Search This Blog

Friday, July 10, 2026

UK Biobank Breach Sparks Data Security Debate

 Hello. I’m David Kerr, professor of cancer medicine at University of Oxford. Today, I’d like to talk a little about the democratization of data. Francis Bacon famously said, “Nam et ipsa scientia potestas est” — knowledge is power. He meant using knowledge as a weapon: keeping knowledge to oneself, using it against others, and using it as a power base.

I think in modern science, we understand that knowledge should be shared and that there is collaborative power. Looking at large data populations, large scientific projects, and making the data available to the wider community means that we should be able to move further forward. Something interesting happened recently that we’re very proud of in the UK, which is our UK Biobank. This is a project that was set up in the early 2000s. Approximately 500,000 individuals aged between 40 and 69, when they were recruited between 2006 and 2010, have been followed consecutively. We have germline DNA, multiple scans, metabolomic data, and so on. As these individuals are followed forward, of course, some fall prey to a range of different diseases.

We’re interested in cancer, but you can imagine, with the careful follow-up that we can use with our registries, with our National Health Service data in the UK, it’s an enormously valuable prospective database that allows us to link various elements of genetics, metabolomics, and so on to outcome, disease association, and more.

It’s a fantastic piece of work. These data are made available to legitimate researchers from around the world who can use the data to test some of their own hypotheses. So far, the utilization of the data in this way has led to probably now more than 18,000 publications.

It’s a fantastic exercise in global public health and science working together at its very best. The data are anonymized so there are no names available. Individual patient data would be kept away from there, but of course, gender, age, and so on are recorded. One might argue that it might be possible to identify individuals, but as far as we can, the data have been anonymized. 

There are three rogue investigators who had access to the data, and they bizarrely put it up for sale on a commercial website called Alibaba. It’s a sort of Amazon-type equivalent in China. They put it up for sale. A great piece of international cooperation between the UK and Chinese governments closed this down enormously quickly. One would argue no harm done, but this was a huge data breach. There are all sorts of investigations ongoing. For the three individuals in Chinese hospitals, their access to the data has been suspended.

That will never, ever happen again. There are various investigations going on at the UK end about the size of the data breach. Of course, the team leading the UK Biobank have been incredibly apologetic for this. 

It raises an interesting question though, doesn’t it? Could we go too far with the democratization of data? Could we make it so widely available that these sorts of data breaches might become more common with, let’s call it as it is, bad actors looking to commercialize data which isn’t theirs? It’s a project funded by the UK government, which has been made available for a very small fee to investigators around the world.

There are masses of DNA and other databases available. When we publish in the top journals, often we make the raw data available in ancillary files, so that other individuals can look at the data, go through, and perhaps test their own hypotheses. It does speed things up, but I wonder if any of you wonder if we’ve gone too far. Is this science without boundaries? Is this limitless access to carefully curated samples? 

In the old days, we would have our samples. It was an enormously valuable resource that we would data mine and that we would publish on. The biobank, the tissue, and the DNA samples that we’d collected would be carefully husbanded and would be used only in a narrow way with very trusted collaborators. We’ve moved from one extreme, individual scientists, to the whole world being able to get access to them. 

It’s got to be a good thing, hasn’t it? Speeding up research, making data available, and the wisdom of the crowd, with many eyes upon the data that may shed light that we didn’t see. People come from different angles, different techniques, and different hypotheses. Could we have gone too far? 

I’d be really interested in your thoughts. I’d be grateful if you’d post any of those. For the time being, Medscapers, as always, thanks for listening. I’d be grateful for any comments that you might have. Thanks again. 

https://www.medscape.com/viewarticle/uk-biobank-breach-sparks-data-security-debate-2026a1000lh6

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.