Babylon Health faces no further action after a GP video appointment app gave some users access to recordings of other patient consultations. The Information Commissioners Office (ICO), the regulatory body responsible for overseeing data breaches in the UK, said:
After looking at the details, we provided Babylon with detailed advice and concluded no further action was necessary.”
Babylon Health has apologised for the privacy violation.
What happened in the Babylon app data breach?
The Babylon app has more than 2.3 million registered users in the UK. It provides access to doctors, therapists and other health specialists via video calls and texts. It is available via the NHS and as part of private health insurance packages.
The app has become especially popular during the COVID-19 pandemic, as it provides an alternative to visiting the doctor in person.
Babylon Health became aware of the problem after a user of the service discovered he could view about 50 videos of other peoples’ appointments. Speaking to the BBC, he said:
You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”
He flagged the issue and the firm investigated the incident and discovered that some people could see consultations that they should not have had access to. A spokesperson for Babylon Health said:
On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording.”
Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.
This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.
Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required.”
The issue happened by error when a new feature was introduced. Babylon claims that it resolved the problem within two hours.
What happens now?
The ICO has competed its enquiry into the violation, and no further action will be taken against Babylon Health. But with many patients sharing confidential medical information via the app, some users remain distressed at the breach, and the subsequent decision by the ICO.
Certainly, the man who discovered the breach said that he would not use the service again.
To make matters worse, a Digital Health News investigation found further potential weaknesses in Babylon Health’s technology.
Have you been affected by the Babylon GP app data breach?
Babylon says that it has already been in touch with everyone involved. So, if you haven’t heard from the firm, it is unlikely that your data was compromised. If your information was exposed in this breach, you have a right to be concerned. Commenting on the breach, specialist data protection lawyer at Keller Lenkner UK, Kingsley Hayes said:
“Healthcare is rapidly going digital. But, amidst this online information revolution there must be robust protections in place. This is essential to secure confidential and sensitive medical data. Especially because, should such information become public, this could cause considerable distress and embarrassment to those involved. And, it might even be exploited by criminals.
By allowing GP sessions to become public, Babylon has breached the data protection act, and doctor-patient confidentiality. The healthcare sector handles some of our most sensitive personal data. And, as patients, we have the right to expect this will be taken care of. Babylon failed to do this, so saying sorry isn’t really enough and I am disappointed at the ICO’s decision.”
Head of Data Breach
Can you still claim compensation for the Babylon app data breach?
If Babylon failed to protect your data, and you have suffered as a result, you might still be able to make a data breach compensation claim.
Our professional, friendly team will advise you on whether you have a valid claim against Babylon.