Babylon Health app error allowed U.K. users to watch videos of other patients' private doctor visits - Action News
Home WebMail Saturday, November 23, 2024, 05:53 AM | Calgary | -11.9°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Calgary

Babylon Health app error allowed U.K. users to watch videos of other patients' private doctor visits

A virtual medicine app under investigation by Alberta's privacy commissioner allowed some users to view video recordings of other patients' visits with their doctor.

Version of the telemedicine app used in B.C., Alberta, where it's under investigation by privacy commissioner

Babylon Health, a telemedicine app used in Alberta and B.C., experienced a software error in the UK that allowed some patients to view video recordings of other patients' private doctor visits. (Telus Health)

A virtual medicine appunder investigation by Alberta's privacy commissionerallowedsome users in the United Kingdomto view video recordings of other patients' visits with their doctor.

But the Albertagovernment says the version of the app used in the province is different, andit doesn't believe Canadianpersonal information is at risk.

Babylon Health knows ofthree users in the U.K. who could access the personal information of other patients in the U.K., a company spokesperson said in a statement.The breach did not affectinternational users, the company said, and was caused by a software error.

The company realized on Tuesday afternoon that a patient could see other patients' recordings of a consultation with their doctor, the spokesperson said.

Babylon didn't say which patient had noticed the breach, but one user of the app tweeted Tuesday that he was able to view at least 50 other patients private consultations.

Heprovided a screenshot showing the list of videos.

Under investigation in Canada

In Canada, Babylonpartnered with Telus to offer video consultations through its appto patients in Alberta and B.C.

A spokesperson for AlbertaHealth said the government is not aware of any similar issues in Canada. The U.K. Babylon Health app is different than the app used in Alberta andcreated for the Telus and Babylon partnership, the spokesperson said.

"We do not believe there is any similar risk in Alberta. We will be contacting Telusto confirm that this is accurate and that all appropriate steps continue to be taken to protect the privacy of Albertans," an emailed statement from Alberta Health read. "Patient confidentiality is our top priority."

A Telus spokesperson confirmed the Canadian version of the app and its users were not affected.

"Protecting patient data continues to be the cornerstone of our health-care business," an emailed statement from Telus read.

TheAlberta government endorsed the Babylonapp bypromoting it in a news release in March, but the product garnered criticism over its privacy policy, which states the company may share personal information with corporate partners. The appalso launched before the province's privacy commissioner could assess it.

Alberta's privacy commissioner has opened two investigations into the app.

Babylon Health said an investigation showed the app presented other users' personalmedicalinformation to two other patients with appointments Tuesday. However, the company said those two users did not access other patients'information. It said the issue was resolved within two hours.

"This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly. Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required," the spokesperson said.

"We proactively notified the [U.K.] Information Commissioner's Office and will share all the necessary information around this."

Larger leak possible, expert says

The leak may have affected more than thethree users mentioned by Babylon, said Chester Wisniewski, principal research scientist at British data security firm Sophos

"It seems incredibly unlikely that it affected three people. It's three people that reported it to them," he said.

"Health-care privacy is always a really sensitive topic right because it's a really personal thing.

"Obviously it's never good news for your private conversation with your doctor to be available to somebody."

Wisniewski saidit was only a matter of time before a data leak like this happened, as people flock to telemedicine apps during the COVID-19 pandemic.

"These medical app companies went from potentially tens of thousands of users three months ago to millions" Wisniewski said.

"The kind of growth that happens at a tech company to accommodate that massive expansion in the use of their services, mistakes are going to be made in companies far wealthier and far more technical than these companies."

He noted that video conferencing company Zoom also experienced privacy breaches following high-demand during the pandemic.

Bablyon users can't do much to protect their privacy,Wisniewskisaid,other than to choose which apps to useor decide against usingtelemedicine apps at all.

"I don't think consumers have much choice, sadly. At least for me, my physician chose what [app] they wanted to use. So it's really outside the hands of most people to choose. It's more of, am I comfortable using this at all?"