惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News | PayPal Newsroom
P
Proofpoint News Feed
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
SecWiki News
SecWiki News
Know Your Adversary
Know Your Adversary
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Vercel News
Vercel News
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
罗磊的独立博客
NISL@THU
NISL@THU
WordPress大学
WordPress大学
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Threat Research - Cisco Blogs
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
Security Archives - TechRepublic
Security Archives - TechRepublic
有赞技术团队
有赞技术团队
L
LINUX DO - 热门话题
Hacker News: Ask HN
Hacker News: Ask HN
V
V2EX
G
GRAHAM CLULEY
TaoSecurity Blog
TaoSecurity Blog
Hugging Face - Blog
Hugging Face - Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
F
Fortinet All Blogs
博客园 - 叶小钗
博客园 - 三生石上(FineUI控件)
云风的 BLOG
云风的 BLOG
Recorded Future
Recorded Future
Latest news
Latest news
The Hacker News
The Hacker News
aimingoo的专栏
aimingoo的专栏
T
Troy Hunt's Blog
S
Schneier on Security
I
Intezer
Google DeepMind News
Google DeepMind News
A
Arctic Wolf
Apple Machine Learning Research
Apple Machine Learning Research
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threatpost
爱范儿
爱范儿
The Register - Security
The Register - Security
S
SegmentFault 最新的问题
Blog — PlanetScale
Blog — PlanetScale
博客园 - 聂微东
宝玉的分享
宝玉的分享
Recent Commits to openclaw:main
Recent Commits to openclaw:main
美团技术团队
B
Blog RSS Feed

medConfidential

Ministers promised you’d control your data. The Health Bill and NHS England say otherwise The Coming NHS They Didn’t Campaign On Critical Intellectual Property of the NHS Canonical Data Model is controlled by Palantir A Plan for The Medium Goodbye to Palantir Biobank’s assurances get broken yet again Biobank’s assurances get broken yet again Ministers choose silence on coverups and data abuses by Ghouls and Creeps Second Reading of the Health Bill – enabling and empowering Ghouls and Creeps A quick look at the proposed English NHS Online Hospital medConfidential Bulletin, 22nd May 2026 Wes Streeting’s final Bill | medConfidential Streeting resigns | medConfidential King’s Speech | medConfidential Biobank’s (April) Breach in Context The latest Biobank Screwup (April 2026) Why the Biobank breaches matter to you Mr Streeting is breaking promises, you still have choices Dog Cancer – is cancer treatment for your dog becoming better than treatment for your grandma, or your kids? The Covid Inquiry Module Reports Government tells NHS that GPs should misinform to patients Moving Parts: Current and Imminent Government plans for your medical records 10 Feb re-announcement of Biobank and others getting data in ways the public were told wouldn’t happen MedConfidential Bulletin – 19 December 2025 “Making [Palantir] irreplaceable” to the NHS in England (and beyond) – (Part II)
The latest (March 2026) Biobank mess (and consequences for everyone else)
by medcon · 2026-03-14 · via medConfidential

Even before these new revelations, UK Biobank had a very long list of unanswered questions (that PDF was published earlier this week and now needs extending). At the same time, Mr Streeting has decided to give Biobank data from GP records that was collected under a promise it would be used only for the pandemic.

What did the Minister know when he signed the Biobank direction? What did those who publicly supported the Direction know? Did Biobank tell them everything?

Why this matters even if you’re not in Biobank:

The Biobank direction means “pandemic only” dataset can now be reused however Mr Mandelson’s political protégé decides – GPs have been given no choice because NHS England already has the data and uses it however they are told. This action already destroys trust for the next pandemic, and undermines promises being constructed for Mr Streeting’s Single Patient Record plans where he’ll make political promises around becoming data controller for your medical notes. Apparently this is the acceptable approach and standards for where your data will go in the National Data Library.

Biobank data is still was published on the internet 

The Guardian has reported that the NHS hospital data of UK Biobank participants was repeatedly published by Biobank users, and some of it is still publicly available months after Biobank was first told that Biobank patient level data was published online. This notification was before the Direction was signed which will allow “pandemic only” GP data to flow to Biobank to be used like the rest of the Biobank data.

The statement on the Biobank website completely omits that this happened and this remains the case.

Biobank admit they don’t know who their users are

Biobank have sent many legal notices to have material taken down from the internet.

