Exploit: Accidental data sharing
Babylon Health: Telemedicine Technology Developer
Risk to Small Business: 2.207 = Severe
A recently completed investigation revealed that a flaw in the software created by Babylon Health to enable telemedicine appointments also allowed users to see the consultations of other patients after they finished their own telemedicine visits. The app is used by about 2.3 million UK users. It allows members to book medical appointments, access a triage chatbot, and have consultations with NHS doctors via smartphone video or audio-only call. Apparently, when users switched from video to audio-only during their call, they also gained access to the audio recordings of the medical consultations of other users.
Individual Risk: 2.919 = Moderate
Babylon Health reports that the issue was discovered in early June and repaired rapidly, with a “very small” unspecified number of users affected.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More and more interactions are taking place over video these days, especially in the wake of the global pandemic. Many video conferencing service providers have had issues with intrusions and software glitches that put the private conversations and meetings of users at risk, creating doubt in the security of this type of communication. Because of this, data that is shared during a video conference through display, audio, or screen sharing may be in danger of compromise.