Millions of medical calls exposed online
- Published
Millions of calls made by Swedes seeking medical advice via a national health service telephone line have been exposed online.
Some 2.7 million conversations dating back to 2013 were uncovered by technology news site Computer Sweden, external on an unencrypted web server.
It amounted to 170,000 hours of sensitive calls about symptoms and medications.
The Swedish data protection authority is currently investigating.
"We were absolutely astounded by what we found on there. People talking about their symptoms, diseases, their kids' illnesses, giving out their social security numbers. This data is as private as it gets," explained Marcus Jerrang, editor-in-chief at Computer Sweden.
He said that access to the website is currently blocked.
Sweden operates a national advice line - 1177 - run by a firm called Medhelp.
In turn, this Swedish firm subcontracts out-of-hours calls to Medicall.
Medicall had not responded to requests for comment from the BBC.
Mr Jerrang told the BBC that a brief conversation between the reporter who uncovered the website and Medicall chief executive Davide Nyblom ended with him denying such a breach was possible and then hanging up when the reporter offered to play one of the files.
According to security expert Mikko Hypponen the phone calls were stored as Wav audio files on a completely unsecured server.
"This will be an interesting story to follow... this is sensitive personal data," he tweeted.
Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.
It is unclear whether the breach has been reported, something required under Europe's General Data Protection Regulation.
The Swedish Data Protection Authority told the BBC: "If the reports in the media are correct, we view this incident as very serious since it involves sensitive personal data about many people for a long time. We intend to do a supervision of this incident. We have not formally initiated the supervision yet, though."