Babylon, the $2bn-valued UK-based global supplier of digital, virtual and online healthcare services, is continuing to try to reassure customers after it suffered a serious data breach in recent days.
The organisation, which launched in the UK in 2013 and has partnerships with Bupa and the NHS, had to contact the Information Commissioner’s Office, after it was discovered that one of its 2.3 million UK users discovered he had been given access to dozens of video recordings of other patients’ consultations.
Babylon allows its members to speak to a doctor, therapist or other health specialist via a smartphone video call and, when appropriate, sends an electronic prescription to a nearby pharmacy.
A follow-up check by Babylon after the data leak was discovered revealed a small number of further UK users could also see others’ sessions.
The firm said it had since fixed the issue and “proactively” notified regulators.
The breach came ahead of the launch of a new feature that would let users switch from audio to video-based consultations during a call.
A spokesman for Babylon said: “We resolved the issue within two hours, but during that time one patient had accessed the beginning of another patient’s consultation recording. Our investigation showed that two other patients accessed videos created by the software error, but these did not contain patients’ consultations.”
The spokesman said the breach was the result of a software error and not a malicious attack.
He said: “We proactively notified the Information Commissioner’s Office and will share all the necessary information with them.
“At Babylon, we take patient security very seriously and have contacted the two individual patients affected to update, apologise and support them.
“We have launched an in-depth investigation into this incident to identify exactly what went wrong and to ensure that it doesn’t happen again.”
The spokesman said: “We understand people’s health information is sensitive and we want everyone to continue feeling safe when using Babylon.”