Connect with us

Hi, what are you looking for?

Tech & Science

Babylon Health hit by major data breach (Includes interview)

According to the BBC, the health provider was alerted to the data loss following a user discovering he had been given access to various video recordings relating to patients consultations delivered by other medics.

Looking into the issue for Digital Journal is James Carder, CSO and VP of LogRhythm Labs.

Carder begins by looking at business model of new health providers and the type of data they process: “Emerging healthtech startups must ensure that data protection is of the utmost priority, especially when sensitive patient data is collected, recorded and stored.”

He adds that: “The healthcare sector’s access to vast, valuable data types are a key target for various intelligent threat actors. Unfortunately, Babylon Health made a software error that allowed others to access intimate conversations and information on patients’ health. This data breach showcases how a basic lapse in security can compromise patient care, patient safety and trust, and sensitive clinical data.”

Carder is also concerned that the type of error is unknown, which means preventative measures for other companies become more challenging to implement: “Babylon Health has yet to disclose exactly what this software error was. The breach could have been due to a lack of segregation between patients, the improper use of a shared repository, or a basic web application security flaw allowing users to access each other’s data. Furthermore, to truly know the extent of this breach, more information as to why and how only three users were given access to the recordings should be uncovered.”

Carder moves on to the general issue of the digital transformation of healthcare and the resultant implications for cybersecurity. Here Carder notes: “Technology is more integral to healthcare than ever before as more and more organizations leverage digital transformation and adopt web-enabled applications, especially amid the coronavirus crisis. For example, Medicare has now allowed the use of telehealth to all enrollees, and the U.S. federal government has now allowed doctors to treat Medicare patients virtually across state lines.”

With telemedicine, Carder says: that “Protecting data is now more complex than ever. It is crucial that healthtech companies, such as Babylon Health, gain full visibility into their software infrastructure and source code so that lapses in security can rapidly be detected before patient care is at risk. Even though Babylon Health stated that a user found the exposed vulnerability, it is highly likely that cybercriminals, who are scouring the internet for vulnerable web applications to exploit and steal information, have already noticed and taken advantage.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Social Media

A Prague hospital said it was treating five children who had swallowed magnets following a "piercing challenge" they had found on TikTok.

Tech & Science

Hezbollah data breach in Lebanon is the latest major data breach recorded, causing thousands of injuries and nine fatalities.

Entertainment

On Friday, October 4th, actor and singer Juan Pablo Di Pace performed at 54 Below in New York City. Michael Orland served as his...

World

Raymonde Desiree, a member of the Chagossian community living in Crawley, south of London - Copyright AFP ANDREW CABALLERO-REYNOLDSMarie HEUCLINRaymonde Desiree was 25 when...