Babylon app has breached patient confidentiality

A GP video appointment app has given some users access to videos of other patient consultations. The app, which is provided by Babylon Health has more than 2.3 million registered users in the UK. Babylon Health has admitted that the app has suffered a data breach and has apologised for the privacy violation. But, with many patients sharing confidential medical information via the app, users are understandably very distressed. What do we know about the Babylon app data breach so far?

What happened in the Babylon app data breach?

The Babylon app provides access to doctors, therapists and other health specialists via video calls and texts. It is available via the NHS and as part of private health insurance packages.

The app has become especially popular during the COVID-19 pandemic, as it provides an alternative to visiting the doctor in person.

Babylon Health became aware of the problem after a user of the service discovered he could view about 50 videos of other peoples’ appointments. Speaking to the BBC, he said:

“You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”

He flagged the issue and the firm investigated the incident and discovered that some people could see consultations that they should not have had access to.  A spokesperson for Babylon Health said:

“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording.”

“Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.

“This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.

“Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required.”

It is believed that the issue happened by error when a new feature was introduced.

What happens now?

Babylon Health has notified the ICO, and there is likely to be an enquiry into why the violation was able to happen.

But users of the app are now very concerned. Certainly, the man who discovered the breach said that he would not use the service again.

Have you been affected by the Babylon GP app data breach?

Babylon says that it has already been in touch with everyone involved. So, if you haven’t heard from the firm, it is unlikely that your data was compromised.

However, if your information was exposed in this breach, you have a right to be concerned.

Commenting on the breach, specialist data protection solicitor Kingsley Hayes said:

“Healthcare is rapidly going digital. But, amidst this online information revolution, there must be robust protections in place. This is essential to secure confidential and sensitive medical data. Especially because, should such information become public, this could cause considerable distress and embarrassment to those involved. And, it might even be exploited by criminals.

 “By allowing GP sessions to become public, Babylon has breached the data protection act, and doctor-patient confidentiality. The healthcare sector handles some of our most sensitive personal data. And, as patients, we have the right to expect this will be taken care of. Babylon failed to do this, so saying sorry isn’t really enough.”

 Claim compensation for the Babylon app data breach

In most cases – as with the Babylon app – medical data breaches happen because of human error and a failure to implement reasonable and robust processes. As such, if Babylon failed to protect your data, you can make a data breach compensation claim.

Claiming compensation isn’t just in your best interests. It is the only way medical organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Our professional, friendly team will advise you on whether you have a valid claim against Babylon. Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.