Sweden’s Patient Hotline in Major Privacy Snafu

Millions of highly sensitive audio files linked to a Swedish healthcare hotline have been left exposed online for several years, in what could be a major breach of the GDPR. The 2.7 million files in question amount to 170,000 hours of calls, dating back to 2013 and left on an open Apache web server with no password protection, according to local reports. The calls, recorded for quality assurance purposes, detail highly sensitive information on illnesses and, in some cases, social security numbers, as well as saved phone numbers for around 57,000 callers. The 1177 Healthcare Guide (Vårdguiden) service is run by government contractor MedHelp, which sings the praises of the service on its website. It appears to have outsourced the operation of the service to MediCall, a Thai-based but Swedish-owned company, which used cloud-based call system Biz 2.0 from Voice Integrate Nordic AB. When informed of the privacy snafu, the CEO of MediCall, Davide Nyblom, refused to believe that the incident had occurred, although Voice Integrate Nordic boss, Tommy Ekström, was more concerned.