Health Records of 500,000 UK Biobank Volunteers Listed for Sale Online in China
- Health data from 500,000 UK Biobank participants was found listed for sale online in China, raising concerns over research access misuse and data security.
- The information was discovered on the Alibaba e-commerce platform, according to UK government officials.
- UK Biobank stated that the data had been legitimately downloaded by three research institutions in China before access was revoked.
Health data from 500,000 UK Biobank participants was found listed for sale online in China, raising concerns over research access misuse and data security.
The information was discovered on the Alibaba e-commerce platform, according to UK government officials. Technology minister Ian Murray confirmed that the data, which includes gender, age, month and year of birth, socioeconomic status, lifestyle habits and biological sample measures, was offered for sale following a breach reported on Monday.
UK Biobank stated that the data had been legitimately downloaded by three research institutions in China before access was revoked. Murray described the incident as an “unacceptable abuse” of the charity’s data and a violation of the trust placed in the organization by volunteers who consented to share their health information for research purposes.
The leaked data does not include names, addresses, contact details, or telephone numbers, officials said. However, Murray noted that the combination of demographic and lifestyle details could potentially allow identification of individuals, despite the data being de-identified.
UK Biobank, which has collected detailed health information from volunteers aged 40 to 69 recruited between 2006 and 2010, said We see investigating the incident. The project has gathered biological samples, body scans, and medical records from over 500,000 participants and contributed to more than 18,000 scientific publications on conditions including dementia, cancer, and Parkinson’s disease.
In a message to participants, UK Biobank’s chief executive, Professor Sir Rory Collins, emphasized that all data in the database are de-identified and do not contain personally identifying information such as NHS numbers. He confirmed that the data involved in the breach had been accessed by researchers at three institutions in China, whose access has since been revoked.
The UK government is working with UK Biobank, Alibaba, and Chinese authorities to determine how the breach occurred and to prevent future incidents. Alibaba confirmed that the listings were removed from its platform following notification by authorities.
