Babylon Health, one of the biggest players in the growing telehealth market, has admitted that a data breach in its app allowed a small number of users in the UK to view recordings of other patients’ video consultations with doctors. The firm says that only three users in the UK were affected and that the underlying software error has now been fixed.
The breach became public after one user, Rory Glover, tweeted that he had access to “over 50 video recordings” from other patients’ private consultations. Babylon Health said that it was aware of the problem hours before Glover’s tweet and that only a few seconds of one patient’s videos were seen by an unauthorized user.
“I was shocked,” Glover told the BBC. “You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”
Babylon Health is one of many new players in the international telehealth space, a market that has become more important as the ongoing pandemic limits in-person contact. The firm’s app provides a number of services, including chatbot-based diagnoses of basic ailments and video consultations with doctors via its “GP at Hand” feature.
The London-based startup has worked extensively with the UK’s National Health Service to make check-ups with local doctors faster. However, it’s also been criticized for cherry-picking the easiest cases, exploiting the NHS system that allocates funding to local doctors, and giving misleading or incorrect medical advice via its automated systems.
Nevertheless, the firm is growing fast, and last year, it announced what it claimed was the largest-ever round of financing in Europe and the US for a telehealth app. The company received $550 million in funding for a valuation of more than $2 billion. With the investment, it intends to expand in the US and across Asia. It launched in Canada last March.
In a press statement regarding the recent breach, a spokesperson for Babylon Health said: “This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly. Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required.”