Chinese firm awarded contract after attempting to hack NHS data, minister claims

A Chinese biotech company awarded a Government Covid contract was responsible for “several hack attacks” on the NHS genetic datacentre, a minister has said.

Science minister George Freeman revealed that Genomics England was “suffering” multiple hack attempts from BGI Group each week during 2014.

BGI Genomics, a subsidiary of the group and China’s leading genomics research company, won an £11 million Covid testing contract in 2021.

MPs and peers have previously written to the Government urging it to cease all work with the company over security concerns.

Lib Dem home affairs spokesman Alistair Carmichael raised BGI as he urged ministers to “scrutinise the work of Chinese genomics firms that are involved in the UK’s health and research sector in the same way that we currently scrutinise firms in areas such as defence technology, telecoms and CCTV surveillance”.

Science minister Mr Freeman responded: “We are now in a global race not just with our benign competitors but with hostile actors who wish to use science and technology to hold us back and undermine us, or to steal our science and technology for their own use.

“BGI is clearly one of those danger points in the ecosystem.

“I share with the House the fact that, in 2014, I was wheeled out to give a speech on the occasion of the visit of President Xi to the Guildhall. When President Xi and then prime minister Cameron were wheeled in, I was speaking to around 1,000 Chinese delegates about Genomics England.

“I had been prepared to pay tribute to the work of BGI when my officials pointed out that at that point Genomics England was suffering several hack attacks from BGI each week. That was a wake-up call for all of us.”

Mr Freeman added: “We are well aware that we have to manage such risks properly. On that point, I commissioned and have literally just received from UK Research and Innovation a detailed assessment of all the China research and innovation links across our system—we did the same last year for Russia.

“I have passed that through to the Minister for Security (Tom Tugendhat). He and I, and our officials, will go through it shortly in detail, looking in particular at some of the actors such as BGI that we know to be aggressive in their international acquisition of intellectual property.”

Mr Carmichael, who co-chairs the all-party parliamentary group on Uighurs, had earlier said: “We need to start to scrutinise the work of Chinese genomics firms that are involved in the UK’s health and research sector in the same way that we currently scrutinise firms in areas such as defence technology, telecoms and CCTV surveillance.

Lib Dem MP Alistair Carmichael
Lib Dem MP Alistair Carmichael raised concerns about BGI Group’s links to the Chinese state (UK Parliament/ Parliament TV)

“There must be no trade-off between research success and the promotion of our democratic values and adherence to standards of human rights. Just as the UK Government eventually opted not to allow Huawei access to our 5G critical infrastructure, they must now consider the threats to our national security of allowing BGI and other companies linked to competitor or hostile Governments to access our genomic data.”

He added: “BGI is one of a large number of Chinese state-linked companies that have been implicated in the repression of Uighurs and the forced collection of genetic data. It has a lengthy history of collaboration with the People’s Liberation Army, and is just one example of a company that should not be operating without constraint within our institutions.”

Calls for ministers to consider the UK’s relationship with BGI come after the USA blacklisted several subsidiaries of the company over security concerns about access to genetic data earlier this month.

Responding to Mr Freeman’s claims, a spokesman for the BGI Group said: “We are incredulous at this statement. BGI Group has never been, and will never be, involved in ‘hack attacks’ against anyone.”

The spokesman stressed that the company was not “state-owned or state-controlled”, adding: “Our lab in the UK has its own local servers, and data processed in the UK remain in the UK and the EU. BGI Group’s labs meet stringent standards in information security.

“Our data standards globally include the UK’s BS10012 standard, compliance with the EU’s General Data Protection Regulation, and the ISO27001 standard on information security.

“In recognising the UK’s global leadership in genomics and life sciences, BGI Group took the strategic decision to invest in the UK before the pandemic. During Covid-19 we provided PCR testing kits to the UK. BGI will continue to support the UK in improving the health of people.”