Third Party Storage of Swedish Medical Hotline Calls Breached

2019, Breaches, February

Who: Swedish National Health Service

# of Records: 2.7 Million

When it occurred: Dating back to 2013

What Happened: An estimated 2.7 million medical hotline phone calls were discovered to have been left open by an unprotected NAS (network attached storage) system and were accessible without a password or any authentication

How it Happened: A sub-contractor MediCall (Sweden), which uses Biz 2.0, a cloud-based call center system supplied by Voice Integrate Nordic AB maintained the data on an unprotected NAS (network attached storage) system that was accessible without a password or any authentication. The NAS device, and rather outdated on software. Other examples include unencrypted administration of an exposed router, exposed log management solutions, and much else.

Outcome: This is likely the worst privacy breach in Sweden in modern times. The Swedish Data Protection Authority (Datainspektionen) confirmed that it was aware of the incident and intended to investigate.