- A Babylon user realized they were able to see other patient's video consultations in the app.
- Babylon investigated and found out the issue affected a small number of U.K. users.
- The company has informed the patients and alerted the necessary regulators.
Virtual doctor app Babylon Health accidentally showed users videos of other patients' consultations with their doctors, which are strictly confidential.
The story was first reported by BBC News and confirmed to CNBC.
The breach emerged after a U.K. user said they were able to access dozens of videos of other patients' sessions. An investigation by Babylon revealed that the issue affected a small number of other U.K. users.
Babylon said a software error was to blame as opposed to a cyberattack.
The London start-up, which was valued at $2 billion last August, said it has fixed the problem and informed the Information Commissioner's Office (ICO), which is the U.K. data regulator.
Founded in 2013 by Dr Ali Parsa, Babylon has built an app that allows people to make video calls to doctors and other healthcare professionals, and get an electronic prescription. It has around 5.6 million users worldwide, with over 2.3 million of those based in the U.K..
Rory Glover, from Leeds in the North of England, opened the app on Tuesday to check a prescription and noticed that he had around 50 videos in the "Consultation Replays" section of the app that didn't belong to him, according to BBC News.
"I was shocked," Glover told the BBC. "You don't expect to see anything like that when you're using a trusted app. It's shocking to see such a monumental error has been made."
Babylon said it takes security very seriously and that it has contacted the affected patients to apologize.
"On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient's consultation recording," a Babylon spokesperson said.
"Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients' consultations through a subsection of the user's profile within the Babylon app.
"This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.
"Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologize to and support where required."
An ICO spokesperson said: "People's medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organizations also have a responsibility under the law."
They added: ""Babylon Health contacted the ICO regarding an incident and advice was provided."