More private health records of UK Biobank volunteers appear on Chinese website | Data protection

There were further lists of confidential health records of British volunteers on the Chinese website Alibaba Since the breach was reported last week, the government is ready for further leaks, the science minister said.

Address to House of Lords debate on the attempted sale of data Patrick Vallance, who belongs to 500,000 UK Biobank volunteers, said the government had worked with Chinese officials to remove additional postings on the online marketplace.

“New listings will emerge – additional listings have been posted since the government was made aware of the issue last week – and we continue to work with the Chinese government to remove them quickly,” Lord Vallance said.

The data is “de-identified”, meaning it does not include names, addresses or exact dates of birth. Vallance said there is a “low likelihood” of re-identification, but the breach should still serve as a “real wake-up call” for investigators.

“It is increasingly possible to triangulate in large datasets and get close to identification, and that remains a very real risk,” he said.

last month, the Guardian was able to re-identify a single participant in another British Biobank dataset leaked online with just their date of birth and the data of an operation.

The technology ministry Ian Murray made an emergency statement last Thursday revealing that half a million participants in the UK Biobank project had their health data for sale on Alibaba. UK Biobank became aware of the breach from an anonymous whistleblower. The data has since been collected and officials do not believe there have been any sales. All access to UK Biobank data has been temporarily suspended.98

Vallance named the three Chinese institutions whose researchers are believed to be behind the posts as the Second Xiangya Hospital, China-Japan Union Hospital and Beijing Chaoyang Hospital.

Vallance praised the altruism of UK Biobank volunteers, whose data he says has paved the way for discoveries of genes that influence the risk of heart disease or cancer, and new ways of predicting dementia and understanding Covid-19.

“I conclude by reiterating how important the UK Biobank is, how unique it is globally in its breadth and depth of coverage, and how appalling it is that this leak has occurred,” Vallance said. “We absolutely must make sure that this risk is eliminated going forward by making sure that a secure data environment is put in place.”

In addition to the Alibaba postings, the UK Biobank has acted against at least 30 other data breaches in the past month, according to Dr Luc Rocher, a researcher at the Oxford Internet Institute. which detected data breaches. Some of the data, including a detailed dataset relating to 96,000 volunteers that appears to have been accidentally uploaded by a master’s student at Yale University, remains online. UK Biobank said it had asked for the data to be removed and that it should be completed soon.

Chi Onwurah, the chair of the Commons science, innovation and technology committee, said: “I am amazed that that data is still available online. UK Biobank was smug about the half a million British people who shared their most intimate and personal data with them and who deserve better than that.”

A government spokesperson said: “We are aware of reports that unauthorized data from UK Biobank – a health research charity independent of government – ​​is being made available online following a leak reported last month. As you would expect, we are working with UK Biobank to understand the origin and extent of this data, and to ensure they take proactive steps to get it removed.”