More private health records of UK Biobank volunteers appear on Chinese website | Data protection
More confidential health records of UK volunteers have been listed on Chinese website Alibaba since the reported breach last week, and the government is preparing for further leaks, the science minister said.
addressing an address House of Lords debate Patrick Vallance said the government was working with Chinese authorities to remove additional posts from the online marketplace about an attempt to sell data on 500,000 UK Biobank volunteers.
“Fresh lists will emerge – additional lists have been published since the government became aware of the problem last week – and we continue to work with the Chinese government to remove them quickly,” Lord Vallance said.
The data is “de-identified”, meaning it does not contain names, addresses or exact dates of birth. Vallance said the likelihood of re-identification was “low” but the breach should still be a “real wake-up call” for investigators.
“It is becoming increasingly possible to triangulate and get closer to identification across large data sets, and this remains a very real risk,” he said.
Last month the Guardian managed to re-identify a single participant in a different UK Biobank dataset leaked online, using only his date of birth and data from an operation.
In his emergency statement last Thursday, technology minister Ian Murray revealed that the health data of half a million participants in the UK Biobank project was offered for sale on Alibaba. UK Biobank learned of the breach from an anonymous tipster. The data has since been removed and authorities do not believe there were any sales. All access to UK Biobank data has been temporarily suspended.98
Vallance named three Chinese institutions whose researchers appear to be behind the postings: Second Xiangya Hospital, China-Japan Union Hospital and Beijing Chaoyang Hospital.
Vallance praised the dedication of UK Biobank volunteers, whose data he said had led to the discovery of genes affecting the risk of heart disease or cancer and new ways to predict dementia and understand Covid-19.
“I finish by saying again how important the UK Biobank is, how unique it is globally in the breadth and depth of its coverage, and how appalling it is that this leak has occurred,” Vallance said. “We must absolutely ensure that this risk is eliminated going forward by ensuring a secure data environment is put in place.”
In addition to the Alibaba posts, the UK Biobank has taken action against at least 30 other data breaches in the past month, according to Dr Luc Rocher, a researcher at the Oxford Internet Institute: Who tracks data breaches?. Some data remains online, including a detailed dataset on 96,000 volunteers that was apparently accidentally uploaded by a graduate student at Yale University. UK Biobank said it wanted the data removed and that this should be completed shortly.
Chi Onwurah, chair of the Commons science, innovation and technology committee, said: “I am amazed that this data is still available online. The UK Biobank is delighted to have half a million Brits sharing their most intimate and personal data with them and they deserve better than this.”
A government spokesman said: “We are aware of reports of unauthorized data from UK Biobank, a health research charity independent of the government, being made available online, following a reported leak last month. As you would expect, we are working with UK Biobank to understand the origin and scope of this data and ensure they take proactive steps to have it removed.”
