2.7 Million Patient Phone Call Recordings Left Exposed Online

Slashdot reader krenaud tipped us off to this story from The Next Web: The audio recordings of 2.7 millions calls made to 1177 Vardguiden -- Sweden's healthcare hotline -- were left exposed to anyone online, according to Swedish tech publication Computer Sweden. The 170,000 hours of incredibly sensitive calls were stored on an open web server without any encryption or authentication, leaving personal information completely exposed for anyone with a web browser....

The calls included sensitive information about patients' diseases and ailments, medication, and medical history. Some examples had people describing their children's symptoms and giving their social security numbers. Some of the files include the phone numbers the calls were made from. Around 57,000 numbers appear in the database and many of those are the callers' personal numbers, making it easy to match information with a particular person.
When reached for comment, the CEO of the subcontractor receiving the calls "denied it happened."

The contents are safe though

[PKFC]

It's a good thing that the recordings are obfuscated in Swedish. We'll never be able to decrypt that

Re:Well, maybe they should be secret.

[KiloByte]

it's dangerous for the numbered to have their person-numbers be widely known

I got an idea: can't we tattoo the number on left arm? That'd be secure against hacking unless someone sees you or a photo without a long sleeve.

Other ideas would be the forehead (never tried AFAIK) or right hand (semi-popular as implanted RFID).

Breach Fatigue

[mentil]

Let's face it: it's all out there by now. Everything. Whatever can be harvested or datamined has been, and all of that has been subsequently leaked/stolen/sold.

This is some next level incompetence stuff

[fuzzyf]

This one is well above average when it comes to pure stupidity

This writeup highlights some of the mind-boggling explanations from management:
https://medium.com/@rikardhjor...

My favourite:
"That someone probably, when updating at some point, seen that there was a free networking cable slot, and I guess they thought, some technician: ‘Aha, there should probably be a cable here, but it fell out [sic]’, and then they have connected a networking cable, so that it’s become connected to the Internet. That is just, like, how you do these things" - CEO of Voice Integrate Nordic AB

Secrecy/security is not the issue here

[rundgong]

The Social Security numbers (or directly translated from Swedish, the Personal Number), are not considered secret in Sweden and that is not the issue here. In fact it contains the date of birth and is printed on your drivers license so you can show that when you need to verify your age.

The problem is that they were talking about sensitive medical information, and with the Personal Number you could much easier connect that information to the correct individual. That is the whole issue here.

Re:Well, maybe they should be secret.

[drinkypoo]

If you're looking for one place to put everyone's mark of the beast, er I mean RFID tag or QR code, it clearly has to be somewhere on the head, neck, or upper torso, because all the other parts are optional.

Re: "social security numbers"

[carlhaagen]

Clearly you are the idiot. You're approaching Swedish "person numbers" as if they were and behaved like American social security numbers. They are not. They are unique/complementary numbers used to register and distinguish citizens, but they cannot be used anywhere as valid identification or authority of any form.