UK Biobank admits that, in every case where they send a legal notice, that is because Biobank’s attempts to identify and contact the researcher have failed. Either Biobank don’t know who the researcher is, or the researcher doesn’t care enough to reply to the Biobank email. 

It is clear that Biobank does not know who their active researchers are, because if Biobank did know who the users were, Biobank would not have to resort to takedown requests for accounts they can not identify.

In any event, Biobank gave them (or someone) access to that data in the first place – the application form is short and woefully insufficient, but it does have a space for an email address. Emails from Biobank that researchers ignore alongside ignoring the Biobank rules that Biobank say protect the NHS data they share.

Since Biobank resorted to these legal means, did Biobank notify NHS England they were doing this over NHS sourced data? 

That’s before we consider approved data use in Chinese undergraduate teaching – the lecturer is granted access, but the students get it too and Biobank has no way to know who they are.

Biobank blame their victims for Biobank’s failings
UK Biobank simply claims that no Biobank member has been harmed, and if they have, then it’s their own fault.

If you’re in Biobank, and if anyone knows anything about your medical history, they can potentially read it all. Apparently the bland text on page 23 of this newsletter was Biobank telling you about the risks you had chosen to take, and Biobank would allow researchers to take.

Given the nature of researcher conduct, it is not possible to guarantee that there are no further examples.

NHS England did a “consent audit” of Biobank, which Biobank says they passed. Is this victim blaming what NHS England’s audit found and approved? 

To quote Biobank’s newsletter “In everything we do, we ask, what would participants expect from us?” so are the Biobank statements what one would reasonably expect?

Biobank’s [ public statements ] are incompatible with their [ redacted ] 

[redacted until Biobank fix it or decide they’re willing to take that particular risk with their cohort]

The Guardian work shows how easily NHS patient data is re-identifiable

The Guardian’s efforts confirm that if you know one health event for a person, you can read off all the others through the linking pseudonym, the EID that Biobank’s response argues is so immaterial that it can be published repeatedly on the internet without consequence. 

The Biobank response also argues that if data they have lost control of leaks (as it has), then that’s that if anyone knows anything about your health, and uses their lost data to find out more, then that’s your fault. 

The Department of Health in England makes the same self-serving argument – they take risks with your data and will blame you when they go wrong. Everyone treated in an NHS hospital is in the hospital datasets that NHS England sells, usually without respecting the National Data Opt Out. 

UK Biobank’s sole remaining defence is that it’s difficult for someone you’ve never met and who knows nothing about you to reidentify you – which doesn’t address the fact that you have met many people who know something about you and your health and can now potentially read everything; or the Department of Health in England can stop making stupid mistakes.

None of this is new, the flaws and risks were discussed at length in Chapter 4 of the 2022 Goldacre Review

For Biobank participants who now wish to withdraw

We have heard that participants have withdrawn from Biobank because of their failings over recent years. Biobank claims privately no one has told them they’ve withdrawn for this reason, but then, participants don’t have to give Biobank a reason for withdrawing.

If you’re in Biobank and wish to withdraw, they make you email them for the form. You are required to know your Participant ID, which Biobank probably told you 20 years ago, you can find on some communications from them, or simply download it from the internet with most of your hospital record if you know where to look…

You can withdraw from Biobank, you won’t be allowed to withdraw from the National Data Library.

Biobank’s reckless disregard for personal data has infected the “National Data Library”

The HDR/Sudlow Review which argues that all public sector data should be linked (one topic in the ID cards consultation) and used like Biobank. At the Review launch, the former Chief Scientist of Biobank said Biobank has “one of the best systems” for data access, and Biobank data should be “used as widely as possible”, and has now been rewarded with a seat on the National Data Library advisory board. 

Biobank’s actions exemplify Mr Mandelson culture being applied to NHS data (increasingly so via the Biobank direction), and it will cover everyone everywhere in the UK via the National Data Library.

Unless DSIT agrees that the UK Biobank approach to those in their dataset as covered above will be that of the National Data Library, DSIT should remove Prof Sudlow from the advisory board. Biobank’s public response is the responsibility of the current Biobank senior leadership (most of whom should also resign in disgrace, but won’t as they blame the victims rather than accepting responsibility for their decisions; and wisely no one appointed them to an NDL seat). Responsibility is known and admitted for how Biobank ended up in the mess they have put their cohort in, the only question is whether there will be any consequences for that.

==

In addition to our annual-ish newsletter, you can also join our free substack to get emailed whenever we post some news or commentary.