Patient calls to Swedish healthcare hotline left unprotected online

A server that was used to store recordings of phone calls made to a Swedish “healthcare hotline” has reportedly been found exposed online without password protection.  The service provided medical advice via a national health service telephone line.  

170,000 hours of calls containing highly personal information were reportedly stored on an open web server without any encryption or authentication. The server contained recordings of conversations going back to 2013.   

The calls included sensitive information about patients’ diseases and ailments, medication, and medical history, and many of the calls were stored alongside telephone numbers.  

The Swedish Data Protection Authority told the BBC: “If the reports in the media are correct, we view this incident as very serious since it involves sensitive personal data about many people for a long time. We intend to do a supervision of this incident. We have not formally initiated the supervision yet, though.” 

Any organisation that deals with sensitive personal information is at a higher risk of being targeted by malicious actors.