xAnts

Sensitive patient health details from the UK Biobank remain accessible online more than three months after initial data leaks were discovered, according to an investigation by The BMJ. The research charity has been working to remove the compromised datasets since the breach earlier this year, but significant portions are still available.

The BMJ’s report details how datasets containing confidential patient information were inadvertently made public following a change to the Biobank's data sharing policy in March 2024. The policy update, intended to facilitate wider research access, inadvertently exposed the data to download. Researchers quickly identified the problem and alerted the Biobank.

The UK Biobank, a major biomedical database containing genetic and health information from over half a million participants, has taken steps to address the issue, including removing the datasets from its publicly accessible website. However, The BMJ's investigation found that copies of the leaked data persist on various online repositories and file-sharing platforms.

While the Biobank says it is actively monitoring and attempting to remove the data from these external sites, the sheer volume and widespread distribution pose a significant challenge. The potential for misuse of the compromised data raises serious privacy concerns for the individuals whose information was exposed. The Biobank has not publicly disclosed the full extent of the data breach or the precise number of individuals affected, but acknowledges that a substantial amount of sensitive information was potentially exposed.

The BMJ’s findings highlight the complexities of managing and securing large-scale biomedical datasets and the importance of robust data governance protocols. The incident has prompted calls for greater scrutiny of data sharing practices within the research community and a renewed focus on protecting patient privacy.