Ministers have been urged to do extra to guard the general public after information from 500,000 individuals who volunteered their well being data to the UK Biobank was breached and provided on the market on-line in China.
Information of all half 1,000,000 members had been listed on the market on the web site Alibaba, stated science minister Ian Murray, as he known as the incident an “unacceptable abuse” of information.
Mr Murray informed the Commons on Thursday that the charity had knowledgeable the federal government in regards to the information breach on Monday, and stated the data didn’t embody names, addresses or contact particulars.
But Dame Chi Onwurah, the Labour chair of the science, innovation and expertise committee, stated it was “another blow to public confidence”, including that it confirmed “little progress had been made” in defending public information after she stated she was given assurance by Mr Murray in February that requirements of public sector data safety and information hygiene would enhance.
She stated: “[The] statement [by Mr Murray]however, demonstrates just how little progress has been made. It raises serious questions about whether lessons have been learned from repeated data breaches and leaks, and whether robust data management practices are being enforced at publicly funded bodies.
“Public trust in the handling of sensitive data is handled is key to the government’s digital transformation ambitions. This is another blow to public confidence.”
The Biobank is the world’s most complete dataset of organic, well being and life-style data. It has been used to attain enhancements within the detection and therapy of dementia, cancers and Parkinson’s.
Mr Murray informed MPs: “Biobank told us that three listings that appear to sell … Biobank participation data had been identified. At least one of these three datasets appeared to contain data from all 500,000 UK Biobank volunteers.
“Additional listings offer support for applying for legitimate access to UK Biobank or analytical support for researchers who already have access to the data.”
“The government has spoken to the vendor today, and they did not believe that there were any purchases from the three listings before they were taken down,” Mr Murray added.
The UK Biobank was established to advance medical analysis and scientists from the world over can use its information – with the private data eliminated – for research which can be deemed within the public curiosity.
All of the individuals have been aged between 40 and 69 years previous after they joined the examine between 2006 and 2010. Their information is used to trace their long-term well being and assist researchers to know, forestall and deal with severe sicknesses.
UK Biobank has referred itself to the Information Commissioner’s Office following the breach, stated Mr Murray, who stated the information concerned within the breach may embody gender, age, month and 12 months of start, socioeconomic standing, life-style habits, and measures from organic samples.
He stated he couldn’t give a whole assure that no person may very well be recognized, however stated it could probably solely be finished so via a “very advanced way”.
In an announcement, he informed the Commons: “Once the government was made aware of the situation, we took immediate action to protect participants’ data. Firstly, we worked with Biobank, the Chinese government and the vendor, to ensure that those three listings – that UK Biobank informed us (of), including participant data – had been removed.
“I want to thank the Chinese government for the seriousness with which they work with us to help remove these listings.
“Secondly, we ensured that the Biobank charity revoked access to three research institutions identified as the source of that information.
“And thirdly, we have asked that the Biobank charity pause further access to its data until they put in place a technical solution to prevent data from its current platform from being downloaded in this way again. I can confirm to the House that this pause is now in place.”
In an announcement printed on Thursday, Professor Sir Rory Collins, chief govt and principal investigator of UK Biobank, informed these within the examine: “We would like to inform you about an incident involving UK Biobank data.
“We apologise to our participants for the concern this will cause, and we hope to provide reassurance by outlining the serious actions we are taking in response.
“Your personally identifying information in UK Biobank is safe and secure.
“Listings offering access to UK Biobank data (which did not contain any personally identifying information) were found on a Chinese consumer website. These listings were swiftly removed before any purchases were made.
“We are putting in place additional security measures to prevent this happening again. We will conduct a comprehensive investigation into this incident.
“Since UK Biobank started to make your de-identified data available for research in 2012, it has led to thousands of discoveries that are already leading to improvements in the prevention and treatment of many different diseases.”
Professor Elena Simperl, Department of Informatics at King’s College London, stated: “The recent UK Biobank data exposure is not a moment to point fingers, but to take seriously what it tells us about national data infrastructure. Initiatives like UK Biobank are absolutely essential to driving innovation across the health and life sciences ecosystem.
“With longitudinal data on half a million volunteers and more than 18,000 peer-reviewed papers to its name, the UK is world-leading in this space, and rightly proud of it.
“What happened here was an infrastructure problem, not the result of a complex cyber attack. Too often, the costs of maintaining infrastructure for flagship data stewardship projects like this are treated as an afterthought. The UK has built something remarkable, but we need to keep investing in keeping it safe.”
https://www.independent.co.uk/news/health/biobank-hack-alibaba-data-b2963494.html