Free trial Request quote Contact me
08March
The 1177 leak could have easily been avoided
Recently Sweden experienced its most extensive data leak in history. February 18th the Swedish newspaper Computer Sweden announced that the Swedish Healthcare Guide service called “1177” were found to have a server exposed on the internet. This server listed an estimated 2.7 million files with recordings of phone calls between 2013 and 2018. 1177, which is the actual phone number, works as a hotline for people seeking medical advice. It’s a public service that is free for all Swedish citizens and is used very frequently.
By Carolina Martell Topics: GDPR, General Data Protection Regulation, NIS

According to Stefan Thelberg, security expert and CEO at Holm Security, the 1177 leak could have easily been avoided if basic security measures had been in place – not least solutions that have been on the market for over 20 years and could be implemented in 10 minutes. He believes that the county council that ordered the service from a company called Medicall, should have ensured that these basic security functions were in place.

Since the introduction of the new EU directive NIS (Network and Information Security) in 2018, organizations carrying critical services have a legal requirement to work risk-based and systematically with its IT security. A natural part of this work is to continuously ensure that no systems have vulnerabilities – regardless if it’s outsourced.




“This seems to be a classic case where the client, through subcontractors, lost control of their IT security. It would have taken 10 minutes to set up a standard analysis that had alerted as soon as the exposed archive of files was discovered. The lights should have turned red many years ago preventing this from happening. We are working on finding vulnerabilities for hundreds of governmental organizations and unfortunately, we are not surprised to hear about this leak. This is simply the tip of an iceberg and we can expect there to be many more incidents in the future. Organizations must realize that the responsibility cannot be outsourced, and that IT security need to be a higher priority.”, says Stefan Thelberg.

According to the Swedish newspaper The Daily News (“Dagens Nyheter”), one of the subcontractors, Voice Integrate Nordic AB, announced that the leak occurred when a network cable accidentally was connected to server where the 1177’s recordings were stored. Thereby, it got a direct connection to internet and was accessible for anyone. However, Stefan is not convinced about this explanation:




"A network cable being incorrectly connected sounds unreasonable and it’s most likely the explanation that sounds the least bad. It’s not likely that someone spontaneously connects a network cable without it being prompted by an error. "

The incident was reported as a GDPR incident to the Swedish Data Protection Authority (“Datainspektionen”) and is likely to result in fines for the county.


About the author
Carolina has several years of marketing experience within the IT industry. Carolina has previously worked at COSMO CONSULT and Hitachi Power Tools and holds a degree in Media and Communication Studies from Umeå University.

Carolina Martell
+46 (0)735-14 19 55
carolina.martell@holmsecurity.com