Palantir given complete access to NHS patient data

Published: 13 May 2026
NHS logo with people in the background

An elaborate web of deceit and greed runs through the relationship between a US spy tech company and the UK. Now, the NHS has just given Palantir “unlimited access” to millions of people’s data.

The NHS is giving third parties working on the government’s Federated Data Platform (FDP) “unlimited access” to identifiable patient data.

The FDP serves as a unified platform and is said to improve patient care by connecting data across various NHS services.

ADVERTISEMENT

Employees from the US spy-tech company Palantir are among those given “admin” rights to the National Data Integration Tenant (NDIT), a specific part of the FDP used to collect and manage national healthcare data.

The change was first announced in an internal memo, and the new plan agrees to give those outside the NHS working on the platforms unbridled access to the NDIT and, subsequently, to all patient data within it, according to the Financial Times.

Who else will get “unlimited access” to NHS patient data?

Alongside Palantir employees, personnel from consultancy firms who have been asked to work on the platform will also be granted full access to the NDIT.

For example, Accenture, a consultancy firm that has a longstanding relationship with the NHS, could be granted access.

During the procurement process in 2023, when Palantir was awarded the contract to work with the NHS, the deal was struck with Palantir Technologies, which includes Accenture, PWC, Carnall Farrar, and NECS, according to the NHS.

In the past, Accenture has been the victim of multiple large-scale data breaches, with LockBit 2.0 operators holding sensitive data managed by the company for ransom.

As recently as 2024, Accenture suffered a data breach that compromised the data of roughly 30,000 of its employees, cybercriminals claimed.

ADVERTISEMENT

Hackers have hit the jackpot

The current process required to gain ultimate access to NHS patients' data is that the person working on the platform requests clear access for specific data sets.

Now, the brief written by a senior NHS data official admits that this blanket authorization of third-party access could inspire distrust in the health service.

However, the NHS has seemingly prioritized convenience over safeguarding patient data, as the internal briefing said, “It is too inconvenient to apply for all the necessary individual confidential disclosure agreements (CDAs)," as per the Financial Times.

There are a multitude of risks here, including an increased risk of data breaches and the misuse of this sensitive data by companies like Palantir, among others.

What could happen if hackers gain access?

The more people who have access to this sensitive database, the more likely it is that logins and passwords for said platform will be compromised.

Third-party breaches happen all the time in the wild, and it just takes one weak link to break the chain.

Medical data is also extremely valuable to cybercriminals, as this data is difficult to change, unlike passwords or credit card numbers.

The NDIT is particularly attractive to bad actors as it’s part of the larger platform that links data from most NHS services like hospitals, mental health services, sexual health clinics, and more.

ADVERTISEMENT

This means that hackers would likely have to do little work and could use these already compiled, plaintext medical profiles to perfect phishing schemes and commit fraud.

Plaintext health data exposed to US spy-tech company

The NHS is not only giving full access to Palantir and external contractors, but it’s also providing these organizations with the key to a treasure trove of data that hasn’t yet been anonymized.

The NDIT is described as a safe place to store data pre-pseudonymization, meaning that all data is attached to individual patients and not given artificial identifiers (e.g., X7K29Q instead of the patient’s name).

While the NHS doesn’t explicitly state how much data they’re holding, it’s likely that the NDIT is one of Europe’s largest centralized health data environments.

Roughly 55 million people are using the NHS in England, and roughly 1.6 million people have some form of interaction with the healthcare service every day.

The NHS has said it handles around 200 national data collections.

These datasets come from specific services offered by the NHS, including hospitals, general practitioners (GPs), mental health centers, pharmacies, and more.

This means that the NHS is likely holding information on patients from birth to death, as well as comprehensive profiles on billions of NHS users.

Why would the NHS give these privileges to Palantir?

ADVERTISEMENT

The US spy-tech company is deeply embedded in British governmental affairs, playing many roles and wearing many hats.

The UK has been heavily dependent on Palantir for its infrastructure since 2020 and has since secured an almost $324 million (£240 million) deal with Britain’s Ministry of Defense, according to Politico.

This deal reportedly didn’t go through a tendering process and was simply awarded to Palantir.

The fair tech organization FoxGlove has demanded that the UK government publish the details behind Prime Minister Keir Starmer’s secret trip to Palantir headquarters with Britain’s former US ambassador, Peter Mandelson.

FoxGlove seems to believe that Palantir was awarded the contract under the table during the PM's trip to Washington.

Politicians friendly relationship with Palantir

Earlier this year, Mandelson went through a significant scandal in which his ties to disgraced financier and convicted pedophile Jeffrey Epstein were made apparent.

Mandelson was accused of leaking market-sensitive information to Epstein, as well as maintaining a friendly relationship with the criminal, sending him condolences after he was convicted.

The former ambassador is also the co-founder of Global Counsel, a firm that claims Palantir as a client.

Critics believe that Mandelson’s business and client relationship with Palantir is what helped the company secure the deal.

Palantir began working with the NHS during the pandemic, signing a two-year contract worth roughly $31.5 million (£23.5 million), which allowed NHS staff to use one of the company’s tools to understand the spread of COVID-19.

ADVERTISEMENT

Since then, Palantir has secured hundreds of millions of dollars in contracts from the British government.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT