Gransnet forums

News & politics

The details of 500,000 volunteers of UK health information database Biobank have been hacked and put up for sale on a Chinese website. 😼

(33 Posts)
FriedGreenTomatoes2 Thu 23-Apr-26 12:46:20

I’ve been a volunteer for 4 years.
I find this concerning, in the news just now.

Anyone else?

FriedGreenTomatoes2 Thu 23-Apr-26 12:49:08

“The data were found being offered for sale on three separate listings on the Chinese e-commerce site Alibaba.

Its understood the Biobank, which is independently run from government, had “extremely lax” security arrangements.“

Luckygirl3 Thu 23-Apr-26 12:55:35

What is it?

Maremia Thu 23-Apr-26 12:56:46

So disappointing. It was a valuable resource and has been used in many legitimate medical research projects.

Grammaretto Thu 23-Apr-26 13:19:42

I'm one of them. I've been a guinea pig since the start. About 2O years.
I've had every kind of scan and test and answered trillions of questions.
It says no names and addresses have been disclosed.
Do I believe that? I want to.

twaddle Thu 23-Apr-26 13:30:07

FriedGreenTomatoes2

“The data were found being offered for sale on three separate listings on the Chinese e-commerce site Alibaba.

Its understood the Biobank, which is independently run from government, had “extremely lax” security arrangements.“

Where does it claim that Biobank has extremely lax security arrangements?

twaddle Thu 23-Apr-26 13:34:39

Grammaretto

I'm one of them. I've been a guinea pig since the start. About 2O years.
I've had every kind of scan and test and answered trillions of questions.
It says no names and addresses have been disclosed.
Do I believe that? I want to.

You should believe it. Data is de-identified ie all personal details are removed. The only way you could possibly be identified is if you have a very rare condition and are the only person who fits a number of descriptors.

It's inaccurate to say the date was "hacked". It wasn't. It was sold by one (or more) of the institutions which bought it for legitimate research purposes. It won't be data about the whole person, but about a group of people with a specific condition eg diabetes or high blood pressure. When research institutions buy the date, they only buy a limited number of datasets.

twaddle Thu 23-Apr-26 13:38:13

Luckygirl3

What is it?

It's a huge collection of medical data, which is sold to legitimate research companies. The data is "crunched" in databases. When you read information such as x% of people with diabetes have gum disease (or whatever), the chances are that the data has come from Biobank.

AmberGran Thu 23-Apr-26 14:01:40

The data is supposed to be stored without identifiers, so it should not expose any personal data. The Chinese may well have bought it to include in their health data banks. They do all the same health studies that are done in the Wet, after all.

Anyone who has shopped online probably had their personal data (names, addresses, phone numbers, email addresses, card details, etc) sold on (or harvested) years ago.

Georgesgran Thu 23-Apr-26 15:17:42

Best look it up Luckygirl13 to understand it more. It’s a long explanation, but interesting.

twaddle Thu 23-Apr-26 15:25:50

AmberGran, The data is stored without identifiers. Yes, the source is an institution which has purchased the data legitimately. The Chinese actually do a lot of medical research, from which other countries benefit enormously. They also have their own databanks which are available to researchers in the west. Given that China has such a huge population, their data is particularly valuable.

No hacking has taken place and I'm still waiting to know how Biobank's security arrangements were "lax". It seems the source of this is Tice stirring the pot (what a surprise!)

M0nica Thu 23-Apr-26 15:36:24

The information did not include names, addresses or contact details.

That is the main thing that most people need to realise.

We have both been members since the scheme was set up c 2005-10 At an institutional level, I am angered because they always told us the system was so secure.

Otherwise lets hope the data becomes accessible to someone who can add to all the useful research that accredited scientists have already done. www.ukbiobank.ac.uk/research-stories/

Maremia Thu 23-Apr-26 16:14:07

So, has it been hacked, or was it a legitimate purchase?

twaddle Thu 23-Apr-26 19:45:25

Maremia

So, has it been hacked, or was it a legitimate purchase?

