Babylon Health said it had recently leaked data, including confidential patient information. Babylon Health is a UK healthcare provider, valued at more than $ 2BN, offering teleotherapy to patients, ie remote consultation with physicians and healthcare professionals. messages and videos, through application her for mobile. The news about the leaked patient data was revealed through him Twitter, when a user of Babylon's video chat app revealed that he could see other patients' appointments. At a time when the adoption of teletherapy services is increasing more and more due to its pandemic COVID-19, such incidents indicate the weak character of teletherapy, as well as the importance of adequate protection cybersecurity and secrecy to prevent the leakage critical patient information.
At this point it is worth mentioning what Ted Wagner, Director of Information Security at SAP's National Security Services, said in an interview, and Sebastian Seiguer, its CEO. emotha, a tele-health company. In particular, Ted Wagner said that due to the pressure to provide teletherapy services to the public, not all collaboration systems have been fully tested. safety. He added that the Babylon Health data leak was most likely due to a software bug and not a malicious attack. He also noted that it is important that telecommunications providers prioritize the security of confidential information, as many personal and sensitive data are at stake. As the use of these services expands, so does the risk to the data. Over time, data leaks will hit providers that do not prioritize security. This way, customers will choose teledoc providers that they can trust, and they in turn will have information protection frameworks, such as HITRUST CSF. A thorough safety investigation is necessary as it may detect technical problems or vulnerabilities.
Sebastian Seiguer pointed out the impact that leaking personal data has on patients, and mentioned what can be done to ensure the security of their privacy. In particular, he noted that data leaks inevitably lead to a loss of confidence, especially in patients who have been stigmatized by certain situations. Companies have a great responsibility to protect their users. If they do not respond properly, the new consumer - the patient - will go somewhere else.
In addition, Ted Wagner stressed that the maturity of video collaboration technology allows secure communications, but requires a combination of people, technology and procedures to effectively mitigate security risks. There is a problem with the expansion of this technology to the general public, which may come from different platforms. Using multi-factor authentication, encryption, and strict access control may mitigate these risk factors, but some of them may make tele-health less accessible. Users who have access to the service from a less secure location or platform can open the way to cyber attacks.
Sebastian Seiguer said there are many safety features to protect consumers and patients. A leak or violation will be punished by existing frameworks. There is no need for another level of bureaucracy.
Finally, Ted Wagner stressed that, given the current NIST security checks and HIPAA regulations, he believes that there is sufficient guidance on how to ensure cooperation platforms. He also stated that the errors presented by Zoom point out that software bugs will occur over time and timely software updates are the "key" to reducing risks. Good security is a continuous and demanding process. It is not enough just to have security checks, but also the organizations must regularly monitor and update their systems.