Rogue scientists at three Chinese hospitals tried to sell stolen medical data of 500,000 NHS patients amid UK's 'lax' security measures

Published: 02:05, 25 April 2026 | Updated: 02:14, 25 April 2026 Rogue scientists at three hospitals in China tried to sell the stolen medical data of half a million NHS patients, as concerns are raised over claims of Britain's weak security measures.  The confidential NHS medical details had been listed for sale on Alibaba, an ecommerce website sometimes called China's Amazon, due to the UK's allegedly 'lax' security measures.  The lack of sufficient regulations meant Chinese academics could be given free reign over the entire database of UK Biobank, a research hub that makes 'de-identified' data available to universities, institutes and private companies.    Three different listings were made from individuals from three separate Chinese research hospitals, having initially accessed the data legitimately.  UK Biobank, which is a registered charity, has refused to name the medical facilities, but said they have since been denied access to the data. The charity said it had been tipped off about the listings from an anonymous whistleblower.   A Whitehall source told a national newspaper that the charity had been 'very, very lax' over who could access the data and whether they could keep the data secure. There were calls for an inquiry on Thursday after the news of the data leak, and subsequent sale of the medical details, was announced by technology minister Ian Murray. He described the leak as an 'unacceptable abuse'.  Last year, there was outrage when plans emerged to give Chinese researchers access to GP records of 503,000 volunteers who are part of the UK Biobank. The confidential NHS medical details had been listed for sale on Alibaba, an ecommerce website sometimes called China's Amazon, due to the UK's allegedly 'lax' security measures MPs, security experts and former spy chiefs warned against the decision, fearing the hostile state was being given a window into 'strategic aspects of the nation's life', which could be used to develop viruses and help China become a biotech superpower. The UK Biobank has now paused global access to its data as it tackles to prevent further information from being downloaded and resold.  Although the posts were removed before any sales, experts believe the reason the information is being freely touted on the site is that Beijing has already capitalised on the information.  The stolen data did not include names, addresses, or contact details, but it did contain gender, age, month and year of birth as well as assessment centre data, attendance data, socioeconomic status and lifestyle habits. The database can be accessed by researchers around the world, with a sign-up fee of £3,000 a year.   On Thursday, shadow national security minister Alicia Kearns said Labour had handed a 'gift to China', which could endanger lives. 'Half a million Britons trusted the system with their most intimate health data. That trust has been shattered. 'Labour must now answer three questions: which institutions had their access revoked, which had links to the Chinese state, and who signed off on overriding MI5's warnings last year.' Last April, UK Biobank announced NHS England had audited its processes for sharing data internationally, including how it assesses applications from China. It passed the audit, meaning Chinese researchers could then apply for access. The lack of sufficient regulations meant Chinese academics would be given free reign over the entire database of UK Biobank, a research hub that makes 'de-identified' data available to universities, institutes and private companies. Pictured: The UK Biobank research hub Then, in February, the Health Secretary Wes Streeting allowed coded GP data of all volunteers to be shared with UK Biobank. The decision shocked security experts, with former MI6 spy chief Sir Richard Dearlove comparing it to the aborted decision to let Chinese firm Huawei have a role in the UK's 5G network. While Sir Ken McCallum, head of MI5, has spoken against Chinese interference on several occasions - and warned science and technology could be a potential target.  He has also encouraged the Government, universities and businesses to assess potential risks when forming potential partnerships.   Chinese businesses can be forced, under Chinese Communist Party's laws, to work with the authorities and share sensitive information and technology from western organisations.   Former Tory leader Sir Iain Duncan Smith said: 'I will be calling for an inquiry into this scandal. We need to know who made this utterly stupid decision to hand China access to this medical data. It beggars belief when China is looking to develop bioweapons.' Professor Luc Rocher from the Oxford Internet Institute said: 'This is the 198th known exposure of UK Biobank data since last summer.' Professor Rocher added that not enough is being done to get stolen data removed from the web, saying: 'UK Biobank data is not just available for sale, it also remains available online for anyone to download today.' Professor Sir Rory Collins, UK Biobank chief executive, said: 'We apologise to our participants for the concern this will cause.' The comments below have not been moderated. The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline. By posting your comment you agree to our house rules. Do you want to automatically post your MailOnline comments to your Facebook Timeline? Your comment will be posted to MailOnline as usual. Do you want to automatically post your MailOnline comments to your Facebook Timeline? Your comment will be posted to MailOnline as usual We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline. To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook. You can choose on each post whether you would like it to be posted to Facebook. Your details from Facebook will be used to provide you with tailored content, marketing and ads in line with our Privacy Policy.