Telehealth App: Babylon Health Offering Online Doctor Consultancy In UK Suffers Data Breach
UK’s most used online doctor consultancy app: Babylon Health has acknowledged that its GP video appointment app has suffered a data breach.
The company was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients' consultations.
A security follow-up check by Babylon revealed a small number of further UK users could also see others' sessions.
The company said it had since fixed the issue and notified regulators.
The telehealth app allows its members to speak to a doctor, therapist or other health specialist via a smartphone video call and, when appropriate, sends an electronic prescription to a nearby pharmacy. It has more than 2.3 million registered users in the UK.
One patient, Leeds-based Rory Glover had access to the service via his membership of a private health insurance plan with Bupa, one of Babylon's partners.
On last Tuesday morning, when he went to check a prescription, he noticed he had about 50 videos in the Consultation Replays section of the app that did not belong to him. Upon clicking on one revealed that the file contained footage of another person's appointment.
He said ,"I was shocked. You don't expect to see anything like that when you're using a trusted app. It's shocking to see such a monumental error has been made."
He then alerted a work colleague to the fact, who used to work for Babylon. He in turn flagged the issue to the company's compliance department.
Later in the day, Mr Glover's access to the clips was rescinded.
The telehealth company Babylon, which has its headquarters in London, has since confirmed the breach.
The company said in a media statement, "On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient's consultation recording. Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients' consultations through a subsection of the user's profile within the Babylon app."
Subsequently on Wednesday, the firm amended its statement to make clear that it meant two patients in addition to Mr Glover who had in fact viewed a recording to make the total of three.
The company said,"This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly. Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required."
A Babylon spokesman said that the comapny's engineering team was already aware of the issue before it was contacted by Mr Glover's workmate.
He added that the problem had been accidentally introduced via a new feature that lets users switch from audio to video-based consultations part way through a call.He said that
Babylon had informed the Information Commissioner's Office of the matter.
He added, "Affected users were in the UK only and this did not impact our international operations.
Unfortunately however, Mr Glover said he still had concerns and did not intend to use the service again.
He said, "It's an issue of doctor-patient confidentiality. You expect anything you say to be private, not for it to be shared with a stranger."
The UK Information Commissioner's Office has confirmed that it had been contacted by Babylon and that it was now waiting to receive the company's breach report.
They said, "People's medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organizations also have a responsibility under the law. When a data incident occurs, we would expect an organization to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects."
Babylon Health told the media it had already been in touch with everyone involved to inform them and apologize.
For more about telehealth apps
, keep on logging to Thailand Medical News.