Published Date: 2020-06-09
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving a data breach at Babylon Health occurred on June 9, 2020 [101448, 101465, 101426]. |
| System | 1. Babylon Health's GP video consultation app software [101448, 101465, 101426] |
| Responsible Organization | 1. Babylon Health's software error [Article 101448, Article 101465, Article 101426] |
| Impacted Organization | 1. Babylon Health users in the UK [101448, 101465, 101426] |
| Software Causes | 1. A software error in a new feature that allowed users to switch from audio to video-based consultations partway through a call [101465, 101426] 2. Incorrect presentation of recordings of other patients' consultations through a subsection of the user's profile within the Babylon app due to a software error [101448, 101465, 101426] |
| Non-software Causes | 1. Lack of proper data access controls and permissions [101448, 101465, 101426] 2. Human error in implementing a new feature that led to the breach [101426] |
| Impacts | 1. Confidential patient information was exposed, with users able to see other patients' appointments and video recordings of consultations, leading to a breach of doctor-patient confidentiality ([101448], [101465], [101426]). 2. Users expressed shock and concern over the breach, with one user stating he would not use the Babylon app again due to the privacy violation ([101448], [101465], [101426]). 3. Babylon Health had to notify the Information Commissioner's Office about the breach and contact the affected patients to update, apologize, and provide support ([101448], [101465], [101426]). 4. The breach impacted a small number of UK users, but international users were not affected ([101448], [101465], [101426]). |
| Preventions | 1. Implementing thorough testing procedures before releasing new features to ensure they do not introduce vulnerabilities or errors [101426]. 2. Conducting regular security audits and assessments to identify and address potential weaknesses in the software system [101465]. 3. Enhancing user data access controls and permissions to prevent unauthorized access to sensitive information [101448, 101465]. 4. Improving incident response protocols to quickly identify and resolve software errors before they escalate into data breaches [101448, 101465, 101426]. |
| Fixes | 1. Implement stricter access controls and authentication mechanisms to ensure that users can only access their own data and recordings [101448, 101465, 101426]. 2. Conduct thorough testing of new features before deployment to prevent unintended software errors [101426]. 3. Enhance monitoring and detection systems to quickly identify and resolve any breaches or unauthorized access [101448, 101465, 101426]. 4. Provide prompt notifications to affected users, regulators, and authorities in the event of a data breach or security incident [101448, 101465, 101426]. | References | 1. Babylon Health statement provided to the Guardian [Article 101448] 2. Babylon Health statement provided to the BBC [Article 101448] 3. Babylon Health statement provided to MailOnline [Article 101426] 4. Information Commissioner's Office [Article 101465] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization | (a) The software failure incident has happened again at one_organization: - Babylon Health suffered a data breach involving confidential patient information due to a software error, allowing users to see other patients' appointments [Article 101448]. - Babylon Health acknowledged that its GP video appointment app suffered a data breach where users could access video recordings of other patients' consultations due to a software error [Article 101465]. - Babylon Health experienced a data breach that allowed some users to see other patients' private consultations, which was attributed to a software error [Article 101426]. (b) The software failure incident has happened again at multiple_organization: - There is no specific mention in the provided articles about the software failure incident happening at other organizations or with their products and services. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident in the Babylon Health data breach was primarily due to a design issue introduced during system development. The incident was caused by a software error related to a new feature that allowed users to switch from audio to video-based consultations during a call. This design flaw led to the incorrect presentation of recordings of other patients' consultations to some users [101448, 101465, 101426]. (b) Additionally, the software failure incident also had elements of an operational failure as it involved users accessing and viewing recordings of other patients' consultations, indicating a breach in the operational security of the system. The breach was discovered when a user noticed he had access to video recordings of other patients' consultations, highlighting an operational issue in maintaining the confidentiality and privacy of patient data [101448, 101465, 101426]. |
| Boundary (Internal/External) | within_system | (a) within_system: The software failure incident at Babylon Health was due to a software error within the system. The incident involved a limited software error that allowed a small number of UK users to see other patients' sessions and recordings within the Babylon app. Babylon Health confirmed that the problem was not a result of a malicious attack but rather a software error that was quickly identified and resolved [101448, 101465, 101426]. (b) outside_system: The software failure incident at Babylon Health was not attributed to contributing factors originating from outside the system. The breach was acknowledged to be a result of a software error within the Babylon app, and there was no indication in the articles that external factors played a role in the incident [101448, 101465, 101426]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident in this case was primarily attributed to non-human actions, specifically a software error rather than a malicious attack. Babylon Health stated that the breach occurred due to a limited software error, not as a result of a deliberate attack [101448, 101465, 101426]. (b) Human actions also played a role in this incident. The breach was discovered by a user who found access to other patients' video recordings, and the issue was escalated by the user's work colleague who used to work for Babylon. Additionally, the breach was reported to Babylon's compliance department by the user's colleague, indicating human intervention in identifying and reporting the issue [101448, 101465, 101426]. |
