Third Party Storage of Swedish Medical Hotline Calls Breached

2019, Breaches, February

Who: Swedish National Health Service

# of Records: 2.7 Million

When it occurred: Dating back to 2013

What Happened: An estimated 2.7 million medical hotline phone calls were discovered to have been left open by an unprotected NAS (network attached storage) system and were accessible without a password or any authentication

How it Happened: A sub-contractor MediCall (Sweden), which uses Biz 2.0, a cloud-based call center system supplied by Voice Integrate Nordic AB maintained the data on an unprotected NAS (network attached storage) system that was accessible without a password or any authentication. The NAS device, and rather outdated on software. Other examples include unencrypted administration of an exposed router, exposed log management solutions, and much else.

Outcome: This is likely the worst privacy breach in Sweden in modern times. The Swedish Data Protection Authority (Datainspektionen) confirmed that it was aware of the incident and intended to investigate.

Malcare WordPress Security