Two decades ago, half a million middle-aged adults signed up to one of the most ambitious medical projects in British history. The group of volunteers agreed to spend years being poked and prodded in the name of science: getting their DNA sequenced, undergoing body scans and completing countless lifestyle questionnaires. They have provided 15 million samples of blood, urine, and saliva — stored in a giant freezer in Cheadle.

This data, combined with their NHS hospital and GP records, forms the UK Biobank, which acts as a treasure trove for scientists around the world. The Biobank was set up in 2003 under Tony Blair to revolutionise the prevention, diagnosis and treatment of disease.

The information, which is anonymised, enables scientists to compare a group of volunteers who develop, say, Alzheimer’s, with a group of volunteers who do not, and unpick what in their genes or lifestyle may cause the disease.

It is the world’s most comprehensive data set of its kind and has been responsible for a series of medical breakthroughs. Biobank data has been cited in more than 18,000 peer-reviewed medical journals.

UK Biobank is a charity which has received tens of millions of pounds of funding from the government and other charities, including Wellcome and Cancer Research UK, as well as private individuals. It is run by a board of scientists, led by Sir Rory Collins, British Heart Foundation professor of medicine and epidemiology at the University of Oxford.

A key founding principle of the UK Biobank is that the not-for-profit resource is available to scientists all over the world, as long as their research is in the public interest. This can include university researchers, charities and industry bodies or businesses. 

Professor Sir Rory Collins, Chief Executive and Principal Investigator of UK Biobank, smiling.Professor Sir Rory Collins

At present more than 22,000 researchers from more than 60 countries are working with UK Biobank data. This includes 4,735 researchers in China, 4,221 in the UK and 6,045 in the United States.

To apply for access, research teams must prove that they are affiliated to an organisation and pay a fee ranging from £500 for student projects, to £9,000 for “Tier 3” access including the genetic data of participants.

The data breach involving Chinese researchers has highlighted “lax” security protocol at the UK Biobank, and follows dozens of recent instances where Biobank data has been exposed online after researchers have uploaded it to coding hubs.

Professor Luc Rocher, of the Oxford Internet Institute at the University of Oxford, said: “This is the 198th known exposure of UK Biobank data since last summer. UK Biobank data is not just available for sale, it also remains available online for anyone to download today. Researchers have, in the past, repeatedly and accidentally uploaded datasets to online code-sharing platforms, and many of these files are now replicated across the web.”

Health officials have stressed that the data breach does not pose the same privacy risk to patients as previous hacks of NHS medical records because the information is anonymised and does not contain names or addresses.

A medical professional in a sterile suit, mask, and gloves handling samples in a biobank.Alamy

However, at a time of heightened anxiety about the privacy of medical records and controversy over the US firm Palantir holding a NHS contract, experts fear that any data breach risks undermining the trust of patients in health research. 

Professor Andrew Morris, director of Health Data Research UK, said: “To find data for sale on a website in China will be greatly concerning for participants. Even with all identifying information removed from the data, this is still sensitive data and a serious data breach.

“Health research using large de-identified data sets is delivering great advances in the prevention, diagnosis and treatment of diseases affecting millions of people in the UK and globally. UK Biobank has been at the vanguard of many of these discoveries. But such research is only possible with the trust of participants in how their data is handled.

“The future of healthcare is increasingly data dependent. We must double down on implementation of secure systems to enable essential research that is responsible, trusted and can operate at scale.”