Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Medicine Privacy United Kingdom

Babylon Health Data Breach Allowed Users To View Other Patients' Video Consultations (bbc.com) 9

An anonymous reader quotes a report from the BBC: Babylon Health has acknowledged that its GP video appointment app has suffered a data breach. The firm was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients' consultations. A follow-up check by Babylon revealed a small number of further UK users could also see others' sessions. The firm said it had since fixed the issue and notified regulators. Babylon allows its members to speak to a doctor, therapist or other health specialist via a smartphone video call and, when appropriate, sends an electronic prescription to a nearby pharmacy. It has more than 2.3 million registered users in the UK. "On the afternoon of Tuesday June 9 we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient's consultation recording," it said in statement. "Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients' consultations through a subsection of the user's profile within the Babylon app."
This discussion has been archived. No new comments can be posted.

Babylon Health Data Breach Allowed Users To View Other Patients' Video Consultations

Comments Filter:
  • Telemedicine is all the rage with some people
  • Damn! It's the last time I show my hemorrhoids to my doctor.

  • by Anonymous Coward
    B.S. Babylon needs to fess up that they didn't just have Broken Access Controls, they neglected to implement them at all. i.e.: everybody could view everybody's video recordings just by tweaking a parameter in the document URL.
  • by FeelGood314 ( 2516288 ) on Wednesday June 10, 2020 @09:15PM (#60169474)
    Most companies have crap security. Even the big security companies I've worked at place security as the lowest priority. Everyone seems to be using agile development were they don't actually plan a finished product but put something together with 10 layers of frameworks and tweak it till they have something they like. Sure this is fast but it also means no one actually knows what the code is doing or all the features. The next time a web developer tells me it isn't a real security hole if I send a hand composed TCP stream back to his server I'm probably going to end up in jail for assault or murder.

    So we need to decide if these security lapses are acceptable. People aren't misconfiguring databases to be public, half the time they didn't even know there was a database, it was abstracted by the framework they using. They were just blindly followed some steps on stack overflow until the web page worked. If we don't like the lapses we need to make the fines high enough to discourage this behaviour.
  • I'm more worried about insurance companies spying in on the discussion (yes I read the summary and saw that this was in the UK, but telemedicine is growing rapidly here on this side of the pond as well). Make no mistake about it, insurance companies in the US aren't on the patient's side; they are on the investor's side. If something came out during a telemedicine call that wasn't properly disclosed when signing up for insurance, you can count on the insurance company pouncing on that opportunity.

    That
  • by Anonymous Coward

    I am completely unsurprised by this. The CEO is a pompous and self-aggrandising shit who took over an NHS hospital in Cambs with bold promises about what he'd be able to do with it, and then handed the keys back when he and his pals at Circle made a complete hash of things. Babylon's approach to primary care is no less gross.

    https://www.theguardian.com/so... [theguardian.com]

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...