Babylon Health Data Breach Chalks Incident to Software Error

United Kingdom-based artificial intelligence chatbot and telehealth startup company Babylon Health admits to suffering to a patient data breach following a software error. The said error reportedly allowed other users to gain access to other patients’ private consultations.

Babylon Health provides access to users and members to consult with a doctor or any other health and medical specialist via video calls on a smartphone or other similar devices through its GP application. The Guardian states that the telehealth provider currently has more than 2.3 million registered users.

ADVERTISEMENT

The data breach incident was discovered when Babylon GP user Rory Glover logged on his account and quickly discovered that he had gained access to a number of other patient consultations and its respective recordings.

Babylon Health Data Breach

There were around 50 videos found under the Consultation Replays section, notes BBC. Glover’s access to the app is made possible with the partnership of his private health insurance plan with Bupa.

ADVERTISEMENT

In a statement to BBC, Glover said, “You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”

Following the incident, Glover reported the breach to a colleague to used to work with the UK-based startup firm. The videos have been immediately taken down.

Meanwhile, in a public statement, the telehealth company acknowledged the data breach. It said, “On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation reading.”

ADVERTISEMENT

Prior to Glover’s discovery of the glitch, the company said its engineering team already knew of the application issue. The system error arose when the team incorporated a new feature on the app, allowing users to use a video-based consultation from a previously audio-based platform, reports BBC.

In light of the incident, Babylon Health immediately reached out to the affected parties and has since issued an apology to these individuals. Likewise, the telehealth startup also contacted the Information Commissioner’s Office (ICO). As of writing, the ICO is waiting for Babylon Health’s official report.

Babylon Health’s data breach was said to be limited within its users in the United Kingdom. Other countries and regions under its service were not compromised.

News of the company’s data breach incident comes as the startup gears for expansion in the United States, states Tech Crunch.

Before this incident, the company already experienced another security threat earlier this year when it published user information on Dr. David Watkins after exposing the dangers of using the chatbot system.

No posts to display