Babylon Health data breach
It has been reported that Babylon Health has suffered a data breach where users of the GP remote consultation service were able to access videos of other patients' appointments with their doctor.
Posted on 10 June 2020
Babylon Health allows users of the service to consult with a doctor or other healthcare provider remotely using a smart phone app. It is reported that the service has more than 2.3 million registered users in the UK. Babylon Health have stated that only a very small number of users have been affected by this data breach.
A spokesman for Babylon Health has confirmed that the problem arose following the introduction of a new feature.
The issue came to light on 9 June 2020, when one user revealed the breach on Twitter, saying that he was able to access about 50 videos of other patients’ appointments. Babylon Health have since issued a statement confirming that they had resolved the “software error”.
However, the company further confirmed that their investigation showed, “that three patients, who had booked and had appointments today, were incorrectly presented with…recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app”. Babylon Health state that the three patients who were able to access the video recordings had not viewed them.
Babylon Health has also confirmed that they have contacted the affected users to, “update, apologise to and support where required”. The Information Commissioner’s Office has also been notified.
Gene Matthews, partner at Leigh Day and specialist in Data Protection and Privacy claims commented:
“Patient confidentiality is at the heart of our healthcare system – and with good reason. The ways in which we obtain medical advice may evolve as new technologies are developed, but this must never be at the expense of a patient’s privacy. It is particularly important that new features are tested exhaustively for data security before they are introduced”
Sean Humber, also partner at Leigh Day with expertise in Data Protection and Privacy claims added:
“As they are legally required to do, Babylon Health have reported the data breach to the Information Commissioner’s Office. It is important that the ICO now conduct their own independent investigation into the circumstances and extent of the data breach, not least to reassure the Babylon Health’s current 2.3 million UK users.
“Users who have been affected by the data breach are likely to be angry and distressed that videos of their private medical consultations have been made available to others and they may be entitled to compensation as a result of Babylon Health’s failure to keep their personal information secure.”
If you have been notified by Babylon Health that you have been affected by the above matter and would like to explore your legal options please complete our form.