According to the BBC, the health provider was alerted to the data loss following a user discovering he had been given access to various video recordings relating to patients consultations delivered by other medics. Looking into the issue for Digital Journal is James Carder, CSO and VP of LogRhythm Labs. Carder begins by looking at business model of new health providers and the type of data they process: “Emerging healthtech startups must ensure that data protection is of the utmost priority, especially when sensitive patient data is collected, recorded and stored." He adds that: "The healthcare sector’s access to vast, valuable data types are a key target for various intelligent threat actors. Unfortunately, Babylon Health made a software error that allowed others to access intimate conversations and information on patients’ health. This data breach showcases how a basic lapse in security can compromise patient care, patient safety and trust, and sensitive clinical data." Carder is also concerned that the type of error is unknown, which means preventative measures for other companies become more challenging to implement: "Babylon Health has yet to disclose exactly what this software error was. The breach could have been due to a lack of segregation between patients, the improper use of a shared repository, or a basic web application security flaw allowing users to access each other’s data. Furthermore, to truly know the extent of this breach, more information as to why and how only three users were given access to the recordings should be uncovered." Carder moves on to the general issue of the digital transformation of healthcare and the resultant implications for cybersecurity. Here Carder notes: "Technology is more integral ..
Support the originator by clicking the read the rest link below.