| Dimension (Hardware/Software) | software | (a) The software failure incident in the Babylon Health data breach was primarily due to a software error rather than a hardware issue. The incident was described as a limited software error that allowed users to access other patients' consultation recordings [101448, 101465, 101426]. The breach was a result of a new software feature that allowed users to switch from audio to video consultations, leading to the unintended exposure of consultation recordings to other users. The company confirmed that the problem was caused by a software error and not a malicious attack [101465, 101426]. (b) The software failure incident was specifically attributed to a software error in the Babylon Health data breach. The breach was not caused by hardware issues but rather by a mistake in the software that allowed users to view recordings of other patients' consultations [101448, 101465, 101426]. The company emphasized that the incident was a result of a software error and not a deliberate attack on their system. The breach was identified and resolved quickly by addressing the software error that led to the unauthorized access to patient data. |
| Objective (Malicious/Non-malicious) | non-malicious | (a) The software failure incident in the articles was non-malicious. Babylon Health confirmed that the incident involving a data breach where users could see other patients' consultations was due to a limited software error and not a malicious attack. The company stated that the problem was identified and resolved quickly, and they take any security issue seriously. They also mentioned that the breach was a result of a software error rather than a deliberate attack ([101448], [101465], [101426]). (b) There is no indication in the articles that the software failure incident was malicious. |
| Intent (Poor/Accidental Decisions) | accidental_decisions | (a) poor_decisions: The software failure incident involving Babylon Health's data breach was not due to poor decisions but rather identified as a result of a software error. Babylon Health stated that the breach was not a malicious attack but a limited software error [Article 101448]. The breach was acknowledged by Babylon Health, and the problem was attributed to a software error rather than a malicious attack [Article 101465]. The incident was described as an error introduced accidentally through a new feature that allowed users to switch from audio to video consultations during a call [Article 101426]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) development_incompetence: The software failure incident at Babylon Health was attributed to a software error rather than a malicious attack. The error occurred when a new feature was introduced that allowed users to switch from audio to video-based consultations during a call. This feature led to a situation where patients were incorrectly presented with recordings of other patients' consultations through a subsection of the user's profile within the Babylon app. The incident was acknowledged as a limited software error, indicating a failure due to contributing factors introduced due to lack of professional competence by the development team [101448, 101465, 101426]. (b) accidental: The software failure incident at Babylon Health was described as an accidental error rather than a malicious attack. The problem was introduced accidentally through a new feature that allowed users to switch from audio to video consultations during a call. This accidental introduction of the feature led to the software error that allowed some users to see other patients' private consultations. The company's engineering team was already aware of the issue before being contacted by a user, indicating that the incident was accidental in nature [101426]. |
| Duration | temporary | (a) The software failure incident in this case was temporary. The incident was caused by a software error rather than a malicious attack, and Babylon Health was able to identify and resolve the issue within two hours of it being discovered [101448, 101465, 101426]. |
| Behaviour | omission, other | (a) crash: The software failure incident in the articles does not involve a crash where the system loses state and stops performing its intended functions. (b) omission: The incident involves an omission where the system omits to perform its intended functions at an instance(s). Users were able to see other patients' appointments and video recordings, indicating a failure in maintaining the confidentiality and privacy of patient data [101448, 101465, 101426]. (c) timing: The incident does not involve a timing failure where the system performs its intended functions too late or too early. (d) value: The incident does not involve a value failure where the system performs its intended functions incorrectly. (e) byzantine: The incident does not involve a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The other behavior in this software failure incident is a breach of doctor-patient confidentiality due to a software error that allowed users to access and view recordings of other patients' consultations, leading to a significant privacy violation [101448, 101465, 101426]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, theoretical_consequence | (a) death: There were no reports of any deaths resulting from the software failure incident [Article 101448, Article 101465, Article 101426]. (b) harm: The software failure incident did not result in any physical harm to individuals [Article 101448, Article 101465, Article 101426]. (c) basic: The incident did not impact people's access to food or shelter [Article 101448, Article 101465, Article 101426]. (d) property: The software failure incident involved a data breach where users were able to access other patients' confidential information, impacting their data privacy [Article 101448, Article 101465, Article 101426]. (e) delay: There were no reports of any activities being postponed due to the software failure incident [Article 101448, Article 101465, Article 101426]. (f) non-human: The incident primarily affected the privacy of users' personal data and did not involve any impact on non-human entities [Article 101448, Article 101465, Article 101426]. (g) no_consequence: The software failure incident had real consequences related to data privacy breaches, with users being able to access other patients' confidential information [Article 101448, Article 101465, Article 101426]. (h) theoretical_consequence: The potential consequences discussed in the articles included the breach of doctor-patient confidentiality, the sharing of private information with strangers, and the sensitivity of medical data being compromised [Article 101448, Article 101465, Article 101426]. (i) other: There were no other specific consequences mentioned in the articles beyond the breach of data privacy and potential compromise of sensitive medical information [Article 101448, Article 101465, Article 101426]. |
| Domain | information, health | (a) The failed system was related to the information industry as it involved a data breach in a GP video consultation app, allowing users to see other patients' appointments and consultations [101448, 101465, 101426]. (j) The failed system was also related to the health industry as the software error led to a breach of doctor-patient confidentiality in a healthcare-related app [101448, 101465, 101426]. |
Article ID: 101448
Article ID: 101465
Article ID: 101426