Security breach let people watch private GP appointments
Babylon Health has admitted that a security breach allowed some users to watch other people have video consultations with GPS.
Its app ‘GP at hand’ ( www. gpathand.nhs.uk), which is used by 2.3 million people, lets NHS patients speak to a doctor via a smartphone video call, and sends electronic prescriptions to a nearby pharmacy.
These calls should be strictly confidential, but one user, Rory Glover, tweeted that he could access 50 recorded videos of consultations between other patients and their doctors ( www.snipca. com/35106).
Babylon investigated the problem and found that two other users had been able to watch videos that weren’t their own.
It said the problem was caused by an error in an update that lets users switch during a call from audio-only to video. The company said it has apologised to the affected patients and offered support, adding that it takes “any security issue, however small, very seriously”.
It has also reported the breach to the Information Information Commissioner’s Office (ICO), the UK’S data-protection watchdog.
An ICO spokeswoman said: “People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law”.
Mr Glover, from Leeds, told the BBC that it was “shocking to see such a monumental error”.
He said he wouldn’t use the app again: “It’s an issue of doctor-patient confidentiality. You expect anything you say to be private, not for it to be shared with a stranger”.
Babylon said it discovered the error about an hour before it was notified by Mr Glover, and had already started to fix the problem.