UK Biobank has reported a significant security lapse following the discovery of “de-identified” records from 500,000 participants listed for sale on a Chinese consumer website. Professor Sir Rory Collins, the organization’s chief executive, stated that the listings were identified and removed before any successful purchases occurred.
According to government officials, the breach appears to have originated from legitimate research organizations that abused their authorized access rather than an external cyberattack. While sensitive personal identifiers—such as names, addresses, and national health numbers—remain secure, specialized data intended strictly for vetted academic and commercial researchers was compromised. Access for the suspected groups has been immediately terminated.
This incident arrives at a critical juncture as the UK government prepares to launch new health data-sharing initiatives. In response, access to the Biobank platform has been temporarily suspended to implement technical safeguards designed to prevent unauthorized data downloads. Cybersecurity experts noted that while the information was anonymized, the breach remains a concern due to the potential for “re-identification” if the health data is cross-referenced with other digital footprints.
Source; https://pharmaphorum.com/news/uk-biobank-patient-data-stolen-and-placed-sale-china