Stolen NHS Data of Half a Million Patients Listed for Sale on Chinese Platform
Confidential medical records belonging to approximately 500,000 NHS patients have been discovered for sale on the Chinese e-commerce website Alibaba, prompting renewed calls for a government inquiry. The development comes just a year after concerns were raised that such data could be exploited by Beijing for bioweapons development.
Details of the Data Breach
The stolen information, which includes gender, age, month and year of birth, assessment centre data, attendance records, socioeconomic status, and lifestyle habits, was listed for sale three times in the past week. Although the posts were removed before any transactions occurred, experts fear that Chinese authorities may have already capitalised on the data. Notably, the dataset does not contain names, addresses, or contact details.
Technology Minister Ian Murray acknowledged the breach in Parliament, stating that he could not provide '100 per cent assurance' that participants could not be identified from the available data. He confirmed that a large-scale data breach had taken place.
Background: UK Biobank and Chinese Access
The UK Biobank is a research hub that provides de-identified data to universities, scientific institutes, and private companies. Last year, plans to grant Chinese researchers access to GP records of 503,000 volunteers sparked outrage among MPs, security experts, and former intelligence chiefs. They warned that the hostile state could gain insights into 'strategic aspects of the nation's life', potentially aiding the development of viruses and bolstering China's biotech ambitions.
Despite these warnings, UK Biobank passed an audit by NHS England in April 2024, allowing Chinese researchers to apply for access. In February 2025, Health Secretary Wes Streeting authorised the sharing of coded GP data from all volunteers with UK Biobank, a decision that security experts described as shocking.
Reactions and Calls for Inquiry
Shadow National Security Minister Alicia Kearns condemned the Labour government, accusing it of handing a 'gift to China' that could endanger lives. 'Half a million Britons trusted the system with their most intimate health data. That trust has been shattered,' she said. Kearns demanded answers on which institutions had their access revoked, which had links to the Chinese state, and who overruled MI5's warnings.
Former MI6 chief Sir Richard Dearlove compared the decision to the aborted plan to allow Chinese firm Huawei into the UK's 5G network. Former Conservative leader Sir Iain Duncan Smith announced he would call for an inquiry, stating: 'We need to know who made this utterly stupid decision to hand China access to this medical data.'
Professor Luc Rocher from the Oxford Internet Institute revealed that this is the 198th known exposure of UK Biobank data since last summer. He criticised the lack of action to remove stolen data from the web, noting that the data remains available for download.
Professor Sir Rory Collins, CEO of UK Biobank, apologised to participants for the concern this incident has caused.
