Beijing could access the internet-connected devices remotely and ‘hold the country to ransom’, MPs warn
NHS vaccines are at risk from Chinese hackers who can break into internet-connected refrigerators, a cross-party group of MPs and experts has warned.
The Coalition on Secure Technology, the cross-party campaign raising awareness of technological threats from hostile states, has warned that the components that allow fridges to connect to the internet are often made in China.
Beijing could use the components, called cellular internet-of-things modules (CIMs), to access NHS refrigerators remotely, the MPs said, drawing on research from the US, Britain and elsewhere.
Medical refrigerators are used to store vaccines, blood samples and some medicines, all of which must be kept at a specific temperature.
A hacker could change the temperature, switch units off, disable alarms or falsify temperature logs, rendering the contents unusable and placing patients at risk.
NHS hospitals use internet-enabled refrigerators because they allow staff to check the temperature of multiple units using a computer, rather than by manually inspecting each device.
Graeme Downie, the Labour MP who chairs the cross-party group, said the health service’s “dependency” on Chinese-made components was a “clear and present danger” to the public.
“These components are now embedded in NHS equipment as basic yet essential as vaccine fridges and blood storage units,” he told The Telegraph.
“In a future geopolitical crisis, a hostile actor could remotely tamper with devices that patients’ lives depend on.”
Mr Downie said the UK had become “far too dependent on technology that can be switched off, manipulated or used to harvest data at a distance” and that the country could be “held to ransom at any time”.
“The Government must now act decisively,” he added. “That means a full audit of NHS equipment, strict security standards for all connected medical devices and urgent steps to reduce the UK’s reliance on high‑risk Chinese manufacturers.”
Ministers have been told to root out Chinese components in public sector devices that can connect to the internet, after research revealed they were vulnerable to interference from foreign states.
The Coalition on Secure Technology said that Chinese components within NHS refrigerators raised the risk of “espionage, data interception and even the potential for remote sabotage of NHS systems during periods of heightened geopolitical tensions”.
Medical equipment is especially vulnerable to hacking because there are strict rules about when it can receive software updates, which help to protect against cyber attacks.
The NHS is already under assault by state-sponsored hackers, and hospital trusts have previously been compromised by ransomware attacks designed to extract a bounty for the return of personal data.
Concerns have previously been raised about the use of Chinese components in Britain’s public institutions because national security laws in China can force manufacturers to co-operate with the government against a foreign state.
State-sponsored hackers
Spy chiefs in Britain and the US have previously warned that state-sponsored hackers routinely gain access to public sector networks by hacking into everyday devices such as Wi-Fi routers and printers.
The estimated annual cost of cyber attacks in Britain is almost £15bn, according to independent research commissioned by the Government.
Federal regulators in the US have banned dozens of Chinese companies from public sector supply chains over concerns about interference and espionage, but Britain has allowed many of those companies to continue supplying the state.
Chinese companies have attempted to dominate the global CIMs market and they now manufacture seven in 10 of the components sold worldwide.
Mr Downie has previously warned that smart meters, mobile payment terminals, electric cars and civilian drones were all vulnerable to Chinese interference because of the country’s dominance of the CIMs market.
Ministers have said they would “monitor potential security threats” from the “internet of things”, and pointed to guidance from the National Protective Security Authority and the National Cyber Security Centre. (The Daily Telegraph)