensitive personal information about the nation's current and future decision-makers ought to weigh heavily in these assessments.

Clive Hamilton is professor of public ethics at Charles Sturt University in Canberra, and author of Silent Invasion: China's influence in Australia.