Data breach caused by software issue says Babylon

Babylon Health said today that a data breach which enabled a user of its app to view other patients’ consultations was the result of a ‘software issue’ and not a malicious attack.

The alarm was raised yesterday when it emerged that a small number of patients using the Babylon app had been able to access the video recordings of other patient consultations.

The virtual GP and AI provider said the problem had been resolved within hours and was due to an error in a new software feature which enables patients to switch between audio-only and video consultations.

A spokesperson for the company said: ‘On the afternoon of Tuesday 9th June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording. Our investigation showed that two other patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon App.’

However, the company dismissed reports that it had been alerted to the issue by a patient, saying it had been identified by one of its clinicians shortly before the patient raised the alarm.

‘The problem was identified and resolved quickly. Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required,’ said the company.

Babylon, which has informed the Information Commissioner’s Office about the problem, said it had been limited to the UK and did not impact its international operations.