At least 500,00 UK Biobank volunteers’ data was offered for sale on three separate listings on Chinese e-commerce site Alibaba.
Picture:
Getty
Ministers are facing calls to ban sharing Brits’ medical data with China after a major breach saw 500,000 biological samples put up for sale on a Chinese-owned website.
At least half a million people have had their medical data put up for sale following a large-scale database breach.
Ministers admitted today that the health data of more than 500,00 UK Biobank volunteers was briefly put at risk following a data breach.
The data was found being offered for sale on three separate listings on the Chinese e-commerce site Alibaba, technology minister Ian Murray told MPs.
The data found for sale on the Chinese marketplace was “de-identified”, meaning it does not include details such as names, addresses or dates of birth.
Lord Bethell, a Conservative former health minister, told the Times that it was “totally nuts” for the UK to be “freely sending gigabytes and terabytes of data to China where there is ‘no accountability whatsoever'”.
“They are certainly not sending us their data,” he added.
“The Government needs to wake up. We need emergency powers for the security services and Information Commissioner’s Office to bring control of public data onto the statute book before the summer to step up to this expanding challenge to our national security.”
Dame Chi Onwurah, the Labour chair of the science, innovation and technology committee, said the breach proved there needs to be “much stronger safeguards for public data”.
“It is ridiculous to have such a low level of security,” she said.
“The committee has consistently received evidence that there aren’t strong enough safeguards for British people’s public data. This is another blow to public confidence.”
The Technology Secretary said there had been “an unacceptable abuse of the UK Biobank charity’s data and abuse of the trust that participants readily expect”.
He told the Commons: “We expect UK Biobank to remain one of the leading health research resources.
“This has been an unacceptable abuse of the UK Biobank charity’s data and abuse of the trust that participants readily expect when sharing the data for research purposes.
Read more: Top cybersecurity chief warns of AI dangers amid delayed rollout of Anthropic’s Mythos model
Picture:
Getty
“The Government takes this incident extremely seriously which is why we have acted rapidly to support the UK Biobank charity in their response and why I wanted to update the House at this earliest opportunity.”
In February, Health Secretary, Wes Streeting signed a landmark legal direction allowing volunteers’ GP data to be shared with UK Biobank.
Mr Murray said UK Biobank has since referred itself to the Information Commissioner’s Office.
“Once the Government was made aware of the situation, we took immediate action to protect participants’ data,” said.
Mr Murray added: “Firstly, we worked with Biobank, the Chinese government and the vendor, to ensure that those three listings – that UK Biobank informed us (of), including participant data – had been removed.”
He then thanked the Chinese government for its help removing these listings and said the charity has revoked access to three research institutions identified as the source of that information.
The minister added: “Thirdly, we have asked that the Biobank charity pause further access to its data until they put in place a technical solution to prevent data from its current platform from being downloaded in this way again. I can confirm to the House that this pause is now in place.
“The Government has spoken to the vendor today, and they did not believe that there were any purchases from the three listings before they were taken down,” he added.
UK Biobank is the world’s most comprehensive dataset of biological, health and lifestyle information and is used by researchers globally for a wide range of studies on what happens as people age.
The charity insists it removes personal identifying information such as names and addresses on all 500,000 volunteers before giving scientists access to the data.
Those joining UK Biobank were between 40 and 69 years of age when they joined the study between 2006-2010.
Professor Sir Rory Collins, chief executive and principal investigator of UK Biobank, said it took the protection of participant data “extremely seriously” and had tightened security.
He said in a statement: “We have temporarily suspended all access to the UK Biobank research platform, while we put in place a strict limit on the size of files that can be taken off the platform. This measure will allow researchers to export the results of their research, while severely limiting their ability to take any de-identified participant data off the platform.“
In addition, all files exported from the research platform will be monitored daily for any suspicious behaviour. These security measures will further minimise the potential for misuse of UK Biobank data. In addition, we will conduct a comprehensive and forensic board-led investigation of this incident.”