Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Security

2.7 Million Patient Phone Call Recordings Left Exposed Online (thenextweb.com) 45

Slashdot reader krenaud tipped us off to this story from The Next Web: The audio recordings of 2.7 millions calls made to 1177 Vardguiden -- Sweden's healthcare hotline -- were left exposed to anyone online, according to Swedish tech publication Computer Sweden. The 170,000 hours of incredibly sensitive calls were stored on an open web server without any encryption or authentication, leaving personal information completely exposed for anyone with a web browser....

The calls included sensitive information about patients' diseases and ailments, medication, and medical history. Some examples had people describing their children's symptoms and giving their social security numbers. Some of the files include the phone numbers the calls were made from. Around 57,000 numbers appear in the database and many of those are the callers' personal numbers, making it easy to match information with a particular person.

When reached for comment, the CEO of the subcontractor receiving the calls "denied it happened."
This discussion has been archived. No new comments can be posted.

2.7 Million Patient Phone Call Recordings Left Exposed Online

Comments Filter:
  • Just like with the ongoing barrage of S3 'leaks', this is only an issue because it's too easy to accidentally enable public file listings in servers.

    • by Anonymous Coward

      The calls should not have been recorded in the first place.

      • I'm going to take a wild guess that the calls were recorded for one of (or perhaps all) of the following reasons:

        1. Government mandate. We are talking government-run healthcare, after all, and we know how governments love to keep treasure troves of data on its citizens.
        2. Liability, especially in a malpractice suit. You can show that the caller didn't "provide enough information to allow for proper advice to be administered, so, your honor, the heart attack isn't our fault."
        3. Quality assurance and training

  • by Anonymous Coward

    "However, it seems the leaked calls were all made to 1177 Vårdguiden’s subcontractor Medicall — a Thailand-based company owned by Swedes. When asked about the breach, Medicall CEO Davide Nyblom denied it happened despite the overwhelming contradictory evidence."

    -Start right there.

  • by PKFC ( 580410 ) <pkfc@NoSpAM.hotmail.com> on Sunday February 24, 2019 @03:59AM (#58171784)

    It's a good thing that the recordings are obfuscated in Swedish. We'll never be able to decrypt that

  • by mentil ( 1748130 ) on Sunday February 24, 2019 @05:16AM (#58171868)

    Let's face it: it's all out there by now. Everything. Whatever can be harvested or datamined has been, and all of that has been subsequently leaked/stolen/sold.

    • But if everyone has our data shouldn't that devalue it?

      I'd like to think so, but we keep generating new data. It's getting harder and harder to convince businesses who demand an e-mail address that I really don't have one. Or I have to make one up. I wonder if I ever made up a valid e-mail address that belonged to someone else. Sorry about the spam if I did.

  • by fuzzyf ( 1129635 ) on Sunday February 24, 2019 @05:19AM (#58171874)
    This one is well above average when it comes to pure stupidity

    This writeup highlights some of the mind-boggling explanations from management:
    https://medium.com/@rikardhjor... [medium.com]

    My favourite:
    "That someone probably, when updating at some point, seen that there was a free networking cable slot, and I guess they thought, some technician: ‘Aha, there should probably be a cable here, but it fell out [sic]’, and then they have connected a networking cable, so that it’s become connected to the Internet. That is just, like, how you do these things" - CEO of Voice Integrate Nordic AB
    • by Anonymous Coward

      If it were the case he and everyone associated with this just signed their own professional death warant. How in the hell do you put a server (assuming it was one and not a cluster), in a datacenter where people are permitted to do that? The datacenter would be entirely liable. That doesn't even get into why in the hell their switches are not locked down which would have also prevented his excuse.

      Who am I kidding. We've outsourced Health care in Canada too and is fucking disgusting how little Telus (

      • by fuzzyf ( 1129635 )
        It's wrong on so many levels.
        Almost makes it funny, if it wasn't so serious.
  • by Anonymous Coward

    Come on, it can't be that hard to get accents right.

  • by Anonymous Coward

    The new Cortana nurses aide smart assistant, trained on an unknown medical corpus, speaks with a Swedish accent

  • by Anonymous Coward

    Don't worry. The responsible party, Medhelp, are springing into action. They have filed a police report against Computer Sweden for the intrusion.

One good suit is worth a thousand resumes.

Working...