NHS smartphone GP provider shares users’ consultation videos with other people after ‘software error’
ICO alerted to data breach at Babylon Health
Babylon Health, provider of the NHS GP at Hand service, has claimed that a “software error” caused videos of some patients' consultations with doctors to be shared with other users.
Yesterday, a user of the Babylon software tweeted the company revealing that the section of app that allows users to rewatch videos of previous medical consultations was offering him access to more than 50 videos – most of which were of other patients.
In response, Babylon indicated that one of its doctors had already alerted the company to the problem – which had been remedied. The incident had also been reported to data-protection regulators, it added.
“This should not have happened and we disabled patient access to this feature within two hours of one of our clinicians bringing it to our attention,” Babylon said. “Our data protection officer alerted the Information Commissioner’s Office, and we are sharing all necessary documentation with them. Only a very small number of patients were involved, and only one patient’s video was viewed. We have been in touch with everyone to offer our apologies and support.”
In a statement issued later on, the firm said that only three patients – all of whom had booked or held a doctor’s appointment yesterday – had been able to view recordings of other users’ consultations.
“This was the result of a software error rather than a malicious attack,” it said. “The problem was identified and resolved quickly. Of course, we take any security issue, however small, very seriously, and have contacted the patients affected to update, apologise to and support, where required.”
Babylon Health has an estimated 2.3 million registered users in the UK. Among these are more than 75,000 people – including health secretary Matt Hancock – who have switched their NHS GP registration to GP at Hand.
The program, which is currently available for citizens of London and Birmingham, offers video consultations around the clock, and aims to allow users to talk to a doctor within two hours. If a follow-up examination is required, it can offer physical appointments at a number of clinics in the two cities in which it currently operates.
Fake online shops, malware, phishing emails and ransomware attacks on hospitals have been among the scams perpetrated by bad actors during the pandemic
Head of Test and Trace programme Baroness Harding says she does not want to specify a timeframe as projects often do not ‘run in a smooth way’
Data shows declines in the proportion of both confirmed cases and their contacts being reached by tracers
Consultation opened on addition of eighth principle for the health system’s use of data
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors