2.7M recorded medical calls, audio files left unprotected on web

Every call made to 1177 Swedish Healthcare Guide service since 2013, and answered by the subcontractor Medicall, was stored as WAV or MP3 audio files on a server that had no encryption or authentication protection.

2.7M recorded medical calls, audio files left unprotected on web
metamorworks / Getty Images

“Your call is very important to us,” you often hear while being put on hold. But calls were clearly not important to the Swedish Healthcare Guide service – at least not important enough to protect the personal privacy or safety of Swedish patients. IDG’s Computer Sweden revealed that 2.7 million recorded calls made to the 1177 national health service were left completely unprotected on a server.

Every call made to 1177 since 2013, and answered by the subcontractor Medicall, was stored as WAV or MP3 audio files on a server that had no encryption or authentication protection. As b9AcE on Twitter pointed out, that adds up to “170,000 hours of sensitive phone calls with symptoms, etc.,” which anyone with the right IP address could have accessed. Some of the audio files, which were marked with the callers’ telephone numbers, included the Social Security numbers of children and adults and specific health-related symptoms.

Medicall reportedly “uses Biz 2.0, a cloud-based call center system that is delivered by the Swedish company Voice Integrate Nordic AB.”

Tommy Ekstrom, CEO of Voice Integrate Nordic, told IDG, “This is catastrophic, It’s sensitive data. We had no idea that it was like this. We will, of course, review our systems and check out what may have happened.”

Other cybersecurity news

Chinese and Iranian hackers step up attacks on U.S. companies and government agencies

The New York Times reported that Chinese and Iranian hackers have renewed attacked on U.S. companies and government agencies. Iranian attackers have recently hit “American banks, businesses and government agencies more extensively than previously reported.” Chinese government-sponsored hackers stepped up attacks to steal trade and military secrets from “American military contractors and technology companies.”

Krebs on Security also documented some of the recent DNS hijacking attacks.

Facebook labeled ‘digital gangsters’ willing to ‘override users’ privacy settings’ to make mula

It’s about time. Facebook and its executives were labeled as “digital gangsters” in a report after an 18-month investigation into disinformation and fake news. British lawmakers also accused Facebook of having “intentionally and knowingly violated both data privacy and anti-competition laws.” Citing documents that had once been secret, the U.K. alleged that “Facebook for years was willing to ‘override its users’ privacy settings’ as part of a broader campaign to maximize revenue derived from such sensitive information.”

Elsewhere, in an interview about misinformation and fake news that was published on Nautilus, philosopher of science Cailin O’Connor suggested, “Maybe we should have something like a ministry of information to decide what’s true.” That’s quite a terrifying idea, but hopefully it was supposed to be a joke as was suggested by a commenter on Hacker News.

New round of hacked databases up for sale on dark web

ZDNet’s Catalin Cimpanu reported on the third round of hacked databases going up for sale on the dark web. The latest sale includes “eight more hacked databases containing data for 92.67 million users” – including users from GfyCat.

Isn’t it ironic?

After Australia’s major political parties were hacked by a “sophisticated state actor,” respected crypto expert Matthew Green pointed out that:

Also, Brad Parkinson, one of the engineers who helped develop GPS, didn't foresee the technology being used for the mass tracking of individuals via smartphones. In fact, he told Forbes, “I don’t like that at all. It’s not that I’m doing something that is illegal—I just don’t like the idea of continuously being tracked by anybody.” 

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!