No, Biobank itself wasn't hacked. It appears that one of the organisations which bought data was either hacked or illegally tried to sell the data.

twaddle Thu 23-Apr-26 19:53:35

MOnica, I have a very close relative who is a senior manager at Biobank. I knew about this yesterday because I was on the phone to his wife, who explained that her husband (along with a team of people) is trying to discover where the leak was. As I'm sure you realise, the data is worth a lot of money. The company is non-profit making, but needs income to do its research. You shouldn't be angry with Biobank. Unfortunately, they can't control what people do with their data once it's been sold. They do actually vet the people who are allowed access. You can be sure that your personal details won't have been leaked. Tice is trying to spin this as a company which receives public money and has acted irresponsibly, which isn't true.

twaddle Thu 23-Apr-26 19:58:45

I've just been looking at X about this. As expected, there's a load of hysterical claptrap about the Chinese enemy hacking into Biobank's computers and stealing personal ID. I give up!

ExaltedWombat Sat 25-Apr-26 15:12:53

The real scandal is that this information should ever have been commercialised. Medical statistics are a vital tool in healthcare research. They should be freely available to anyone with a legitimate interest.

They are statistics, not personal records. But, in a way, so what? If statistics revealed that my personal history of physical type, drugs taken etc. indicated a danger, wouldn't I want to be told?

twaddle Sat 25-Apr-26 16:20:39

How do you think Biobank would have been funded, if they didn't sell their data? Biobank does receive some money from the UK government, but foreign universities and research organisations also use the data. Who would pay for that?

If you want to be told that your genetic profile puts you at risk of some condition, you can have the test done privately and pay for it.

Applegran Sat 25-Apr-26 20:17:03

I have been in it from the start and am glad to have been a very small part of an excellent thing which is helping research. I am not worried and do not believe my name and address is likely to have been shared.

M0nica Sat 25-Apr-26 20:30:29

Applegran

I have been in it from the start and am glad to have been a very small part of an excellent thing which is helping research. I am not worried and do not believe my name and address is likely to have been shared.

Exactly my take on the subject.

win Sat 25-Apr-26 20:48:33

Luckygirl3

What is it?

Biobanking is the process of collecting, processing, storing, and managing human biological samples—such as blood, tissue, saliva, and DNA—along with associated health data for research. These samples are stored in specialized repositories to enable scientists to understand diseases, develop treatments, and advance precision medicine.
The University of Oxford

dataandbiscuits Sat 25-Apr-26 22:26:35

I saw this thread and as I work in health data science thought I could clarify a few things that have been mentioned.

The UK Biobank data is pseudonymised (or ‘deidentified’ as UKB have called it). This means that details that could directly identify a person such as name, address, phone number have been removed and each individual instead has an ID. The UK Biobank gives a different set of IDs to each project that applies to use its data. This means that you can’t use an ID found in the dataset for one project to find the same person in the dataset used by another project.

However, if you have pseudonymised data, an individual can still be identified if you know other information about them. For example if you know that someone is a UK Biobank participant and you know their occupation – that could narrow down the 500,000 people in the cohort to fewer than 100 people in some cases. Add to that other information you may easily know about someone – what area they live in (so where their nearest assessment centre likely was), sex, ethnicity, height etc. and you can see how it may be possible to identify an individual in the dataset without knowing any confidential information. Fortunately, there is no evidence that any of the participants in UK Biobank have been identified in this way.

How was the information available to share? Although researchers sign a contract with UK Biobank stating that they won’t share the data, up until this week, there was nothing from physically stopping researchers from downloading individual-level data. This has resulted in participant data being made publicly available hundreds of times; some datasets have been available for a number of years, and some datasets are still available. Whilst many of these datasets contain limited information some have contained coded health records for hundreds of thousands of participants. Because participants have a different ID in each project all of this available data can’t just be joined up into a single dataset, but some of it could be linked together by using unique combinations of values across a number of fields.

The UK Biobank only grant access to bona fide researchers working on health-related projects in the public interest. However, there is evidence indicating that work has been published using UK Biobank data by unapproved researchers, and on unapproved projects.

jocork Sat 25-Apr-26 23:27:17

I joined Biobank research about 20 years ago. Over the years I've had additional tests and I'm not worried as I understand the data is all deidentified.

nanna8 Sun 26-Apr-26 00:18:02

They hacked into our health records ,too, some time back. Makes you wonder what,exactly, they do with the information.

WithNobsOnIt Sun 26-Apr-26 01:25:45

Doesn't suprise.at all.China is the worst country in the would for copying, not paying for nd using illegal software.

This is a the best logical step for them to take to get free data.. I bet this is just the tip of the iceberg