Gransnet forums

News & politics

The details of 500,000 volunteers of UK health information database Biobank have been hacked and put up for sale on a Chinese website. 😮

(34 Posts)
FriedGreenTomatoes2 Thu 23-Apr-26 12:46:20

I’ve been a volunteer for 4 years.
I find this concerning, in the news just now.

Anyone else?

Maremia Mon 27-Apr-26 09:35:24

Good to hear that. Thanks GNs.

twaddle Mon 27-Apr-26 08:01:45

M0nica

Sorry I repeated the information you had just given Twaddle

No need to apologise.

M0nica Mon 27-Apr-26 07:58:19

Sorry I repeated the information you had just given Twaddle

NotSpaghetti Mon 27-Apr-26 01:05:54

Not only was it not hacked but the data was not sold.

twaddle Sun 26-Apr-26 21:29:13

Thank you for that, MOnica. That's what I tried to explain and exactly what's happened. The important thing is that Biobank has not been hacked, despite the melodramatic headlines.

M0nica Sun 26-Apr-26 21:20:43

I read in the papers today that UK Biobank was not hacked. What happened is that individual researchers at three research institutes in China, illegally tried to sell off data they legally received from BioBank, for specific research purposes.

The BioBank contract explicitly bans this - and these institutes will certainly receive no more material from BioBank

Thhe full story can be read on page 10 of today's copy of the Observer.

The main thing is the BioBank was not hacked. It was employees of approved. checked and contracted research institutes, breaking the terms of the contract and trying to mntise the dats. The British and Chinese government uickly worked together to make sure that the listings of the data were taken down and unavailable.

Maremia Sun 26-Apr-26 08:09:10

Thanks twadle for the update.

NotSpaghetti Sun 26-Apr-26 01:43:49

I read that it was offered for sale but was not sold.

WithNobsOnIt Sun 26-Apr-26 01:25:45

Doesn't suprise.at all.China is the worst country in the would for copying, not paying for nd using illegal software.

This is a the best logical step for them to take to get free data.. I bet this is just the tip of the iceberg

nanna8 Sun 26-Apr-26 00:18:02

They hacked into our health records ,too, some time back. Makes you wonder what,exactly, they do with the information.

jocork Sat 25-Apr-26 23:27:17

I joined Biobank research about 20 years ago. Over the years I've had additional tests and I'm not worried as I understand the data is all deidentified.

dataandbiscuits Sat 25-Apr-26 22:26:35

I saw this thread and as I work in health data science thought I could clarify a few things that have been mentioned.

The UK Biobank data is pseudonymised (or ‘deidentified’ as UKB have called it). This means that details that could directly identify a person such as name, address, phone number have been removed and each individual instead has an ID. The UK Biobank gives a different set of IDs to each project that applies to use its data. This means that you can’t use an ID found in the dataset for one project to find the same person in the dataset used by another project.

However, if you have pseudonymised data, an individual can still be identified if you know other information about them. For example if you know that someone is a UK Biobank participant and you know their occupation – that could narrow down the 500,000 people in the cohort to fewer than 100 people in some cases. Add to that other information you may easily know about someone – what area they live in (so where their nearest assessment centre likely was), sex, ethnicity, height etc. and you can see how it may be possible to identify an individual in the dataset without knowing any confidential information. Fortunately, there is no evidence that any of the participants in UK Biobank have been identified in this way.

How was the information available to share? Although researchers sign a contract with UK Biobank stating that they won’t share the data, up until this week, there was nothing from physically stopping researchers from downloading individual-level data. This has resulted in participant data being made publicly available hundreds of times; some datasets have been available for a number of years, and some datasets are still available. Whilst many of these datasets contain limited information some have contained coded health records for hundreds of thousands of participants. Because participants have a different ID in each project all of this available data can’t just be joined up into a single dataset, but some of it could be linked together by using unique combinations of values across a number of fields.

The UK Biobank only grant access to bona fide researchers working on health-related projects in the public interest. However, there is evidence indicating that work has been published using UK Biobank data by unapproved researchers, and on unapproved projects.

win Sat 25-Apr-26 20:48:33

Luckygirl3

What is it?

