March 8, 2019
Recently Sweden experienced its most extensive data leak in history. February 18th the Swedish newspaper Computer Sweden announced that the Swedish Healthcare Guide service called “1177” was found to have a server exposed on the internet. This server listed an estimated 2.7 million files with recordings of phone calls between 2013 and 2018. 1177, which is the actual phone number, works as a hotline for people seeking medical advice. It’s a public service that is free for all Swedish citizens and is used on a large scale.According to Stefan Thelberg, security expert and CEO at Holm Security, the 1177 leak could have easily been avoided if basic security measures had been in place – not least solutions that have been on the market for over 20 years and could be implemented in 10 minutes. He believes that the county council that ordered the service from a company called Medicall, should have ensured that these basic security functions were in place.
Since the introduction of the new EU directive NIS (Network and Information Security) in 2018, organizations carrying critical services have a legal requirement to work risk-based and systematically with their IT security. A natural part of this work is to continuously ensure that no systems have vulnerabilities – regardless if it’s outsourced.
According to the Swedish newspaper Dagens Nyheter, one of the subcontractors, Voice Integrate Nordic AB, announced that the leak occurred when a network cable accidentally was connected to the server where the 1177’s recordings were stored. Thereby, it got a direct connection to the internet and was accessible for anyone. However, Stefan is not convinced about this explanation.
The incident was reported as a GDPR incident to the Swedish Data Protection Authority (“Datainspektionen”) and is likely to result in fines for the county.