Babylon Health apologises for patient data breach

“On the afternoon of Tuesday 9 June, we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording,” Babylon Health told UK news outlet The Guardian. “Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.

“This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.

“Of course, we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required.”

The firm has also notified the Information Commissioner’s Office (ICO) about the issue.

More data breaches expected for healthcare providers

Data beaches are often reported in the healthcare sector. In the financial year 2017-2018 for example, a total of 1,214 breaches were reported to the ICO from the UK health sector, and a report published by the HIPAA Journal in the US found that 510 healthcare data breaches in which 500 or more records were exposed, were reported in 2019, representing a 37.4 per cent increase over the 371 such breaches reported in 2018. Furthermore, a recent study conducted by RSI Security based in the US cited hacking and IT incidents as one of the most common causes of data breaches.

As the healthcare sector becomes increasingly cloud-based, especially in light of Covid-19, it’s likely that more data breaches will continue to be reported. And, as such, it’s integral that healthcare organisations prioritise cybersecurity. That being said, establishing secure cybersecurity procedures that consolidate the wealth of historical patient data is likely no simple feat for organisations that are now only beginning to switch to electronic health records and other cloud-based platforms.

International Hospitals & Healthcare also wonders what impact data breaches like this will have on employers and insurers that have members signed up to these healthcare services.

GlobalData responds

The firm says that Babylon Health needs to restore consumer trust to benefit from expected rise in popularity of virtual appointments.

“Babylon Health will need to reassure potential customers that their data is safe in order to capitalise on what is looking to be a promising time for virtual appointments,” said Ben Carey-Evans, Insurance Analyst at GlobalData, who also cited that GlobalData’s 2019 UK Insurance Consumer Survey found that 17.5 per cent of people in the UK have used a remote or video GP service.

“This shows that a significant percentage of consumers were using this type of technology pre-Covid-19,” he said. “However, there is a substantial opportunity for growth, especially given the current climate. It is very likely that the popularity of virtual GP appointments will soar in the immediate future and consequently become learned behaviour by consumers for the future.”

Data breach will impact customer trust

Carey-Evans also noted that GlobalData’s survey revealed that not wanting to share personal information was the main reason consumers didn’t wear activity trackers, identified by 42.3 per cent of those who didn’t wear one. “Virtual GP appointments would contain far more sensitive data than an activity band,” he said.

He added: “At the verge of this potential increase in popularity, the data breach has come at a bad time for Babylon Health. One of the largest barriers to people using these services will be trusting companies with sensitive videos and medical information.”