On my machine Google translate seems to "boot-loop" that site because of the cookie settings so I'll just do this:<p>Files were stored on a server using HTTPS but requiring no credentials. <a href="http://188.92.248.19:443/medicall/" rel="nofollow">http://188.92.248.19:443/medicall/</a>
Part of the calls were saved as .mp3s with the customers phone number as file name.
CEO when confronted wouldn't believe it and hung up when the reporter asked if he could play one of the tapes.<p>The articles states that the server was a NAS (nas.applion.se).<p>All files have been available since 2013.<p>When calling 1177, there's no need to identify yourself with your personal identity number. You can if you want to if your medical history is of significance to your call.<p>Source: Am swede and this article... <a href="https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet" rel="nofollow">https://computersweden.idg.se/2.2683/1.714787/inspelade-samt...</a><p>And I want you guys to hear it from me before you hear it on the streets... I once called 1177 wanting to order a new pair of knees because one of mine hurt. The nurse who answered had a good laugh.
There are quite a few hosts responding on port 80 in the 188.92.248.0/21 subnet, including versions of httpd and php over a decade old. I wouldn't be surprised if there are more things unsecured. Yikes.
Let's talk legal ramifications.<p>The cause of technical breaches falls onto a sliding scale in my mind. That scale goes from pure technical negligence to overbearing technical complexity.<p>This breach seems like pure negligence. In a surgery this wouldn't be "complications", it would be malpractice. Does GDPR protect those breached here? What recourse do these people have?<p>We really need to change the narrative around data. It should be a liability. Unlike other disruptions software drives, this will need to be driven by governments.
Either me, my girlfriend or both of us are in those phone calls.<p>I feel absolutely betrayed by the state. I always knew that Sweden's obsession with medical data collection would back-fire but audio recordings? That's just too much.<p>I hope everyone involved gets sued into oblivion!
Yep. My calls with personal identification number are absolutely in there, with list of 10+ medications, and medical history including genetic disorders and other things.<p>Imagine becoming a public person in the future with random russian mobs blackmailing me based on me and my family's medical history.
Latest news: The company with the security breach reports the reporter and news organization to the police for unauthorized entry into their computer system:<p><a href="https://www.dn.se/sthlm/medhelp-polisanmaler-tidningen-computer-sweden/" rel="nofollow">https://www.dn.se/sthlm/medhelp-polisanmaler-tidningen-compu...</a>
Seeing posts like this remind me of a nice quotation I saw somewhere, which is like "all data will eventually be either public or gone forever". Unfortunately my search skills are insufficient to find the exact wording or author.
Original source: <a href="https://computersweden.idg.se/2.2683/1.714790/1177-lackan-integritetshaveri" rel="nofollow">https://computersweden.idg.se/2.2683/1.714790/1177-lackan-in...</a>
So, who thought it was a good idea to record these in the first place and then to store them on an internet facing server? It doesn't surprise me one bit though.
Why would you even record these calls indefinitely, without a deletion schedule?<p>Were they recording <i>all</i> calls, not just a subset to be audited for customer service?<p>Why not have an auditor listen to the call live and destroy the recording if everything is done by the book and evidence need not be retained?
The site hosting this seems to be dead, probably from the load but hopefully from action taken by the company now that it's public knowledge. Does anyone have a list of the affected phone numbers? I would like to check if mine is in there
I'm not clear on why medical records are so sensitive. I can understand some people might want to hide HIV status - but is there anything else? In the US people have wanted to hide prior conditions from insurance companies, but I wouldn't expect this a problem in Sweden.