Millions of Private Medical Calls Exposed in Sweden and Why You Should Care

This past week ComputerSweden reported that a Swedish company left 2.7 million recorded calls available on an unencrypted server. The .WAV and MP3 files contained over 170,000 hours of calls to a Swedish HealthCare Guide, this is the equivalent to Phone Information Nurse in the UK or TeleHealth in Canada.

Just because you’re not in Sweden doesn’t mean you’re safe. Unfortunately, this isn’t a unique event! Reuters found the number of healthcare breaches goes up every year, with over 4.4 million records exposed in the 3rd quarter of last year alone.

What was exposed?

Audio files went from 2013 all the way to February 18th, just a day before ComputerSweden broke this leak.

These files contain personal medical histories, phone numbers, and Swedish SSN or SIN numbers. The scary part? All of this is sensitive information that can compromise your financial data as well.

The mistake took place somewhere in a jumble of contracts and subcontracts between the Swedish government, an outsourced Swedish-owned company in Thailand, and cloud servers from Voice Integrate Nordic AB.

Voice Integrate Nordic AB operated unencrypted servers that weren’t even password protected. This means anyone with an internet connection and the right IP address could have accessed the calls between 2013-2019.

The GDPR restrictions throughout Europe will make sure whoever is found to be the most guilty party will face a heavy financial penalty– up to 20,000,000 EUR in fines or 4% of the company’s net sales, whichever is highest.

What is being done?

There’s an investigation being conducted by the Swedish government. The affected regions were Stockholm, Södermanland, and Värmland.

If you live in Sweden you can take proactive measures and go onto the 1177 site for information about your region.

Not in Sweden? Here’s what you need to know.

We’ve seen hackers take control of public infrastructure in an attempt to ransom it to the government. We’ve also seen several international hospitals and healthcare facilities become targets for hacking. We’ve even seen popular TV shows like, Grey’s Anatomy, dedicate a full episode to a ransomware attack on the hospital. So what should you be doing to protect yourself?

Unfortunately, 58% of all healthcare breaches are due to insiders mishandling data, either through negligence or with malicious intent. This means it’s actually healthcare providers, private or public, not hackers who are leaking this health data.

The best thing you can do is take preventive steps to protect yourself against data loss. Here are some easy tips you can do at home to protect yourself:

  • Have strong, complex and unique passwords on all your accounts. If one company is breached, make sure that information can’t unlock your entire life.
  • Install an antivirus like McAfee on your computer. This will prevent viruses from getting on to your computer. Then always run monthly FixMeStick scans to make sure nothing was able to sneak past it.
  • Update that software. We know it’s annoying and very easy to put off for another time, but these updates fix bugs and protect your security.
  • Stay up-to-date with the latest cyber security threats by liking us on Facebook. We also share helpful tips and fun updates from our team here in Montreal!