UK general practice app Babylon Health has admitted that recordings of private consultations were accidentally leaked to other users.
The app allows users to pay for a remote consultation with a GP via text, audio or video messaging, both via the NHS and through various insurance models. The app has 2.3 million users registered in the UK.
On 9 June, app user Roy Glover found that he had been given access to footage of roughly 50 other patients’ consultations in the app via the Consultation Replays section. The company confirmed that he and two other users had inadvertently been given access to other patients’ consultations, but that the recordings had not been opened.
— Rory G (@Rory_Glover) June 9, 2020
A statement issued by the company said the matter was identified and resolved within two hours, saying that the leak occurred as a result of a software error rather than a malicious attack. This had been triggered by a software update to the app which allows users to switch back and forth between audio and video call during consultations.
The incident has since been reported to the Information Commissioner’s Office.
UK Secretary of State for Health and Social Care Matt Hancock was caught on a live microphone admitting he was unaware of the data breach until asked about it at the virtual 2020 CogX conference.
Hancock stated on a panel that the data breach did not affect his views of private partnerships with the NHS.
After the panel ended, audio of his conversation with his interviewer, Telegraph journalist Harry de Quetteville, continued to broadcast.
Hancock was recorded saying that he should have known about the Babylon leak as he uses the service himself. De Quetteville told him that the breach meant access may have been provided to his medical consultations, to which Hancock joked: “Honestly, they know more about my bunion than anybody.”
Hancock was accused of breaking ministerial code for praising the app in 2018, which prohibits ministers from supporting groups that receive government funding.