2.7 Million Patient Phone Call Recordings Left Exposed Online

Slashdot reader krenaud tipped us off to this story from The Next Web: The audio recordings of 2.7 millions calls made to 1177 Vardguiden -- Sweden's healthcare hotline -- were left exposed to anyone online, according to Swedish tech publication Computer Sweden. The 170,000 hours of incredibly sensitive calls were stored on an open web server without any encryption or authentication, leaving personal information completely exposed for anyone with a web browser....

The calls included sensitive information about patients' diseases and ailments, medication, and medical history. Some examples had people describing their children's symptoms and giving their social security numbers. Some of the files include the phone numbers the calls were made from. Around 57,000 numbers appear in the database and many of those are the callers' personal numbers, making it easy to match information with a particular person.
When reached for comment, the CEO of the subcontractor receiving the calls "denied it happened."

Secrecy/security is not the issue here

[rundgong]

The Social Security numbers (or directly translated from Swedish, the Personal Number), are not considered secret in Sweden and that is not the issue here. In fact it contains the date of birth and is printed on your drivers license so you can show that when you need to verify your age.

The problem is that they were talking about sensitive medical information, and with the Personal Number you could much easier connect that information to the correct individual. That is the whole issue here.

Re: "social security numbers"

[carlhaagen]

Clearly you are the idiot. You're approaching Swedish "person numbers" as if they were and behaved like American social security numbers. They are not. They are unique/complementary numbers used to register and distinguish citizens, but they cannot be used anywhere as valid identification or authority of any form.