Babylon to face ‘no further action’ for data breach of GP at Hand

  • 23 September 2020
Babylon to face ‘no further action’ for data breach of GP at Hand
A legal challenge made by Babylon Healthcare against a Care Quality Commission (CQC) report has been dropped

Babylon Health will face “no further action” for a data breach that allowed a user of its GP app to access video recordings of other patients’ consultations.

The company admitted in June that three patients were able to view recordings of other patient’s consultations using the GP at Hand app.

But the Information Commissioners Office (ICO), the regulatory body responsible for overseeing such breaches, has since confirmed the company will not face further action.

“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects,” a spokesperson said.

“Babylon Health reported an incident to us. After looking at the details, we provided Babylon with detailed advice and concluded no further action was necessary.”

Following the breach on 9 June Babylon said it was caused by a software error and confirmed it had alerted the ICO.

One patient took to Twitter to say he was able to access more than 50 video recordings when he signed onto the primary care app.

A spokesperson for Babylon said at the time the issue was caused by a new feature allowing users to switch from audio-only to video consultations.

They said the issue had resolved “within two hours”.

“Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required,” they said.

Organisations who deem their breach does not need to be reported to the ICO are required to keep their own record of the incident.

“People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law to ensure that it is appropriately protected,” the ICO spokesperson added.

Following the data breach a Digital Health News investigation found a series of technical information exposing potential weaknesses in Babylon Health’s technology was freely available through a Firebase database mistakenly left open.

The database was being used by Babylon’s developers to store software testing information for the company’s technology and primary care app, GP at Hand, revealing the success rate of different functions. Babylon has since confirmed the issue has been resolved and assured the database did not provide access to sensitive information.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Kootenai Health cyber attack impacts 464,000 patients

Kootenai Health cyber attack impacts 464,000 patients

US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack.
Digital Health 2023 Year in Review

Digital Health 2023 Year in Review

Digital Health's editor-in-chief Jon Hoeksma looks back at the key trends and big stories over the past 12 months.
Somerset NHS FT contacts patients about data breach

Somerset NHS FT contacts patients about data breach

Patients at Musgrove Park Hospital are being contacted by Somerset NHS Foundation Trust after it was revealed a staff member inappropriately accessed data.