Babylon to face ‘no further action’ for data breach of GP at Hand

News, Start-ups

  • 23 September 2020
Babylon to face ‘no further action’ for data breach of GP at Hand
A legal challenge made by Babylon Healthcare against a Care Quality Commission (CQC) report has been dropped
Andrea Downey
January 7, 2019

Babylon Health will face “no further action” for a data breach that allowed a user of its GP app to access video recordings of other patients’ consultations.

The company admitted in June that three patients were able to view recordings of other patient’s consultations using the GP at Hand app.

But the Information Commissioners Office (ICO), the regulatory body responsible for overseeing such breaches, has since confirmed the company will not face further action.

“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects,” a spokesperson said.

“Babylon Health reported an incident to us. After looking at the details, we provided Babylon with detailed advice and concluded no further action was necessary.”

Following the breach on 9 June Babylon said it was caused by a software error and confirmed it had alerted the ICO.

One patient took to Twitter to say he was able to access more than 50 video recordings when he signed onto the primary care app.

A spokesperson for Babylon said at the time the issue was caused by a new feature allowing users to switch from audio-only to video consultations.

They said the issue had resolved “within two hours”.

“Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required,” they said.

Organisations who deem their breach does not need to be reported to the ICO are required to keep their own record of the incident.

“People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law to ensure that it is appropriately protected,” the ICO spokesperson added.

Following the data breach a Digital Health News investigation found a series of technical information exposing potential weaknesses in Babylon Health’s technology was freely available through a Firebase database mistakenly left open.

The database was being used by Babylon’s developers to store software testing information for the company’s technology and primary care app, GP at Hand, revealing the success rate of different functions. Babylon has since confirmed the issue has been resolved and assured the database did not provide access to sensitive information.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Could better connecting of data lead to a cure for…

Next News

Bradford Teaching Hospitals ditches paper for digital appointment letters

Related News

Digital Health 2023 Year in Review
Opinion December 19, 2023

Digital Health 2023 Year in Review

Digital Health's editor-in-chief Jon Hoeksma looks back at the key trends and big stories over the past 12 months.
Somerset NHS FT contacts patients about data breach
News November 27, 2023

Somerset NHS FT contacts patients about data breach

Patients at Musgrove Park Hospital are being contacted by Somerset NHS Foundation Trust after it was revealed a staff member inappropriately accessed data.
Babylon files for liquidation in US Bankruptcy Court
Start-ups August 21, 2023

Babylon files for liquidation in US Bankruptcy Court

Babylon Health has filed for bankruptcy for two US subsidiaries, Forbes has reported, citing filings in the US Bankruptcy Court in Delaware.