Virtual doctor app Babylon Health accidentally showed users videos of other patients’ consultations with their doctors, which are strictly confidential.
The breach emerged after a U.K. user said they were able to access dozens of videos of other patients’ sessions. An investigation by Babylon revealed that the issue affected a small number of other U.K. users.
Babylon said a software error was to blame as opposed to a cyberattack.
The London start-up, which was value at $2 billion last August, say it has fixed the problem and informed the ICO, which is the U.K. data regulator. The ICO did not immediately respond to CNBC’s request for comment.
Babylon has built an app that allows people to make video calls to doctors; and other healthcare professionals, and get an electronic prescription. It has around 5.6 million users worldwide, with over 2.3 million of those based in the U.K..
After his appointment with a doctor through the telehealth app Babylon Health, Rory Glover noticed something odd: dozens of video recordings of other patients’ consultations were appearing in his app.
“Why have I got access to other patients video consultations through your app?” Glover asked in a tweet, tagging the $2 billion startup. “This is a massive data breach.”
Babylon said it takes security very seriously and that it has contacted the affected patients to apologize.
“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording,” a Babylon spokesperson said.
“Our investigation show that three patients, who had a book and had appointments today, were incorrectly present with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.
“This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.
“Of course we take any security issue, however small, very seriously; and have contacted the patients affected to update, apologize to and support where required.”