Babylon Health is one of the largest and most successful players in the rapidly growing telemedicine sector, having secured funding last year to expand into the US and across Asia. However, they are now under scrutiny after their GP video appointment app suffered a data breach. The breach has resulted in video recordings of some patients’ consultations with doctors being accessible by other patients. One user noticed this and immediately alerted Babylon Health of this issue.
Although Babylon Health has said that only a small number of users could see other users’ consultations, the full extent of the data breach will only be known after there has been a complete investigation. The severity of a data breach does not only depend on the volume but also on the categories of data that have been compromised. In this case, it relates to patient information including data relating to health, which is treated as sensitive by the GDPR and the Data Protection Act and hence requires a higher degree of protection. One would therefore expect that Babylon Health has implemented enhanced security measures for the provision of their services. Instead, the breach, which resulted from a software error as opposed to a malicious cyber-attack, demonstrates that this may not be the case which is all the more worrying.
Babylon Health’s quick response might plead in their favour, but they are nonetheless at risk of a significant fine issued against them by the ICO, given the sensitive nature of the personal data that has been compromised. If it turns out however to be a minor breach, there is still reputational damage as some users will now be reluctant to use Babylon Health’s GP video appointment app, as is highlighted in the article.
Babylon Health has acknowledged that its GP video appointment app has suffered a data breach. The firm was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients' consultations.