A telehealth app glitch accidentally allowed users to view other patients’ video consultations
- Babylon Health admitted to exposing some users’ video consultations
- Three users in the UK were affected, the company says
- A glitch was introduced after the company added a new feature
- It has since been patched and affected users were notified
A telehealth startup says people’s private medical data was compromised by a bug that allowed people to view others users’ video consultations.
According to Babylon Health, a small number of users located in the UK were affected by the software glitch which has now been fixed.
While only three users in total were confirmed to have been affected, one user, Rory Glover, who reported the software glitch on Twitter, said that the bug allowed him to view more than 50 recordings from other patients as a result.
‘I was shocked,’ Glover told the BBC who first reported on the glitch.
‘You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.’
The glitch was reportedly introduced after the company introduced a new feature that allows users to switch from audio to video-based consults in the middle of a call.
As noted by the BBC, Babylon Health has more than 2.3 million registered users in the UK and allows people to fill prescriptions in addition to talking to therapists, physicians and other specialists.
In a statement, Babylon Health acknowledged the breach, stating:
Babylon Health says some users were affected by a glitch that exposed the video consultations of patients that use its app
‘On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording.’
‘Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.’
While the issue was relatively contained, it represents potential pitfalls of moving health services online – an increasingly commonplace practice that has been fueled by the COVID-19 pandemic.
Other breaches related to telemedicine have been far more pronounced. In 2018 a telemedicine vendor left the medical information of 2.4 million patients exposed in an unsecured online database.