Medical knowledge of half 1,000,000 Britons on sale in China after Biobank breach
Medical knowledge belonging to half 1,000,000 British residents has been supplied on the market on a Chinese language web site following a safety breach at well being info database UK Biobank.
Know-how minister Ian Murray stated that knowledge obtained from UK Biobank had been marketed on the market by a number of sellers on Alibaba e-commerce platforms in China, in what he referred to as an “unacceptable abuse”.
UK Biobank, a non-profit charity, collects medical knowledge supplied by volunteers and shares it with researchers world wide to additional medical analysis in most cancers, coronary heart illness and methods of predicting dementia.
The charity knowledgeable the UK authorities on Monday that it had recognized anonymised knowledge from its volunteers on the market by three sellers on Alibaba, together with at the least one itemizing that appeared to supply anonymised knowledge from its 500,000 volunteers.
Unacceptable abuse of knowledge
“This has been an unacceptable abuse of the UK Biobank charity’s knowledge and an abuse of the belief that members rightly anticipate when sharing their knowledge for analysis functions,” Murray stated in a assertion to Parliament.
UK Biobank has assured its volunteers that the info contained no members’ names, addresses, contact particulars, or phone numbers. The charity doesn’t consider that any of the info was offered.
UK Biobank stated it had now revoked entry to analysis establishments recognized because the supply of the breach of its UK knowledge cloud.
Murray stated the UK authorities had labored rapidly with Biobank, the Chinese language authorities and Alibaba to take down the listings providing the info.
“We now have requested the Biobank charity to pause additional entry to its knowledge till they’ve put in place a technical resolution to stop knowledge from its present platform from being downloaded on this approach once more,” he stated.
Biobank will enhance safety
Rory Collins, chief govt of Biobank, instructed volunteers in a assertion that personally identifiable info (PII) was secure and that it will put further safety measures in place to stop the incident from taking place once more.
He stated that researchers undergo a rigorous entry evaluation course of and establishments signal a contract committing to maintaining knowledge safe earlier than they’re given entry to Biobank.
“This can be a clear breach of the contract signed by these educational establishments, and so they, together with the people concerned, have had their entry suspended,” he added.
Biobank has quickly suspended all entry to its UK cloud-based analysis platform, and plans to introduce a restrict on the dimensions of recordsdata that may be taken off the platform. It is going to additionally monitor recordsdata exported from the platform for suspicious behaviour.
The charity stated it was growing an automatic checking system to stop de-identified knowledge from being taken off its analysis platform, whereas nonetheless permitting scientists to conduct analysis. The system might be in place by the top of the 12 months.
UK authorities to subject steerage
Murray stated the federal government would quickly be issuing steerage on controlling knowledge from analysis research, and urged companies and charities to make sure their techniques and data-sharing processes are as safe as potential.
The charity has reported the incident to the Info Commissioner’s Workplace (ICO).
An ICO spokesperson stated: “Individuals’s medical knowledge is very delicate info. Not solely do folks anticipate it to be dealt with rigorously and securely, organisations even have a duty beneath the legislation. UK Biobank has made us conscious of an incident, and we’re making enquiries.”
