According to tech site Computer Sweden, which broke the news, all calls handled and recorded by medical advice group MediCall since 2013 were stored on an unprotected server – lacking both password protection and other security measures – making them accessible for anyone to download or listen to.
“The calls date back to 2013 and include 170,000 hours of sensitive conversations that anyone could download or listen to,” the tech publication wrote, adding that it had listened to some of the calls.
“The calls contain sensitive information about illnesses and other ailments that those needing care ask advice about. Those who call talk about their symptoms of course, about the medication they are on, or previous treatments. On many occasions they convey their personal numbers.”
MediCall, which is based in Thailand, has been in charge of handling patient calls to the healthcare hotline 1177 Vårdguiden which have been made from the Stockholm, Södermanland and Värmland regions.
According to Swedish law, the audio recordings are confidential and therefore need to be treated as such.
MediCall's CEO Davide Nyblom told Swedish broadcaster SVT that his company was looking into what had happened.
“It's of course regrettable, but I don't know any details. That's why it's difficult for me to comment more on this right now,” he was quoted as saying.
Swedish Social Minister Lena Hallengren described the news as “serious” and “totally unacceptable”.