Published in News

Babylon suffers security leak

by on11 June 2020


Persians invade again

Babylon Health has acknowledged that its GP video appointment app has suffered a data breach and gave users access to other patent's medical records.

The firm was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients' consultations.

A follow-up check by Babylon revealed a small number of further UK users could also see others' sessions. The firm said it had since fixed the issue and notified regulators.

For those who came in late, Babylon allows its members to speak to a doctor, therapist or other health specialist via a smartphone video call and, when appropriate, sends an electronic prescription to a nearby pharmacy. It has more than 2.3 million registered users in the UK.

Babylon, which has its headquarters in London, has since confirmed the breach.

"On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient's consultation recording", it said in a statement.

"Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients' consultations through a subsection of the user's profile within the Babylon app."

On Wednesday, the firm amended its statement to make clear that it meant three patients had viewed a recording.

"This was the result of a software error rather than a malicious attack", it continued.

"The problem was identified and resolved quickly. Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required."

He said the problem had been accidentally introduced via a new feature that lets users switch from audio to video-based consultations part way through a call.

And he said that Babylon had informed the Information Commissioner's Office of the matter.

"Affected users were in the UK only and this did not impact our international operations", he added.

 

Last modified on 11 June 2020
Rate this item
(0 votes)

Read more about: