惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
博客园_首页
N
News | PayPal Newsroom
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
S
SegmentFault 最新的问题
Jina AI
Jina AI
人人都是产品经理
人人都是产品经理
P
Privacy & Cybersecurity Law Blog
AI
AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
博客园 - 三生石上(FineUI控件)
月光博客
月光博客
量子位
Forbes - Security
Forbes - Security
爱范儿
爱范儿
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
Last Week in AI
Last Week in AI
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tor Project blog
Recorded Future
Recorded Future
A
About on SuperTechFans
J
Java Code Geeks
The Register - Security
The Register - Security
PCI Perspectives
PCI Perspectives
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
S
Secure Thoughts
V
Vulnerabilities – Threatpost
Hacker News: Ask HN
Hacker News: Ask HN
MongoDB | Blog
MongoDB | Blog
N
Netflix TechBlog - Medium
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Scott Helme
Scott Helme
T
The Exploit Database - CXSecurity.com
Y
Y Combinator Blog
AWS News Blog
AWS News Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
IT之家
IT之家
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
L
LangChain Blog
F
Full Disclosure
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The GitHub Blog
The GitHub Blog

medConfidential

Ministers promised you’d control your data. The Health Bill and NHS England say otherwise The Coming NHS They Didn’t Campaign On Critical Intellectual Property of the NHS Canonical Data Model is controlled by Palantir A Plan for The Medium Goodbye to Palantir Biobank’s assurances get broken yet again Biobank’s assurances get broken yet again Ministers choose silence on coverups and data abuses by Ghouls and Creeps Second Reading of the Health Bill – enabling and empowering Ghouls and Creeps A quick look at the proposed English NHS Online Hospital medConfidential Bulletin, 22nd May 2026 Wes Streeting’s final Bill | medConfidential Streeting resigns | medConfidential King’s Speech | medConfidential The latest Biobank Screwup (April 2026) Why the Biobank breaches matter to you Mr Streeting is breaking promises, you still have choices Dog Cancer – is cancer treatment for your dog becoming better than treatment for your grandma, or your kids? The latest (March 2026) Biobank mess (and consequences for everyone else) The Covid Inquiry Module Reports Government tells NHS that GPs should misinform to patients Moving Parts: Current and Imminent Government plans for your medical records 10 Feb re-announcement of Biobank and others getting data in ways the public were told wouldn’t happen MedConfidential Bulletin – 19 December 2025 “Making [Palantir] irreplaceable” to the NHS in England (and beyond) – (Part II)
Biobank’s (April) Breach in Context
by medcon · 2026-04-30 · via medConfidential

You may have seen, well, all over the news, that Biobank has done the emperor’s new clothes thing after losing data nearly 200 times that were counted (plus more that were not)…

Biobank have lost control of the data

These failures show that Biobank volunteers’ data is ‘out in the wild’ as researchers implied last year but Biobank did nothing about it.

Biobank itself doesn’t know who has got it and is being forced to resort to filing “take-down notices” on the various copies of (various amounts of) Biobank volunteers’ (medical and DNA/genomic) data that are popping up all over the place. Biobank aren’t very good at it.

Alibaba was just the latest incident, which Rory once again played down – both to the Biobank volunteers themselves, and to the British public. Biobank volunteers’ data should never have left Biobank’s (so-called) ‘Secure Data Environment’. Full stop. UK Biobank offered a download option from an environment they told their users was secure; this was after they told people they had ceased downloads. We’ve summarised the ongoing messes in various documents over years. 

“De-identified” health data is eminently re-identifiable, as The Guardian proved a few weeks ago. It is not ‘anonymous’ data – it is sensitive personal data.

Did Biobank volunteers sign up to having their data sold to eugenicists, insurers, shell companies registered in the office that (also) serve as fronts for QAnon conspiracies, TikTok’s holding company in the Cayman Islands, or sending their DNA and medical history to an undergraduate course in China

How did the people on that undergraduate course get approval for access? Did Biobank simply give access to anyone who the university said was on the course? Does it have any way to know any of that? UK Biobank has defended itself by saying Yale had a previous failure that it was sanctioned for. If you look at the Biobank project list there is no obvious project which has been closed for breaking the rules, but there are many ongoing projects as if there was no problem at all. Any sanction must have been so minor there’s no public disclosure of any of it, but Rory decided to pick on them to save his job (or NHS England can publicly confirm contemporaneous reports of breaches).

Is this behaviour what the public and patients should expect from the new Health Data Research Service?

HDRUK and Biobank share a culture

This systemic, cultural problem does not only apply to Biobank… 

In their email to their participants, Biobank direct readers to this page which says protections are “within the ‘Five safes’ framework.” We know HDRUK and UK Biobank share a culture, which is to undermine the framework by reckless and unsafe changes.

Polly Toynbee might be happy to have her medical history and genome on the internet – that is her choice to give it to Biobank and her decision is informed by her close relationship with UK Biobank leadership who insist they never do anything wrong – but would the 499,999+ others make the same decision about their data and tissue and blood if Biobank had told them up front that “research” might include sending their data to all of these outfits? That Biobank knew their system allowed downloads, but didn’t want to talk about it because staff hoped no researcher would notice? Did they tell Polly that?

Biobank tells GPs that “Careful checks are in place to ensure confidentiality and data security” which clearly isn’t true. The same page has a GP quoted by Biobank saying: “With its internationally respected managed access model and robust data protection, UK Biobank ensures this enhanced resource will drive innovation responsibly”. It wasn’t true when Biobank published it in February, and isn’t true now.

UK Biobank has started talking publicly about another wave to their cohort, which is an opportunity to give all members the ability to give a fully informed consent to continue participating. (or, if they don’t respond, to have their data flows stopped? Or will people still have to beg the Biobank call centre for the secret form to fill out and return to end their participation? What will they be told about this debacle)

With Wes Streeting breaking ‘pandemic-only’ promises about uses of patients’ GP data (having been lobbied to do so by Biobank…) and with his intention to suck up everyone’s GP data into his ‘Single Palantir Record’, this is an issue that could (and will, if the government doesn’t stop steamrollering ahead) affect everyone in England.

Biobank insists that this time their catastrophes are different. We know how that always goes… 

===

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates via Substack — free to follow, and we are grateful to all those who can donate to help more of this work.