Babylon Health is one of the largest and most successful players in the rapidly growing telemedicine sector, having secured funding last year to expand into the US and across Asia. However, they are now under scrutiny after their GP video appointment app suffered a data breach. The breach has resulted in video recordings of some patients’ consultations with doctors being accessible by other patients. One user noticed this and immediately alerted Babylon Health of this issue.Although Babylon Health has said that only a small number of users could see other users’ consultations, the full extent of the data breach will only be known after there has been a complete investigation. The severity of a data breach does not only depend on the volume but also on the categories of data that have been compromised. In this case, it relates to patient information including data relating to health, which is treated as sensitive by the GDPR and the Data Protection Act and hence requires a higher degree of protection. One would therefore expect that Babylon Health has implemented enhanced security measures for the provision of their services. Instead, the breach, which resulted from a software error as opposed to a malicious cyber-attack, demonstrates that this may not be the case which is all the more worrying.Babylon Health’s quick response might plead in their favour, but they are nonetheless at risk of a significant fine issued against them by the ICO, given the sensitive nature of the personal data that has been compromised. If it turns out however to be a minor breach, there is still reputational damage as some users will now be reluctant to use Babylon Health’s GP video appointment app, as is highlighted in the article.
Privacy issues are often a low priority for companies, especially as they grow as quickly as Zoom. Zoom went public last year and has already doubled in value. It has clearly given some thought to its data protection policies and procedures and is now trying to address issues as they come to light, although this is undoubtedly too late. For example, after it was revealed that Zoom was sharing some of its users’ personal data with Facebook, it immediately stopped this. However, its problems are multiplying. German data protection authorities are eyeing an investigation as it is revealed that users’ emails and other personal data are accidentally being leaked to malicious actors, putting Zoom at risk of significant fines being issued against them.
Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.Close