Chinese firm got Covid contract despite trying to hack NHS data, minister says
China’s leading genomics research company was given a Covid testing contract in the UK despite ministers knowing it had repeatedly sought to hack into the NHS’s genetic datacentre, a government minister has said.
The BGI Group was making multiple attempts every week to “hack” into Genomics England in 2014, George Freeman, a Cabinet Office minister, revealed to MPs, and is said to remain a “danger”.
Despite the “aggressive” approach of the Chinese company towards the intellectual property of others, its subsidiary, BGI Genomics, was handed an £11m Covid testing contract in 2021.
The Chinese company has also worked alongside and shared data with UK universities and the Wellcome Trust charitable foundation.
The revelation came during a Commons debate in Westminster Hall, where Freeman, who was previously a minister for life sciences, was seeking to reassure concerned MPs that the government was aware of the risks posed by BGI.
He told MPs: “BGI is clearly one of those danger points in the ecosystem. When I was wheeled out in 2014 to give a speech on the occasion of the visit of President Xi to the Guildhall as President Xi and then PM Cameron were wheeled in, I was speaking to about a thousand Chinese delegates about Genomics England.
“I was preparing to pay tribute to the work of BGI when my officials pointed out that each week at that point Genomics England was receiving several hack attacks from BGI, and that was a wake-up call for all of us. We are very well aware that we have to manage these risks properly.”
Freeman added: “On that point I have literally just commissioned and received from UK Research and Innovation a detailed assessment of all of the China research and innovation links across our system.
“We did the same last year on Russia and I’ve passed that through to the security minister, and he and I and our officials are shortly to go through it in detail, in particular looking at some of those actors like BGI, who we know are quite aggressive in terms of international acquisition of intellectual property.”
Several hours after the minister’s comments, government sources sought to backtrack on the claims, without further explanation. “There is no evidence of attempted hacking of Genomics England in 2014 from BGI”, the source said. “However, like most organisations they do receive regular attempts to access their systems, for which there are appropriate defences in place. No successful breaches have occurred.”
Responding to the minister’s comments, Alistair Carmichael, the former Liberal Democrat cabinet minister who chairs the all-party parliamentary group on Uyghurs, the persecuted Muslim minority group in China, told the Guardian that he could not understand why a sensitive health contract could have been given to BGI.
He said: “The suggestion by the minister that BGI has attempted to hack Genomics England is deeply concerning. If correct, we have to ask why the government would provide public sector contracts to a company that it knows is trying to steal sensitive information.
“This has exposed alarming vulnerabilities and shows exactly why we need an urgent review into the research partnerships BGI holds with UK universities. It also raises serious questions on why the government has not already warned universities about the risks BGI poses.”
In a statement, the BGI Group said of Freeman’s remarks: “We are incredulous at this statement. BGI Group has never been, and will never be, involved in ‘hack attacks’ against anyone.”
The comments came as Rishi Sunak was facing cross-party pressure to follow the US and bar BGI Group from government contracts after the firm recommitted to continue its work in the UK.
MPs on the defence, foreign and health select committees along with Carmichael are calling for tougher controls in a procurement bill going through parliament over fears that the company and others pose a security risk to genetic data in the UK.
Last week, Washington added the BGI subsidiaries BGI Research and BGI Tech Solutions (HongKong) Co Ltd, to a trade blacklist due to concerns that Americans’ DNA was vulnerable to being stored and misused.
A BGI spokesperson said it intended to build on its work on Covid in the UK.
“In recognising the UK’s global leadership in genomics and life sciences, BGI Group took the strategic decision to invest in the UK before the pandemic,” the spokesperson said.
“During Covid-19 we helped the UK government to fight against the pandemic by providing PCR testing kits to the Department of Health and other parties. BGI will continue to support the UK in improving the health of people.”
The BGI spokesperson added that they believed the US decision last week may have been “impacted by misinformation”, adding that its UK operations met all local regulations and laws.
He said: “Our lab in the UK has its own local servers, and data processed in the UK remain in the UK and the EU. BGI Group’s labs meet stringent standards in information security.
“BGI Group does not condone and would never be involved in any human rights abuses. BGI Group is not ‘statelinked’. None of BGI Group is stateowned or state-controlled, and all of BGI Group’s services and research are provided for civilian and scientific purposes.”
In a letter to the prime minister, the Labour MPs Taiwo Owatemi, Siobhain McDonagh and John Spellar and Carmichael have nevertheless warned of the “huge ethical, privacy, commercial and security risks” involved in continuing to allow Chinese state-linked companies access to sensitive government contracts.
They are seeking clauses that would “remove state-linked Chinese genomics firms, such as BGI, from the government’s procurement supply chain”.
The government has already tightened the bill, which will introduce rules for firms competing for government contracts worth £300bn a year, to give ministers discretion to exclude companies from contracts where a national security risk can be demonstrated.
But there is growing clamour for the prime minister to go further and designate certain sectors as being highly sensitive and therefore mandatorily barred to foreign state-controlled or statelinked companies.
The MPs are also seeking a review of whether BGI’s investments with UK financial institutions, its private sector contracts and relationships with UK universities could pose a risk.
As evidence of the need to end these relationships, the MPs cited in their letter a Reuters report that claimed a prenatal test taken by millions of women globally, said to have been developed by BGI Group in collaboration with the Chinese military, had been used to collect genetic data.
The BGI Group spokesperson said: “BGI’s prenatal test was solely developed by BGI, not in collaboration with the military.
“BGI’s test data are stored in BGI’s labs, separate from China National GeneBank. The CNGB is owned by the government and operated by BGI-Research under the guidance and supervision of a board of trustees, in a model that is similar to the way that most of the US National Laboratories operate.”
A government spokesperson said: “The procurement bill will strengthen our protection against national security threats, including allowing central government to reject suppliers which pose a threat to national security.”