UK Biobank has suffered a large-scale breach involving genetic, biological and health data from its volunteer research participants. Information on about 500,000 people has been offered for sale online in China.<\/p>\n
The leak has intensified scrutiny of how public bodies and research institutions in Britain store and share highly sensitive health and DNA data. UK Biobank is a long-running biomedical database and research resource that works with the National Health Service and academic and commercial researchers.<\/p>\n
Security specialists and industry figures warned that the incident underscored the distinct risks attached to genetic and medical records stored in large online repositories. Unlike passwords or payment cards, health data cannot be revoked or changed, raising concerns about long-term misuse if it reaches criminal networks.<\/p>\n
Paul Croall, Chief Executive of Undisclosed DNA, said he hoped the latest in a long line of medical data breaches would serve as a wake-up call for the British government to take urgent steps to protect citizens’ medical data and minimise the risks associated with such leaks in the future.<\/p>\n
<\/p>\n
“It is deeply worrying but far from surprising that the medical information of more than half a million British people has leaked online in China. While this particular leak appears to have resulted from a legitimate download rather than a hostile hacking operation, it highlights the huge risk facing our most sensitive personal medical and DNA data when it is stored in online databases like this,” said Croall.<\/p>\n
\n
<\/p>\n
“This is precisely the sort of incident for which Undisclosed DNA was created. Our unique, patented technology would mitigate the risks of a leak like this and ensure that personal medical data of this kind was encrypted and secure.”<\/p>\n
<\/p>\n
The breach involves a charity that has been a prominent partner in government-backed research projects. UK Biobank has provided approved researchers with access to anonymised or pseudonymised datasets that link genetic information to detailed health records.<\/p>\n
Cyber security experts said the volume and nature of the data involved raised particular concerns. Criminal groups can combine leaked medical records with other data sources to build detailed profiles of individuals.<\/p>\n
VimalRaj\u00a0Sampathkumar, Technical Head of UKI at\u00a0ManageEngine,\u00a0highlighted the enduring value of stolen health records to attackers and said organisations that hold large public datasets must treat access governance and threat monitoring as ongoing disciplines.<\/p>\n
<\/p>\n
“Health data commands a premium on the black market because it is inherently permanent. A stolen credit card can be cancelled, but a medical history cannot be reset. That asymmetry is what makes breaches of this kind so dangerous.”<\/p>\n
\n
<\/p>\n
“The scale of this incident, affecting half a million UK records, gives criminals enduring value, underscored by their stated intent to monetise the data. Health records enable a wide spectrum of abuse, from identity fraud and insurance scams to highly targeted phishing campaigns. Armed with authentic medical and personal details, these attacks become not only more convincing, but significantly harder for individuals to detect and resist.”<\/p>\n
\n
<\/p>\n
“Perhaps the most lasting consequence, however, is the erosion of public trust. Once sensitive data enters criminal circulation, the risk does not dissipate; it becomes a persistent burden carried by those affected. This is why large public datasets demand rigorous access controls, continuous monitoring and intelligent threat detection. When those safeguards fall short, attackers need not be sophisticated to inflict damage that is both immediate and enduring,” said\u00a0Sampathkumar.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"UK Biobank has suffered a large-scale breach involving genetic, biological and health data from its volunteer research participants.…\n","protected":false},"author":2,"featured_media":24670,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[8648,11074,8125,1961,1870,7435,1877,11078,1357,1960,11076,8121,8645,1898,8651,9392,6738,11079,10675,11081,7437,8216,1966,11077,11075,2364,2312,6749,1864,604,1876,11080,1226,11082,11084,5,1261,6,1291,11083],"class_list":{"0":"post-24669","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uk","8":"tag-access-control","9":"tag-big-data","10":"tag-chinese","11":"tag-cloud-security","12":"tag-cyber-resilience","13":"tag-cybercrime","14":"tag-cybersecurity","15":"tag-dark-web","16":"tag-data-privacy","17":"tag-data-breach","18":"tag-data-encryption","19":"tag-data-governance","20":"tag-data-leak","21":"tag-data-protection","22":"tag-data-security","23":"tag-data-transfer","24":"tag-encryption","25":"tag-genomics","26":"tag-ico","27":"tag-identity-and-access-management-iam","28":"tag-identity-theft","29":"tag-incident-response","30":"tag-infosec","31":"tag-it-management","32":"tag-manageengine","33":"tag-national-security","34":"tag-nhs","35":"tag-personal-data","36":"tag-phishing","37":"tag-regulation","38":"tag-risk-management","39":"tag-social-engineering","40":"tag-surveillance","41":"tag-threat-detection","42":"tag-threat-monitoring","43":"tag-uk","44":"tag-uk-government","45":"tag-united-kingdom","46":"tag-united-kingdom-uk","47":"tag-zoho"},"share_on_mastodon":{"url":"","error":"Validation failed: Text character limit of 500 exceeded"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts\/24669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/comments?post=24669"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts\/24669\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/media\/24670"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/media?parent=24669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/categories?post=24669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/tags?post=24669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}