2.7 million patient calls to Swedish healthcare hotline were exposed on the Internet. Up to 170,000 hours of call audio containing extremely sensitive information is stored on an open web server without any encryption and authentication, meaning that any user on the Internet can fully access this personal information through a web browser.
Swedish tech publication Computer Sweden said that it has listened to some of the recorded information, including sensitive information such as the patient’s illness, current medications, and related medical history. Even in some calls, it is required to describe the child’s symptoms and ask for their social security number.
Some of the personal phone numbers for these calls are also included in files. Approximately 57,000 numbers appear in the database, many of which are caller’s personal numbers, so information can be easily matched to specific people. It is unclear how long these calls are available, who should be responsible for the violations, and whether any bad malicious members have accessed the information.
However, it seems that these leaked calls were sent to Medicall, a subcontractor of 1177 Vårdguiden, a company founded in Sweden by a Swedish. Mikko Hypponen, chief risk officer of Finnish security technology company F-Secure, said in a tweet
— @mikko (@mikko) February 18, 2019
Source, Image: Computer Sweden