Babylon to face ‘no further action’ for data breach of GP at Hand
Babylon Health will face “no further action” for a data breach that allowed a user of its GP app to access video recordings of other patients’ consultations.
The company admitted in June that three patients were able to view recordings of other patient’s consultations using the GP at Hand app.
But the Information Commissioners Office (ICO), the regulatory body responsible for overseeing such breaches, has since confirmed the company will not face further action.
“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects,” a spokesperson said.
“Babylon Health reported an incident to us. After looking at the details, we provided Babylon with detailed advice and concluded no further action was necessary.”
Following the breach on 9 June Babylon said it was caused by a software error and confirmed it had alerted the ICO.
One patient took to Twitter to say he was able to access more than 50 video recordings when he signed onto the primary care app.
A spokesperson for Babylon said at the time the issue was caused by a new feature allowing users to switch from audio-only to video consultations.
They said the issue had resolved “within two hours”.
“Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required,” they said.
Organisations who deem their breach does not need to be reported to the ICO are required to keep their own record of the incident.
“People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law to ensure that it is appropriately protected,” the ICO spokesperson added.
Following the data breach a Digital Health News investigation found a series of technical information exposing potential weaknesses in Babylon Health’s technology was freely available through a Firebase database mistakenly left open.
The database was being used by Babylon’s developers to store software testing information for the company’s technology and primary care app, GP at Hand, revealing the success rate of different functions. Babylon has since confirmed the issue has been resolved and assured the database did not provide access to sensitive information.