A security researcher named Rory Glover tweeted today that he is able to access video recordings of medical consultations of other patients through the Online Doctor app, Babylon Health.
Rory claims that over 50 video recordings of private consultations are being leaked publicly.
If this claim is valid then Babylon Health may be liable for GDPR violations and massive fines.
Rory spoke to the BBC and said:
On Tuesday morning, when he went to check a prescription, he noticed he had about 50 videos in the Consultation Replays section of the app that did not belong to him.
Clicking on one revealed that the file contained footage of another person’s appointment.
“I was shocked,” he told the BBC.
“You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”
Mr Glover said he alerted a work colleague to the fact, who used to work for Babylon. He in turn flagged the issue to the company’s compliance department.
Babylon, which has its headquarters in London, has since confirmed the breach.
“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording,” it said in statement.
“Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.”
Babylon told the BBC it had already been in touch with everyone involved to inform them and apologise.