Biobanking is the process of collecting, processing, storing, and managing human biological samples—such as blood, tissue, saliva, and DNA—along with associated health data for research. These samples are stored in specialized repositories to enable scientists to understand diseases, develop treatments, and advance precision medicine.
The University of Oxford

M0nica Sat 25-Apr-26 20:30:29

Applegran

I have been in it from the start and am glad to have been a very small part of an excellent thing which is helping research. I am not worried and do not believe my name and address is likely to have been shared.

Exactly my take on the subject.

Applegran Sat 25-Apr-26 20:17:03

I have been in it from the start and am glad to have been a very small part of an excellent thing which is helping research. I am not worried and do not believe my name and address is likely to have been shared.

twaddle Sat 25-Apr-26 16:20:39

How do you think Biobank would have been funded, if they didn't sell their data? Biobank does receive some money from the UK government, but foreign universities and research organisations also use the data. Who would pay for that?

If you want to be told that your genetic profile puts you at risk of some condition, you can have the test done privately and pay for it.

ExaltedWombat Sat 25-Apr-26 15:12:53

The real scandal is that this information should ever have been commercialised. Medical statistics are a vital tool in healthcare research. They should be freely available to anyone with a legitimate interest.

They are statistics, not personal records. But, in a way, so what? If statistics revealed that my personal history of physical type, drugs taken etc. indicated a danger, wouldn't I want to be told?

twaddle Thu 23-Apr-26 19:58:45

I've just been looking at X about this. As expected, there's a load of hysterical claptrap about the Chinese enemy hacking into Biobank's computers and stealing personal ID. I give up!

twaddle Thu 23-Apr-26 19:53:35

MOnica, I have a very close relative who is a senior manager at Biobank. I knew about this yesterday because I was on the phone to his wife, who explained that her husband (along with a team of people) is trying to discover where the leak was. As I'm sure you realise, the data is worth a lot of money. The company is non-profit making, but needs income to do its research. You shouldn't be angry with Biobank. Unfortunately, they can't control what people do with their data once it's been sold. They do actually vet the people who are allowed access. You can be sure that your personal details won't have been leaked. Tice is trying to spin this as a company which receives public money and has acted irresponsibly, which isn't true.

twaddle Thu 23-Apr-26 19:45:25

Maremia

So, has it been hacked, or was it a legitimate purchase?

No, Biobank itself wasn't hacked. It appears that one of the organisations which bought data was either hacked or illegally tried to sell the data.

Maremia Thu 23-Apr-26 16:14:07

So, has it been hacked, or was it a legitimate purchase?

M0nica Thu 23-Apr-26 15:36:24

The information did not include names, addresses or contact details.

That is the main thing that most people need to realise.

We have both been members since the scheme was set up c 2005-10 At an institutional level, I am angered because they always told us the system was so secure.

Otherwise lets hope the data becomes accessible to someone who can add to all the useful research that accredited scientists have already done. www.ukbiobank.ac.uk/research-stories/

twaddle Thu 23-Apr-26 15:25:50

AmberGran, The data is stored without identifiers. Yes, the source is an institution which has purchased the data legitimately. The Chinese actually do a lot of medical research, from which other countries benefit enormously. They also have their own databanks which are available to researchers in the west. Given that China has such a huge population, their data is particularly valuable.

No hacking has taken place and I'm still waiting to know how Biobank's security arrangements were "lax". It seems the source of this is Tice stirring the pot (what a surprise!)

Georgesgran Thu 23-Apr-26 15:17:42

Best look it up Luckygirl13 to understand it more. It’s a long explanation, but interesting.

AmberGran Thu 23-Apr-26 14:01:40

The data is supposed to be stored without identifiers, so it should not expose any personal data. The Chinese may well have bought it to include in their health data banks. They do all the same health studies that are done in the Wet, after all.

Anyone who has shopped online probably had their personal data (names, addresses, phone numbers, email addresses, card details, etc) sold on (or harvested) years ago.